Associating Keys To Applications
User keys can be assigned to applications per host, or per user account
- When a host is associated to the application, all the keys on the host are automatically associated to the application.
- When a user account is associated to the application, all keys belonging to that user are automatically associated to the application. Users can be associated by user names and/or user IDs (UID values).
To associate hosts and/or users to applications via the Key Manager GUI, Navigate to the Applications page, and perform an Associate Keys action on the application of your choosing.
Hosts and users can also be associated to applications via the Key Manager command-line client, using
the set-application-rules command:
Generic command example for setting:
$ ssh-mgr-client set-application-rules -A "Example Application 01" \
--hostnames=server01.example.com,server02.example.com
To mass modify users associated to applications, specify the target associations in CSV and use the
update-application-associations command. For example:
$ ssh-mgr-client update-application-associations -a add -f input.csv
Exclusions override inclusions in case of overlaps: users that are matched in both include and exclude directives are excluded.
After user keys are assigned to applications, application owners assigned to those applications can review them via User Portal. Application owners (with the right permissions) can also submit requests for these user keys.
Key Manager does not prevent host-group changes that result in users belonging in multiple applications.
User Portal disallows submitting requests for keys, the owner of which belongs to more than one application. To allow requests on such keys, you must reassign host-group memberships in a way that affected users belong to one application at most.