Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide
SRG-APP-000023-CTR-000055
SRG-APP-000023-CTR-000055
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
SRG-APP-000023-CTR-000055
1 Rule
<GroupDescription></GroupDescription>
OpenShift must use a centralized user management solution to support account management functions.
Medium Severity
<VulnDiscussion>OpenShift supports several different types of identity providers. To add users and grant access to OpenShift, an identity provider must be configured. Some of the identity provider types such as HTPassword only provide simple user management and are not intended for production. Other types are public services like GitHub. These provider types are not appropriate as they are managed by public service providers, and therefore are unable to enforce the organizations account management requirements. Use either the LDAP or the OpenIDConnect Identity Provider type to configure OpenShift to use the organizations centrally managed IdP that is able to enforce the organization's policies regarding user identity management.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>