Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Server Management - Remote Server Management
cancel
Showing results for 
Search instead for 
Did you mean: 

ILO2 SSO problem

sdb_2
Regular Advisor

ILO2 SSO problem

We are using C7000 enclosures and BL460C blades. On the C7000 ILO's, we defined users for the other teams.
With this users they can log on to the ILO of the enclosure and go to the ILO of one particular blade via SSO.

Is it possible to give this operators enough rights to reset the ILO of the blades, without giving them the "administrator - right"?

I can define users in the ILO2 of our blades, but how can I change settings for the "SSO user" from the enclosure?

Thanks in advance
3 REPLIES
acartes
Honored Contributor

Re: ILO2 SSO problem

From the Onboard Administrator, navigate to the Users page, then local users. For each user, there is a matrix of the bays that they have access to, allowing you to restrict certain user accounts from specific bays.

From the same page, the Privilege level can also be configured. This level will translate to corresponding iLO privileges when that account is used to access iLO from the Onboard Adminstrator.
sdb_2
Regular Advisor

Re: ILO2 SSO problem

Thanks, but when I look at this privilege levels, there's only user - operator and administrator.
The user is now an operator, but he can't reset the ILO of the blades.
When I give him the "administrator privilege", he sure can do this but also a lot of other things he shouldn't be able to...

Is there any other way to give the user the right to reset ILO of a blade, while he still is an operator (not an administrator)?
acartes
Honored Contributor

Re: ILO2 SSO problem

The OS to iLO role to privilege mapping is static and does not allow you to create an OA "operator" account that can reset iLO. Only OA "administrator" accounts will have the necessary privilege (configure iLO), and they will also have full rights on iLO.

You may need to create separate accounts on iLO to meet the requirement.