Cloud Services

ModernOps configuration

APIs for LDAP integration
Published On May 16, 2024 - 1:22 PM

APIs for LDAP integration

Learn what APIs are needed to retrieve external IdP groups to Kyndryl Modern Operations Applications.
LDAP/Active Directory integration with Kyndryl Modern Operations Applications enables IdP provider Authentication Protocol type:
LDAP/Active Directory
.
This API integration is valuable to allow the system to retrieve users' group information from external IdP groups. By bringing your external IdP groups to Kyndryl Modern Operations Applications, you will fully enable the capability to map your users groups to Legacy Core Teams in Kyndryl Modern Operations Applications (i.e. assign order approval user and notify external group users by mail).
To access the Developer Console, follow these steps:
  1. Click the
    user profile icon
     in the upper-right side of the Kyndryl Modern Operations Applications portal.
  2. Select
    Developer Console
    .

LDAP configuration

In case of hybrid authorization, where teams are maintained externally, you should bring in your LDAP credentials to the system by using the API below in the configuration service. The
configurationkey
 should be
_ldap_config
 and all the fields under
configurationvalue
 are mandatory.

Step 1

Save the configuration value:
  1. In the Developer Console, from the
    Application
     dropdown menu, select
    core
    .
  2. From the
    Service
     dropdown menu, select
    cb-core-configuration-service
    .
  3. Scroll to the
    Configuration
     section:
  • Method:
     POST
  • API:
    core/configuration/v1/configvalues
  • Body:
     Provide the payload to save the configuration value in application/json format as shown in the following example:

       {  
      "configurationkey": "_ldap_config",  
      "configurationvalue": {    
         "base":"dc=testdomain,dc=com",    
         "host":"ldap.example.com",    
         "username":"readonlyuser",    
         "password":"test",    
         "useSSL": false  
      }
}

Step 2

Add the
authtype config
 to include the initial user details:
  1. In the Developer Console, from the
    Application
     dropdown menu, select
    core
    .
  2. From the
    Service
     dropdown menu, select
    cb-core-authorization-service
    .
  3. Scroll down to the
    Configuration IDP-Authtype
     section:
    • Method:
      POST
    • API:
      core/configuration/v1/authtype/configurations
    • Body:
      Provide the payload to add the configuration value in application/json format as shown in the following example:


{
"initial_system_admin_team_code": "MCMPAdmin",
"initial_system_admin_org_code": "admin_org",
"initial_system_admin_team_external_ref_id": "Admin", [Take it from the external group details page]
"auth_type": "hybrid",
"name": "yourhybrid"}
Once the API is successfully executed, note down the
id
 element in the API's response. This
id
 is needed in the next step.

Step 3

Create the relation between the IdP and the
authtype_config
.
This step should be performed by the external IdP user.
  1. You should already be in the
    cb-core-authorization-service
     APIs, and under the
    Configuration IDP-Authtype
     section.
  • Method:
    POST
  • API:
     core/authorization/v1/configuration/idp
  • Body:
     Provide the payload to create the realtion in application/json format as shown in the following example:
{
"auth_type_id": "abcdef123456789a", [This is the id noted in Step 2]
"idp_id":""  
}
Do you have two minutes for a quick survey?
Take Survey