Skip to main content
Pentaho Documentation

Introduction

Your predefined users and roles can be used if you are already using a security provider such as LDAP, Microsoft Active Directory, or Single Sign-On. These articles guide you through the process of configuring third-party security frameworks for the Pentaho BA Server.

If you are evaluating Pentaho or have a production environment with fewer than a hundred users, you may decide to use Pentaho default security.

Prerequisites

Before you can implement advanced security, you must have installed and configured the BA Server. If you chose to install the DI server and its design tool, there is a separate section for configuring them.

Expertise

The topics within this series of articles are written for security administrators with knowledge of the security provider to be used, details about their user community and a plan for which roles to use in the Pentaho system, and how to use the command line to issue commands for Microsoft Windows or Linux.

Tools

We provide a web application, the User Console, which you use to perform most security tasks. Some of these security tasks require that you work on the actual machine that has the BA software installed.

Login Credentials

All of the tasks that use the User Console, Administration page, require that you log on to the User Console with the Pentaho administrator user name and password.

Related Articles

These articles explain how to administer, fine-tune, and troubleshoot Pentaho systems.

For BA only:

For DI only:

Security Overview

We support two different security options: Pentaho Security or advanced security providers, such as LDAP, Single Sign-On, or Microsoft Active Directory. This table can help you choose the option that is best for your environment.

 

Table 1. Security Decision Table
Explore Considerations Choose Options
Pentaho Security Advanced Security Providers—LDAP, Single Sign-On, or Microsoft Active Directory
Summary Pentaho Security is the easiest way to configure security quickly. The User Console enables you to define and manage users and roles. The BA Server controls which users and roles can access web resources through the User Console or resources in the Pentaho BA repository.

Pentaho Security works well if you do not have a security provider or if you have a user community with less than 100 users.

If you are already using a security provider, such as LDAP, Single Sign-On, or Microsoft Active Directory, you can use the users and roles you have already defined with Pentaho. Your security provider controls which users and roles can access Pentaho web resources through the User Console or resources in the BA repository.

Advanced security scales well for production and enterprise user communities.

Expertise Knowledge of your user community and which users should have which roles in the Pentaho system. Knowledge about security in general is not required. Knowledge of your user community and which users should have which roles in the Pentaho system. Knowledge about your particular security provider and its options is required.
Time It takes approximately 5 minutes per user and role to configure Pentaho Security. It takes approximately 1 hour to configure the BA Server to use your existing security provider.
Recommendation Recommended for the Pentaho Trial Download, evaluating, and rapid development. Recommended for production.