Idea ID: 2684923

OBM access control with initString (SSO)

Status : Declined
over 1 year ago

The OO interface of OBM supports automatic runbook execution via the integration user. To configure an OO flow in OBM a trusted relationship is required.

A trusted relationship allows users to login to any other system of the trusted systems domain without any check. Known users of a system can be configured on the other systems. These users are able to logon using the permissions on the destination system. This is a security risk because of missing access control.

In OMi 9 it was possible to modify the initString without effecting the automatic runbook execution.

In OBM 2018.11, if an OO flow is configured using same initString between OBM and OO the automatic runbook execution shows the configuration.

After init string change on OBM the automatic runbook execution shows an incomplete configuration. The OO flow is not visible. The configuration cannot be edited.

The request is to have an option like changing the initString so that the integration is still fully working on OBM but restricting access on OBM for OO.