Post-Deployment Optional Application Configuration
This section provides details on post-deployment configurations of Syndeia Cloud.
Administrator Access
A Syndeia Cloud installation allows offers at least one super-user administrator account.
The initial setting for the administrator account is name: super.user
 and password: syn45ia
To prevent accidental system lock-outs, the designated super user account cannot be deleted.  Â
 We strongly recommend changing the super.user password from the default, and adding to a secure password vault so your admin team can retrieve it later.
Advanced Authentication Methods
Syndeia Cloud (SC) currently supports 3 different types of authentication mechanisms:
Local Authentication : best for small-size organizations that do not have a central directory service (supported automatically out-of-the-box and required for administrative operations)
LDAP Authentication : best for medium-size organizations that (typically) have an internal-only directory service
SAML2 Authentication : best for large-size organizations that have multiple web-based applications needing centralized control over more sophisticated authentication methods (typically supporting 2-Factor Authentication (2FA) / Multi-factor Authentication (MFA), Common Access Control (CAC) cards, SMS, etc. ) and authorization control
A SC administrator should select an authentication mechanism based on their organizational requirements and review the relevant configuration pages below for further steps:
Managing Users
A typical Syndeia Cloud deployment will most likely have application users beyond just the super.user
. Take this time to go through the provisioning process for those users. Depending on the Authentication Method chosen, the steps differ slightly. For any of the methods below, please see the User Management - Web Dashboard page to perform these operations:
Local Authentication : Create accounts individually in the Web Dashboard’s User Management page
LDAP Authentication : Once SC has had LDAP successfully configured, you can either:
A: invite those users to login to SC. Once the user has logged in for the first time, an LDAP profile will be auto-created for them and the user will appear in the Web Dashboard. You can then go and modify their permissions from the default Read-only permissions.
B: Pre-create those users using their email addresses in the Web Dashboard.
SAML2 Authentication : Once SC has had SAML successfully configured, you can either:
A: invite those users to login to SC. Once the user has logged in for the first time, a SAML2 profile will be auto-created for them and the user will appear in the Web Dashboard. You can then go and modify their permissions from the default Read-only permissions.
B: Pre-create those users using their email addresses in the Web Dashboard.
Note, there is currently no bulk user creation operation in SC (this is currently being implemented), however it is possible to bulk modify user permissions
Repository Configuration
A deployed Syndeia Cloud application provides the most benefit when linked to the various supported external Repository types, ex: Aras Innovator, Atlassian Bitbucket/Confluence/JIRA, jFrog Artifactory, GitHub, etc. A super.user
by default has the REPOSITORY_CREATE
permission to add/define external Repositories. However, depending on who is an administrator for that external repository, you may or may not have access to add them.
If you do have credentials, please add them in the Web Dashboard by following the steps provided at Repositories - Web Dashboard
If you do NOT have credentials, please invite a user or admin of the relevant external repository to sign-in to add it
Syndeia Cloud only acts as a proxy for each individual user when it accesses any external Repository. Each user has to supply their specific credentials for each repository that they interact with either directly or through Syndeia.
Syndeia Cloud does NOT store those credentials into its database.
To manage your access to individual repositories, see Repositories - Web Dashboard
JWT Token Signing Algorithm 3.6 SP1
Starting with Syndeia 3.6 SP1, Syndeia IT admins may select RS256 instead of the default HS256 as the signing algorithm for JWT tokens generated by Syndeia Cloud during authentication. This may be especially required for enabling FIPS mode.
Open the
silhouette.conf
file located inweb-gateway/conf
in the Syndeia Cloud deployment.Change the default value of the setting
authenticator.signingAlgorithm
fromHS256
toRS256
.Add a valid PEM certificate with both the private and public key as the value of
authenticator.sharedSecret
setting, as shown in lines 28-33 in the screenshot below. Use triple quotes (“““) to enclose the multi-line value.Comment out the
authenticator.sharedSecret
setting shown in line 35. There should be only one entry forauthenticator.sharedSecret
setting.Save the file and restart the web-gateway service.
Â