map.apps User Management

By connecting to map.apps User Management, the following possibilities exist:

  • Assignment of roles for the use of the map.apps Manager

  • Protection of apps

  • Protection of tools

Configuration of the connection

When purchasing the map.apps user management extension, a functionally limited version of security.manager is provided. In the following therefore, settings in security.manager are mentioned.

Operation of map.apps and security.manager on the same host

The following parameters must be added or changed in map.apps Configuration.

security.mode=ONLY_AUTHN

# security.manager adminstration service location
security.administration.url=https://<yourserver>/administration

# Key Store Location.
# This is the path to the keystore (`.keystore` file) shared by security.manager and map.apps
security.keystore.location=C:/data/conterra/.keystore

If further settings for the keystore are changed in security.manager (for example password), these must also be added in the map.apps configuration.

Operation of map.apps and security.manager on different hosts

If security.manager is installed on a different server than map.apps, the keystore file must be copied to the map.apps server.

In addition to the settings described in the previous section, the following parameter must be added or changed in security.manager configuration (whereas example.com is the name of the host where map.apps is installed).

# Hostname of the server running map.apps
security.allowed.hostnames=example.com

Use of the map.apps Manager

To be able to use the map.apps Manager in a SSO scenario with security.manager, it is mandatory to assign the role of a map.apps administrator to the user that should be able to use the map.apps Manager application. To achieve this, it is necessary to create the role maAdmin in security.manager and assign it to the dedicated user.

Using self-registration and password recovery

In order to use the self-registration and/or password recovery options of security.manager, map.apps can be pointed to the security.manager login page (instead of using the integrated login dialog).

Change the following property:

security.login.service.url=https://yourserver/administration/account/login