Configure the identity fabric

The Maverics identity fabric includes an identity provider and optional attribute providers. Maverics identity providers integrate with several OIDC and SAML legacy and cloud identity providers and leverage them as either authentication providers or attribute providers. Some identity systems act as both authentication and attribute providers.
Attribute providers enable Maverics to act as a source of user attributes. Attribute providers can be leveraged to enhance a user's profile with additional data from multiple sources to provide a richer user experience.
Production environments should use a secret management solution. Maverics integrates with various secret management solutions, which store secrets that Orchestrator instances load when starting up.

Best practices

Setting up Amazon Cognito

We recommend setting up a separate user pool, app client, and user name in Cognito for use in Maverics. From Cognito in your AWS console, follow steps 1 and 2 in Amazon's Cognito Getting Started Guide to create a user pool and add an app client.
When setting up the user pool, we recommend leaving all of the options at their default setting except for the following:
  1. 1.
    On the Configure sign-in experience page, select Email as the sign-in option.
  2. 2.
    On the Integrate your app section:
    • Under Hosted authentication pages, select Use the Cognito Hosted UI.
    • Choose a Cognito domain prefix, (for example, strata-maverics-sonar-app).
    • Under Initial app client, select Other - A custom app. Choose your own grant, auth flow, and client-secret settings.
    • Enter an app name, like Sonar-app.
    • Ensure Generate a client secret is selected under Client secret.
    • Under Allowed callback URLs, enter https://localhost/oidc
    • Add Allowed logout URLs, enter https://localhost/oidc/logout
    • Ensure that the OpenID Connect scopes field contains email, openid, and profile.
  3. 3.
    Scroll to the bottom and click Create user pool.
  4. 4.
    After you have created the user pool and you have been redirected to the User pools page, click the user pool you have just created.
  5. 5.
    Make a note of the User Pool ID and AWS region.
  6. 6.
    Go to the App integration tab and scroll down to the App client list. Click the app name.
  7. 7.
    On the app client page, copy the Client ID and Client secret.
  8. 8.
    Go back to the user pool page. In the Users section, click Create user and follow the instructions.
  9. 9.
    Make a note of the email address used for the username.