Managing Users and Groups

User and group management in the Admin Portal is an important part of cloud administration, especially in the context of security and control.

Users

To view and manage users, select Administration → Users from portal sidebar.

Each user that has a user account in your Itential Cloud account is shown in the users table. Every user belongs to an identity provider, which is responsible for authenticating that user. All Itential Cloud accounts have a built in identity provider called Local. If you are licensed to use SSO, and SSO has been configured, then you will see additional identity providers.

There are two columns in the users table that require some explanation:

• The Source column gives the name of the identity provider that manages that user. The "Local" Source identifies the built in identity provider.
• The Verified column applies only to users from the Local identity provider:
  • Unverified means the user has been sent an invitation to join the Itential Cloud account but has not logged in yet.
  • Verified means the user has logged in, at least once, and verified their identity.

Adding a New User

You can only add new users to the Local identity provider. If you are using SSO, managing users must be done through your identity provider. To add a new user:

1. Click the + New User button.
2. Enter the user's first name, last name, and e-mail address into the relevant fields.
3. Click Add to add the user, or Cancel to back out.

Editing User Account Settings

To edit the settings for an existing Itential Cloud user:

1. Locate the desired user account in the Users Table.
2. Click the row of the user account, or select Edit from the More (⋮) menu

This will take you to the page specific to that user account. From this page you can:

• Change groups the user belongs by toggling the group switches, and
• Edit details about the user by selecting Edit from the More (⋮) menu.

Click the Save button to save your changes.

Resetting a User Password

To reset the password for a user account from the Local identity provider, select Reset Password from the More (⋮) menu on either the user list page, or the user details page. An e-mail containing a link to reset the account password will be sent to the e-mail address associated with the account.

Password reset for accounts that are managed by an SSO identity provider must done through the identity provider.

Removing a User

The impact of removing a user from your Itential Cloud account depends on the identity provider that manages that user account.

If you remove a user managed by the Local provider, that user is permanently deleted from your Itential Cloud account and will not be able to log in.

If you remove a user managed by an SSO provider, that user will be removed from your Itential Cloud account, but they will still exist in your SSO provider. If you do not set up specific rules for blocking that user, they will be allowed to access your Itential Cloud account the next time they try to log in via the SSO identity provider.

To remove a user account from Itential Cloud, select Remove User from the More (⋮) menu on either the user account list page, or the user details page.

Groups

Permissions are granted to Itential Cloud user accounts and Service Accounts via membership in groups. A group contains a collection of roles in which each role corresponds to a permission. A user account or Service Account that is associated with a group inherits any permissions granted by the roles assigned to that group.

To view and manage groups, select Administration → Groups from portal sidebar.

Default Groups

Every Itential Cloud account comes with the built in admins and users groups.

While Itential Cloud provides these built in groups, you are free to modify or delete them to suit your organizational security needs.

Creating a New Group

To create a new group from the Groups page:

1. Click the + New Group in the Groups page.
2. Enter a name for the group, and an optional description.
3. Click the Create button to create the group, or Cancel to back out.

Newly created groups have no users accounts, service accounts assigned to them, and have no roles assigned to them.

Editing a Group

To edit an existing group from the Groups page:

1. Locate the desired group in the Groups page.
2. Click the row of the desired group, or select Edit from the More (⋮) menu.

This will take you to the details page for that group. The specific actions that can be taken from the Group Settings window are described below.

Assigning Users to a Group

To assign members to a group from the Group Settings window, from the Members tab:

1. Select the checkbox of the desired user accounts
2. Click the Save button to save the changes, or click the Groups breadcrumb to back out.

Assigning Roles to a Group

To assign roles to a group from the Group Settings window, select the Roles tab. By default, all roles that are available across the different applications and environments available to your Itential Cloud account are displayed. If you want to show only those roles for a specific application, select the application name from the drop-down.

To select which roles are assigned to the group:

1. Select the checkbox of the desired roles.
2. Click the Save button to save the changes, or click the Groups breadcrumb to back out.

Deleting a Group

To delete a group from the Groups page:

1. Locate the desired group in the Groups page.
2. Click the row of the desired group, or select Delete Group from the More (⋮) menu.