Abiquo 5.0

Skip to end of metadata
Go to start of metadata



Edit your user account details

After you log in, you may need to edit your user account to update your details:
  1. Click the User icon in the lower left-hand corner of the screen
  2. From the menu, select Edit user
  3. Change your Password
  4. To receive VM passwords, login authentication codes, and email notifications, enter your E-mail address and Phone number

  5. Go to Advanced and add your Public key for remote access to VMs

If you are using a single sign on, you may need to ask your system administrator to update your details

Prevent users from editing their account details

To disable this option for standard users:

  1. Go to Configuration → Security 
  2. Deselect the "Allow user to change their password" option. 



Manage users in multiple tenants

Some administrators can manage users in more than one enterprise. Select an enterprise to manage its users. 

Privilege: Manage users of all enterprises, Manage users

Privilege: Manage users

If the administrator can only manage users in one tenant, or logs in to multiple tenants separately, the platform displays the Users panel without the Enterprises list.




Create or Edit a User

Before you begin:

  1. To optionally limit the user to a list of resources, create a scope
  2. Choose a role with the appropriate privileges or create a role

To create a user:
  1. If you manage users in multiple enterprises, optionally select an Enterprise where the platform will create the user. Otherwise, it will create the user in the enterprise that you are logged into
  2. Click the + Add button and complete the dialog

Enter general user details

Field

Description

Enterprise

The enterprise that the user will belong to.

Full Name

The user's first name and family name

Role

The Role of the user defining their set of privileges on the platform

ScopeThe Scope of a user defining the set of enterprise and datacenters that they can manage on the platform

Username

The username for login. After you create the user, you cannot change the username

Password

The user account password. Requirements are set by the options of Configuration → Security. See also Manually reset a user password

Repeat password

Re-enter the password

Email

The contact e-mail address of the user for platform messages, including password reset. The platform will display a Gravatar icon associated with this address on the Users's card

Phone numberThe phone number of the user. The platform will not validate this field.

Restrict a user to a set of virtual datacenters

 

By default, all users can access all virtual datacenters. This tab will not display if the user you are creating or editing has the No VDC restriction privilege.

Select one or more checkboxes to create a list of virtual datacenters to allow the user access.

If none are selected, the user can access all VDCs.

Enter advanced user details

Field

Description

Description

Optional description of the user account, maximum 100 characters

Public keySSH key for secure access to VMs. Add this key before you create your VMs
Allowed CIDRsTo restrict user access, enter the allowed network addresses in CIDR format. This network address will have priority inherited allowed CIDRs. Requires the Manage user allowed CIDRs privilege. By default users can access the platform from any IP address.
Inherited allowed CIDRsIf the user does not have allowed CIDRs, and the user's role and/or scope have CIDRs, then the platform will display the allowed CIDRs that apply to the user, which are inherited from the role and/or scope.
Reset password on next login

If this checkbox is selected, the user must reset their password the next time they log in.

Activated

If this checkbox is selected, the user account is active and the user can log in.





Suspend or enable a user account

If you need to stop a user from working with or logging in to the platform on a temporary basis, you can suspend the user account. 

To suspend a user account:

  1. Go to Users → Select user
  2. Click the edit button. The user dialog will open
  3. Go to Advanced, and unselect the Activated checkbox

The platform will suspend the account. When a user account is suspended, the platform will log the user out immediately. Be careful not to disable your own account! Fortunately, the main cloud administrator account cannot be disabled.

To enable the user account again, select the Activated checkbox.

If the user makes too many failed login attempts, the platform will automatically suspend their account for the account lock duration or until it is enabled by an administrator.




Manually reset a user password

If a user cannot automatically reset their password or if the user account is locked for too many password attempts, you can manually reset the password and unlock the account. 

To manually reset a user password:

  1. Open the Users view and select the user
  2. Click the Edit button at the top-right of the Users page. The user form will open.
  3. Enter the new password
  4. Recommended: go to Advanced and select the checkbox to Reset password on next login
  5. If the user account is locked and you wish to unlock it, go to Advanced, and select the Activated option
  6. Click Save. If the user is currently logged in, they will be automatically logged out when you save a new password,

The user password will be reset. Notify the user of their new password.



Move a user to another tenant

If you manage users in multiple tenants, to move a user to another tenant:

  1. In the Enterprises list, select the user
  2. Drag and drop the user to a new enterprise

Note that you cannot edit the user to change the user's enterprise.

Privilege: Manage users of all enterprises



Manage users with the API

API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource UsersResource.



Display and filter users

To display the users in card view, select the card view tab from the view selectors in the top right-hand corner.

 Click here to show/hide the screenshot

Users in card view

To display groups of users, click on the pages to display the following:

  • All users on the All page
  • Active users on the Activated page
  • Suspended users on the Suspended page

User status

The user status is displayed either by a colored dot in the Activated column or in the colored tag on the user card:

  • Green for active accounts
  • Red for suspended accounts
    • Red with padlock symbol for accounts suspended automatically after too many failed login attempts 

Filter users

To filter users and display only those with a certain text in the user details:

  1. In the filter box on the right-hand side, enter a text string to search for which can include wildcards. For more details, see Search for VMs and filter the search



Display connected users

To display users that are currently connected, go to the Show logged users page.

Privilege: Display connected users


 Click here to show/hide the screenshot

Screenshot: to display the users who are currently logged in, in Users view, select the Show logged users tab.



Put a user on the notifications list

The enterprise manager user will receive notification emails from the cloud administrators about physical machines and their enterprise's VMs on the platform.

To make a user an enterprise manager:

  1. Assign the user a role with the "Define enterprise manager privilege". See Manage Roles. By default, a tenant administrator or cloud administrator user is an enterprise manager for the enterprise that they belong to.




Delete a User

You cannot delete the default Cloud Administrator (username: admin) because the role is locked, unless you are another user with the same locked role (CLOUD_ADMIN). However, there must always be at least one user with this role. 

Note: If you wish to delete a tenant, you do not need to delete the users manually first. When you delete an enterprise, the platform will automatically delete all tenant administrators and cloud users in the enterprise.

To delete a user:
  1. Select the user account and click the Delete button
  2. Confirm the delete

Abiquo will delete the user account but the user's VMs and other resources will remain on the cloud platform and users in the same enterprise with the appropriate permissions can work with them.



Restrict user access to the platform by networks

By default, users can access the platform from any network address. To restrict access, when the administrator creates or edits a user, they can allow a set of network addresses.

Privileges: Manage allowed user CIDRs


To only allow access from a set of network addresses for a specific user via console and API:

  1. Go to UsersEdit userAdvanced
  2. Enter the Allowed CIDRs to specify the network addresses that the user can access the platform from, using CIDR notation
    • The user's Allowed CIDRs will have priority over the allowed CIDRs that are inherited from the user's role and/or scope
    • The inherited CIDRs will only display if the user has no Allowed CIDRs
    • In the API, you can add a comma delimited list of addresses in CIDR format

To restrict access of more than one user at a time, set role and/or scope CIDRs.

 Click here to show/hide screenshots of CIDRs for Roles and Scopes

Screenshot: Create a scope with Allowed CIDRs.

Screenshot: Create a role with Allowed CIDRs




Pages related to user management


  • No labels