Policies in the Dymium Platform are determined by using user groups, generally derived from your IAM or IdP.
OIDC Groups
When using OIDC, it is possible to configure the IAM/IdP to send group membership in the token. Some will do this by default. You can map a group sent by the IAM/IdP to a Dymium group, and assign one or more roles to it.
To add a group mapping click "Add mapping"
Enter the name of the group as sent by the IAM/IdP in "Directory group" and enter a name for "Dymium group". This can be the same name.
Select the role or roles for this group. The following roles are available:
- Admin
- The users in with this role have full admin access to the Dymium Admin UI.
- API Developer
- The users with this role can create new APIs using GhostAPI, but cannot deploy them. They can submit their APIs for approval, and an admin has to approve them to be deployed
- Chat User
- The users with this role can use GhostAI and all its functionality
It is possible to create a group without a role. Users without a role can still be assigned access to Ghost Databases, but won't be able to use GhostAI, GhostAPI or any of the admin functionality
OAuth2.0 Memberships
When using Oauth2.0 such as "Login with Microsoft" or "Login with Google", it is required to set up mappings between users and groups as OAuth2.0 does not send group membership. Note that this tab is disabled if the "Login with Microsoft" and "Login with Google" authentication methods are both disabled.
Note that Dymium doesn't store credentials nor does the authentication part.
This is still done by Microsoft or Google, depending on the authentication methodTo get started, click "Add User"
Enter the username, usually an email address and select the groups configured and click "Add".
The user is immediately active