Home
Security
Perform tasks to secure your data on the Spectrum Technology Platform2022.1.0.
Implementing Spectrum Single Sign-on (SSO)
Spectrum Technology Platform provides single sign-on (SSO), leveraging Active Directory Federation Services (AD FS), Ping Identity, and Azure Identity Provider (IDP).
Managing and mapping roles and properties
Spectrum SSO conveniently maps user accounts to admin-assigned credentials.
Set up the Admin role
Users may be mapped to admin roles. Mapped admin-level users will have the same privileges as Spectrum admin-level users, but they will display as non-admin users with basic user role privileges.

Welcome
Perform administrative tasks required to manage the operation of Spectrum Technology Platform on your system.
Getting Started
Configure and run a new installation of Spectrum Technology Platform.
Approval Flows
Define approval flows that data stewards use to review and accept records generated in a job by Exception Monitor.
Security
Perform tasks to secure your data on the Spectrum Technology Platform2022.1.0.
- Security Model
  Spectrum Technology Platform uses a role-based security model to control access to the system.
- Users
  Spectrum Technology Platform user accounts control the types of actions users can perform on the system.
- Roles
  Spectrum Technology Platform comes with these some predefined roles.
- Access Control
  Access control settings work in conjunction with roles to define the permissions for a user. Roles define the permissions for categories of entities, such as all dataflows or all database resources, and access control settings define the permissions for specific entities, called secured entities. Examples of secured entities include specific jobs or specific database connections. For example, you may have a role that has granted the Modify permission to the secured entity type "Dataflows", but you may want to prevent users from modifying one specific dataflow. You could accomplish this by using access control to remove the Modify permission for the specific dataflow you do not want modified. You can specify access control settings for users and roles. Access control settings for a user override that specific user's permissions as granted by the user's roles. Access control settings for roles apply to all users who have that role.
- Security for Spatial
- Limiting Server Directory Access
  You can browse the Spectrum Technology Platform server's folders when performing tasks that require them to select a file. For example, users can browse the server when selecting an input or output file in a source or sink stage in Spectrum Enterprise Designer.
- Using HTTPS
  Secure Socket Layer (SSL) is a protocol that provides security for communications between client and server by implementing encrypted data and certificate-based authentication.
- Web Service Authentication
  Spectrum Technology Platform web services require authentication with valid user credentials. There are two methods for authenticating: Basic authentication and authentication by token.
- Using LDAP or Active Directory for Authentication
  Spectrum Technology Platform can be configured to use an LDAP or Active Directory server for authentication.
- Implementing Spectrum Single Sign-on (SSO)
  Spectrum Technology Platform provides single sign-on (SSO), leveraging Active Directory Federation Services (AD FS), Ping Identity, and Azure Identity Provider (IDP).
  - Configuration assumptions and SSO deployment checks
    We have designed Spectrum SSO to be seamless to end-users. To facilitate this seamless implementation, before you implement SSO, ensure that some specific security features are in place.
  - Server configurations for authentication support
    Spectrum Technology Platform requires you to define specific server-side properties and entities to support SSO authentication through IdP—Active Directory Federation Services (AD FS), Ping Identity, or Azure Identity Provider (IDP).
  - SSO in a clustered configuration
    As part of the setup of SSO in a clustered environment, you must first have your clustering configuration in place.
  - Managing and mapping roles and properties
    Spectrum SSO conveniently maps user accounts to admin-assigned credentials.
    - Set up the Admin role
      Users may be mapped to admin roles. Mapped admin-level users will have the same privileges as Spectrum admin-level users, but they will display as non-admin users with basic user role privileges.
    - Assign the Admin role
      The last step in mapping an admin role is to assign the admin role to certain users or user groups.
  - Mapping LDAP/SSO roles to Spectrum Technology Platform roles
    Before mapping roles, ensure that you have enabled LDAP/SSO authentication.
- Encryption
Data Sources
Configure data sources from which to load and process data in Spectrum Technology Platform2022.1.0.
Spectrum Databases
Manage databases that contain data from trusted data providers. These include databases used by Enterprise Tax, Geocoding, Global Sentry, Universal Addressing, Spatial and Routing.
Services
Access Spectrum Services through a REST or SOAP web service interface.
Flows
Schedule and manage job execution, options, and defaults.
Performance
Perform tasks to get optimal performance from your Spectrum Technology Platform environment.
Monitoring
Monitor system performance and configure notification and use system and audit logs.
Backup and Restore
Schedule or create backups and restore the Spectrum Technology Platform server.
Settings
View and configure Data Stewardship and Context Graph settings.
Administration Utility
Use the Administration Utility Command Line Interface (CLI) to manage Spectrum components and data.
Spectrum properties
Reference information for spectrum-container.properties properties and proxy server settings.
About Spectrum Technology Platform
An overview of Spectrum, its data management architecture, its platform architecture, and its modules and components.

Set up the Admin role

Users may be mapped to admin roles. Mapped admin-level users will have the same privileges as Spectrum admin-level users, but they will display as non-admin users with basic user role privileges.

You can edit the user privileges on the Security page in Spectrum Management Console to display true privileges. Default admin share and user roles do not automatically apply under Spectrum SSO implementation. To apply and display user role permissions, you must set properties for any user that is mapped to the domain user group.

To establish system-wide access profiles, including that of Administrator ("Admin"):

Open the following file in a code editor:
SpectrumDirectory\server\conf\spring\security\spectrum-config-sso-sts.properties
Set the dynamic property to apply admin group permissions at Spectrum server startup:
```
spectrum.security.authentication.idpserver.admin.role=rolename
```
where rolename is the group name for users who will inherit system-level admin permissions.
Log in to the Spectrum JMX console, and search for this property:
```
com.pb.spectrum.platform.common.security.role:mappings=RoleMappings
```
This property manages the mapping of roles to all user groups.

Define the following:

Parameter	Description
`addMapping`	In the `value` field, enter the SSO role value that you want to map to a Spectrum Technology Platform role.
`roleName`	Enter the Spectrum Technology Platform role that you want to map to the LDAP attribute value.

Click Invoke.
Users who have the SSO role will now be granted the role you specified after they log in to Spectrum Technology Platform at least one time.
To remove a mapping, enter the LDAP attribute you want to unmap in the value field in the removeMapping section.