All related to current "Adding users for OpenShift Data Science" assembly (https://pantheon.corp.redhat.com/pantheon/preview/latest/833576ff-c1e0-4b75-bffa-aed6722fe34d), but it may be worth splitting this into multiple assemblies (per provider) depending on the complexity of the overall process.

Problem 1:
The information currently provided for RHODS user configuration is not sufficient for easily configuring LDAP as the identity provider.

At minimum we need to link to LDAP configuration and LDAP syncing to ensure customers have the information they need to sync an LDAP group to OpenShift.

• https://docs.openshift.com/container-platform/4.8/authentication/identity_providers/configuring-ldap-identity-provider.html
• https://docs.openshift.com/container-platform/4.8/authentication/ldap-syncing.html

Future fix cloned to RHODS-1815: Ideally we would create an assembly for people who want to configure LDAP auth with all of the required steps, including changing rhods-groups-config to use the RHODS user group that is synced from LDAP. This currently requires cluster-admin permissions in OpenShift, but in future will only require dedicated-admin permissions.

Problem 2:
Documentation doesn't currently mention use of system:authenticated in rhods-groups-config, but this can be used to allow all authenticated users access to JupyterHub. Covered by RHODS-1723.

Problem 3:
Documentation doesn't currently mention the need to restart (re-rollout) JupyterHub deployment config when you alter the rhods-groups-config, but this is required to apply the new configuration

Recommended SME reviewers:

• Chris Chase
• Erwan Granger