Transitioning Striim users to SSO
If you currently manage your users using Striim, you can transition those users to SSO (SAML authentication). The supported IdPs for managing users through SSO are Microsoft Entra and Okta. When a user is created in SSO, that user they default to the admin of their own namespace, the same as when you create a non-admin user otherwise. After an SSO user is created, if there is a need to change the roles assigned to the SSO user, you as admin can change the user’s roles through the users/roles page, and can assign whichever roles are required.
When transitioning a Striim user to an SSO user, ensure that the new SSO user roles and permission are the same as the current Striim user roles and permissions. To do so, verify that the SSO user has all the roles and permissions on the namespaces that the non-SSO user had.
This procedure transitions a single Striim user to SSO (SAML). For information on scaling this procedure for multiple users using a script, contact Striim support.
The Striim user logs in using SSO (SAML), and the user is created on the first log in using 'just in time' provisioning.
Striim appends a unique ID to the SSO username. The username can't be changed, and is the same as the namespace.
The admin creates a mapping between original user and SAML user, and grants the appropriate roles and permissions.
In this example, the user “originaluser” contained a set of assets in the “originaluser” namespace that were not to be lost by the SAML user. For that reason, the admin grants the SAML permissions on this namespace. Remember, in Striim, your permissions on a particular namespace dictate your CRUD operations with that meta object.
Delete the original user, and verify that the SAML user still has access to deploy, run, and edit the application.
After these steps, the original user is deleted, the SAML user is active, and all assets are preserved.