HCP System Management Help
The Tenant Management Console is a tenant-specific web application that lets you manage tenants and namespaces. The Console shows you tenant and namespace status in real time, so you can effectively monitor activity and take action as needed.
Using the Console, you can modify tenant and namespace settings and perform compliance activities. Changes you make through the Console take effect immediately.
Access to the Tenant Management Console is available only through HTTP with SSL security (HTTPS).
Console access
To use the Tenant Management Console, you need either:
•A user account defined in HCP (either locally authenticated or RADIUS authenticated).
•If the tenant is configured to support Windows Active Directory (AD) authentication, an AD user account for a user that belongs to one or more AD groups for which corresponding group accounts are defined in HCP. In this book, such an Active Directory user account is referred to as a recognized AD user account.
The HCP user account or group accounts specify what you have permission to do in the Console. The menu options, pages, and panels you see in the Console depend on your permissions.
If an AD user belongs to multiple AD groups for which HCP group accounts exist, that user has all the permissions associated with all those group accounts.
For more information on user and group accounts, see About user and group accounts.
Console sessions
A Tenant Management Console session begins when you do one of these:
•Log into the Console using an HCP user account or recognized AD user account.
•Access a Console page while logged into Windows with a recognized AD user account. This is called single sign-on. With single sign-on, you don’t need to explicitly log into the Console.
For single sign-on to work, your web browser must be configured to support it. For more information on this, see Browser configuration for single sign-on with Active Directory.
A session ends when you log out. During a session, you can perform any actions for which you have permission.
During a session, if you don’t take any action for a certain amount of time, the Console displays the Idle Timeout page. If you explicitly logged into the session, the Console automatically logs you out and, when you click on any tab on the Idle Timeout page, displays the login page. If you started the session by using single sign-on, when you click on any tab, the Console displays the requested page. The exact amount of idle time allowed is configurable. For information on setting this value, see Changing user account and login settings.
If you’ve granted HCP system-level users administrative access to the tenant, they can access the Tenant Management Console directly from the HCP System Management Console. Doing so does not start a Tenant Management Console session. Rather, it continues the current System Management Console session, and the configured idle time for that Console applies.
For information on granting this access, see Enabling or disabling system-level administrative access.
HCP management API
HCP includes a RESTful HTTP interface to a subset of its administrative functions. Using this interface, called the management API, you can modify your tenant and create, modify, and delete namespaces, user and group accounts, and content classes for the tenant. Additionally, you can create, modify, and delete retention classes for namespaces owned by the tenant.
You use the Tenant Management Console to enable the management API at the tenant level. For the API to be available, however, it must also be enabled at the system level.
To use the management API, you need a user account that includes the applicable permissions for the actions you want to take.
If the tenant is configured to support Active Directory authentication, applications can also use recognized AD user accounts to access HCP through the management API. To do this, however, an application must use the SPNEGO protocol or the AD authentication header to negotiate the AD user authentication itself. For more information on SPNEGO, see http://tools.ietf.org/html/rfc4559. To provide credentials using the Active Directory authorization header, you use this format:
Authorization: ADAD-username:AD-password
For information on enabling the management API, seeControlling access to HCP through the management API. For information on using the HCP management API, see HCP Management API Reference.
Trademarks and Legal Disclaimer
© 2017 Hitachi Vantara Corporation. All rights reserved.