Configuring User Access to Agent Meshes

Solace Agent Mesh manages access to agent meshes using role-based access control (RBAC). For general information about RBAC for agent meshes, see Role-Based Access Control in the Agent Mesh Enterprise documentation.

Solace Cloud has its own user roles that control access to tools and resources. Solace Cloud has two user roles for Solace Agent Mesh Manager that provide permissions to use Agent Mesh Manager features and view the agent mesh details and settings available in Solace Cloud. For more information, see Agent Mesh Manager Roles and Permissions.

When you create an agent mesh in Solace Cloud, Agent Mesh Manager also creates two RBAC roles for the agent mesh itself, which correspond to the two Solace Cloud Agent Mesh user roles. The user roles in Solace Cloud and the RBAC roles for the agent mesh do not synchronize. Changes made to the RBAC roles for the agent mesh have no impact on the Agent Mesh user roles in Solace Cloud.

If your organization uses single sign-on (SSO) for Solace Cloud, Solace recommends also using SSO for your agent meshes to enable users to log in with their existing organizational credentials. If you don't enable SSO for your agent meshes, users log in to an agent mesh using the role-based credentials set when the agent mesh was created. For more information, see Enabling SSO for an Agent Mesh.

Agent Mesh Manager Roles and Permissions

The level of access you have to Agent Mesh Manager depends on the role you're assigned in Solace Cloud and the permissions granted to that role. Roles can be assigned directly to users or, if your organization has SSO enabled, to user groups. For more information about assigning user roles, see Managing Users, Groups, Roles, and Permissions.

These roles are specific to the features available in Agent Mesh Manager in Solace Cloud. Permissions to use an agent mesh, for example to create components and chat with agents are managed separately for each agent mesh. For more information, see Role-Based Access Control in the Agent Mesh Enterprise documentation.

Administrator

Solace Cloud users with the Administrator role have full access to all Solace Cloud capabilities. Administrators can assign users any role in Solace Cloud. In Agent Mesh Manager, Administrators have the same access as users with the Agent Mesh Manager user role.

Agent Mesh Manager

Solace Cloud users with the Agent Mesh Manager role have full access to all agent meshes in Solace Cloud and Agent Mesh Manager capabilities. They can create, edit, delete, and view the configuration of agent meshes. They can also enable SSO for an agent mesh.

Agent Mesh User

Solace Cloud users with the Agent Mesh User role have only view access for agent meshes in Agent Mesh Manager. They can't create or manage agent meshes in Agent Mesh Manager but they can view all details, including the default credentials, and open the agent mesh in the Agent Mesh web interface where they may have permissions to perform various tasks.

When you create a new agent mesh in Agent Mesh Manager, the agent mesh instance is provisioned with two user roles that correspond to the Solace Cloud roles. You can add more roles or change role permissions individual agent meshes; however these changes have no impact in the roles and permissions in Solace Cloud. For more information about setting user roles and permissions for an agent mesh instance, see Role-Based Access Control in the Agent Mesh Enterprise documentation.

Enabling SSO for an Agent Mesh

If SSO is enabled for Solace Cloud, Solace recommends also using SSO for your agent meshes so users can authenticate with both Solace Cloud and your agent mesh using SSO. If you do not enable SSO for an agent mesh, every user logs in to the agent mesh with one of the two usernames and passwords provided by Solace Cloud. All work and chats are shared between all users sharing the same credentials.

When you enable or disable SSO, the agent mesh must restart.

To configure SSO for your agent meshes, you must first meet these prerequisites:

• Enable single sign-on for Solace Cloud.
• Manage your users, groups, roles, and permissions to give users an appropriate Agent Mesh Manager Roles and Permissions.

For more information about using SSO with Agent Mesh Enterprise, see Enabling SSO in the Agent Mesh Enterprise documentation.

To enable SSO for an agent mesh, perform these steps:

1. Log in to the Solace Cloud Console if you have not done so yet. The URL to access the Cloud Console differs based on your authentication scheme. For more information, see Logging In to the Solace Cloud Console.
2. On the navigation bar, select Agent Mesh Manager.
3. At the top-left, select the environment containing the agent mesh.
4. Click the name of the agent mesh you want to view.
5. Select the Manage tab.
6. In the Single Sign-On Configuration panel, click Enable.
7. Click Enable SSO.
8. Click Copy to copy the agent mesh URI to your clipboard so you can add it to your IdP.
9. Update your IdP settings as required.

The agent mesh restarts for the change to take effect. Requests to the agent mesh may be interrupted during restart.

Disabling SSO for an Agent Mesh

Disabling SSO for an agent mesh in Solace Cloud stops users from logging in to an agent mesh using SSO. When SSO is disabled, users log in to the Agent Mesh web interface using the credentials provided on the Details tab for the agent mesh. The credentials are visible only when SSO is disabled. For more information, see Viewing Agent Mesh Details.

To disable SSO for an agent mesh, perform these steps:

1. On the navigation bar, select Agent Mesh Manager.
2. At the top-left, select the environment containing the agent mesh.
3. Click the name of the agent mesh you want to view.
4. Select the Manage tab.
5. In the Single Sign-On Configuration panel, click Disable.

The agent mesh restarts for the change to take effect. Requests to the agent mesh may be interrupted during restart.