OpsRamp provides a rich set of capabilities to help you manage users' access to OpsRamp. Access controls encompass these areas:
- Authentication: How users are authenticated to access OpsRamp.
- Role-based Access Control: What permissions an authenticated user has within OpsRamp.
OpsRamp supports the following authentication options.
Native user management and authentication
OpsRamp comes with built-in user management and authentication. You can create user accounts and provide authenticated access using OpsRamp native authentication capability.
Single Sign-On (SSO)
OpsRamp integrates with several SAML compliant SSO providers. OpsRamp user accounts can be authenticated against these SSO providers.
OpsRamp supports multiple two-factor authentication options for more security. Two-factor options include support for:
- Time-based One-Time Password (TOTP)
- FIDO Universal 2nd Factor (U2F) based solutions.
Role-based access control
Using roles, you can control what actions an authenticated user can do within OpsRamp. You can restrict users' access in terms of:
- Resources that a user can manage. For example, a user can only manage network resources.
- Credentials to which a user has access. For example, a user can only view non-admin credentials on servers.
- Actions that a user can take. For example, a user cannot launch a remote consoles.
- Locations (IP addresses) from which a user can access OpsRamp. For example, a user can only access OpsRamp from within the corporate network.