- 30 Apr 2024
-
DarkLight
-
PDF
Users - Early IAP Versions
- Updated on 30 Apr 2024
-
DarkLight
-
PDF
This content article applies to IAP release versions 2022.1.x - 2023.1.x.
A user is an entity that comes from an external AAA System such as LDAP. Users may be a member of any number of groups and through group membership may be assigned any number of roles.
Itential Automation Platform (IAP) provides the ability to assign roles directly to users. Also, with IAP groups, administrators are able to manage user membership.
All operations within IAP are associated with a user. User roles, whether directly assigned or inherited from a group, determine what the user can see and do within IAP. The final permission set of a user will be a combination of permissions granted to all the roles assigned to the user, or to any groups in which the user is a member.
Managing Users
Users are accounts from an external system. Therefore, it is not possible to create a new user within IAP. Instead, IAP will create the user record when someone has successfully logged in using the user’s AAA system credentials.
Use Authorization to see a list of users IAP has encountered and to manage their permissions.
- Login to IAP as Administrator (a user with the
Pronghorn.admin
role). - Navigate to Admin Essentials > Authorization.
- Select Users from the sidenav menu.
- Locate the user in the list. Optionally, filter the list by typing in the Search field and pressing Enter.
- Select the appropriate user from the list to view.
- Click the pencil icon to edit attributes, as desired.
- Edit Roles and Groups, as desired.
- Click Save to finalize your changes.
Roles assigned by Groups are grayed out (disabled). This indicates the assignment is inherited.
Configuring Role Assignments for Users
There are two ways to assign users to roles:
- Directly
- By group membership
To assign roles directly to a user:
- Select Roles from the menu.
- Locate the role you wish to assign. You can filter the list by typing in the column header text box.
- Add or remove a role assignment using the checkbox.
Roles assigned by Groups are grayed out (disabled). This indicates the assignment is inherited.
Figure 1: Edit User Roles and Groups
Configuring Group Membership for Users
External group memberships for users are managed by the external AAA system and cannot be edited in IAP. A user may only be added or removed from IAP Groups within Authorization. Addition or removal of AAA groups must be performed in the AAA system and will be noticed by IAP the next time the user logs in.
To change the IAP Groups to which a user belongs:
- Click the Groups menu option.
- Find the group in the list. You can filter the list by typing in the column header textbox.
- Add or remove group membership using the checkbox.
AAA-managed group memberships will be grayed out (disabled), indicating the membership is not editable in IAP.
Figure 2: Authorization Groups