Configuring User Access to Agent Meshes

Solace Agent Mesh manages access to agent meshes using role-based access control (RBAC). For general information about RBAC for agent meshes, see Role-Based Access Control in the Agent Mesh Enterprise documentation.

Solace Cloud has its own user roles that control access to tools and resources. Solace Cloud has two user roles for Solace Agent Mesh Manager that provide permissions to use Agent Mesh Manager features and view the agent mesh details and settings available in Solace Cloud. For more information, see Agent Mesh Manager Roles and Permissions.

When you create an agent mesh in Solace Cloud, Agent Mesh Manager also creates two RBAC roles for the agent mesh itself, which correspond to the two Solace Cloud Agent Mesh user roles. The user roles in Solace Cloud and the RBAC roles for the agent mesh do not synchronize. Changes made to the RBAC roles for the agent mesh have no impact on the Agent Mesh user roles in Solace Cloud.

If your organization uses single sign-on (SSO) for Solace Cloud, Solace recommends also using SSO for your agent meshes to enable users to log in with their existing organizational credentials. If you don't enable SSO for your agent meshes, users log in to an agent mesh using the role-based credentials set when the agent mesh was created. For more information, see Enabling SSO for an Agent Mesh.

Agent Mesh Manager Roles and Permissions

The level of access you have to Agent Mesh Manager depends on the role you're assigned in Solace Cloud and the permissions granted to that role. Roles can be assigned directly to users or, if your organization has SSO enabled, to user groups. For more information about assigning user roles, see Managing Users, Groups, Roles, and Permissions.

These roles are specific to the features available in Agent Mesh Manager in Solace Cloud. Permissions to use an agent mesh, for example to create components and chat with agents are managed separately for each agent mesh. For more information, see Role-Based Access Control in the Agent Mesh Enterprise documentation.

Administrator
Solace Cloud users with the Administrator role have full access to all Solace Cloud capabilities. Administrators can assign users any role in Solace Cloud. In Agent Mesh Manager, Administrators have the same access as users with the Agent Mesh Manager user role.
Agent Mesh Manager
Solace Cloud users with the Agent Mesh Manager role have full access to all agent meshes in Solace Cloud and Agent Mesh Manager capabilities. They can create, edit, delete, and view the configuration of agent meshes. They can also enable SSO for an agent mesh.
Agent Mesh User
Solace Cloud users with the Agent Mesh User role have only view access for agent meshes in Agent Mesh Manager. They can't create or manage agent meshes in Agent Mesh Manager but they can view all details, including the default credentials, and open the agent mesh in the Agent Mesh web interface where they may have permissions to perform various tasks.

When you create a new agent mesh in Agent Mesh Manager, the agent mesh instance is provisioned with two user roles that correspond to the Solace Cloud roles. You can add more roles or change role permissions for individual agent meshes; however, these changes have no impact on the roles and permissions in Solace Cloud. For more information about setting user roles and permissions for an agent mesh instance, see Role-Based Access Control in the Agent Mesh Enterprise documentation.

Enabling SSO for an Agent Mesh

If SSO is enabled for Solace Cloud, Solace recommends also using SSO for your agent meshes so users can authenticate with both Solace Cloud and your agent mesh using SSO. If you do not enable SSO for an agent mesh, every user logs in to the agent mesh with one of the two usernames and passwords provided by Solace Cloud. All work and chats are shared between all users sharing the same credentials.

When you enable or disable SSO, the agent mesh must restart.

To configure SSO for your agent meshes, you must first meet these prerequisites:

For more information about using SSO with Agent Mesh Enterprise, see Enabling SSO in the Agent Mesh Enterprise documentation.

You can also manage SSO settings for all agent meshes from the Account Details. For more information, see Viewing and Managing SSO Settings for All Agent Meshes.

To enable SSO for an agent mesh, perform these steps:

  1. Log in to the Solace Cloud Console if you have not done so yet. The URL to access the Cloud Console differs based on your authentication scheme. For more information, see Logging In to the Solace Cloud Console.
  2. On the navigation bar, select Agent Mesh Manager.
  3. At the top-left, select the environment containing the agent mesh.
  4. Click the name of the agent mesh you want to view.
  5. Select the Manage tab.
  6. In the Single Sign-On Configuration panel, click Enable.
  7. Click Enable SSO.
  8. Click Copy to copy the agent mesh URI to your clipboard so you can add it to your IdP.
  9. Update your IdP settings as required.

The agent mesh restarts for the change to take effect. Requests to the agent mesh may be interrupted during restart.

Disabling SSO for an Agent Mesh

Disabling SSO for an agent mesh in Solace Cloud stops users from logging in to an agent mesh using SSO. When SSO is disabled, users log in to the Agent Mesh web interface using the credentials provided on the Details tab for the agent mesh. The credentials are visible only when SSO is disabled. For more information, see Viewing Agent Mesh Details.

To disable SSO for an agent mesh, perform these steps:

  1. On the navigation bar, select Agent Mesh Manager.
  2. At the top-left, select the environment containing the agent mesh.
  3. Click the name of the agent mesh you want to view.
  4. Select the Manage tab.
  5. In the Single Sign-On Configuration panel, click Disable.

The agent mesh restarts for the change to take effect. Requests to the agent mesh may be interrupted during restart.

Viewing and Managing SSO Settings for All Agent Meshes

You can view the SSO status for all of your agent meshes on the Infrastructure SSO Settings tab in your Account Details. To view and manage SSO status for multiple agent meshes, perform these steps:

  1. On the navigation bar, select User & Account , and then select Account Details.
  2. On the Account Details page, select the Infrastructure SSO Settings tab.
  3. Click Manage Agent Meshes to view SSO details for your agent meshes.
  4. (Optional) To enable or disable SSO, in the Manage Agent Meshes dialog, select an agent mesh from the list and click Actions.
    • Select Enable SSO to enable SSO for the selected agent mesh.
    • Select Disable SSO to disable SSO for the selected agent mesh.

The list of agent meshes contains the following information:

Agent Mesh Name
The name of the agent mesh.
Agent Mesh SSO Status
The status of SSO configuration for the agent mesh. The statuses are as follows:
  • Disabled—No SSO configuration is available on the agent mesh and SSO has been disabled.
  • Enabled— The SSO configuration was successfully updated on the agent mesh and SSO has been enabled. If the URI has been updated on your identity provider, you can use SSO credentials to access the agent mesh.
  • In Progress—An operation to enable, update, or remove the SSO configuration from the agent mesh is in progress.
  • Failed—Enabling, disabling, or updating the SSO configuration failed. A recommendation for an action appears.
Datacenter
The location where the agent mesh resides, which corresponds to the region name selected when you created the agent mesh.
Callback URI
The URI used by your identity provider (IdP) as a redirect URI. You can copy the redirect URIs to your IdP.