Skip to main content

Is it needed to keep the ifsadmin account active in an IFS Cloud installation? After customer has setup users that has admin access, they want to disable it. Do we need to also remove this entry from the yaml file then, or is the account needed from the pods for some reason?

This is a Remote Deployment.

Hi @Malin Norgren,

IFSADMIN is a privileged superuser. As you know, authentication is not tied to WebLogic anymore. Instead, client apps interact with a single container called IFSIAM (IFS Identity and Access Management) to get authenticated. If an issue occurs at the IAM identity provider (Keycloak), you won’t have access to the application until it's fixed. In such a scenario, the IFSADMIN user becomes handy, as it provides a backdoor way to access the application. Do the admin access users have this privilege?


What is the specific privilege the user needs to be granted to have this access?

How is IFSADMIN able to log on if identity provider is not working. 

Instead of ADFS, as the user has setup, ifsadmin will login using db credentials?


Reply