Access to Cloud Manager requires a Cloud Manager user account. Through the account, a user receives rights to perform various roles in the Cloud Manager system, in an organization, or in both.
There are two types of user accounts: System and Organization. A System account enables a user to be assigned system-level roles (Approver, Build Administrator, Catalog Manager, Cloud Administrator, and Zone Administrator) and organization-level roles (Business Group Viewer, Business Service Owner, Organization Manager, and Sponsor). You can also create accounts for Organization users. Organization users can be assigned organization-level roles only.
You can create users by manually entering information or by importing information from your LDAP authentication source.
Roles that Can Perform This Task: Cloud Administrator, Organization Manager (Organization users only) |
The following steps explain how to create users by manually entering their information. For information about creating users by importing their information from your LDAP authentication source, see Manually Importing System Users from LDAP and Section 11.1.3, Manually Importing Organization Users from LDAP.
On the main navigation bar, click
.Click the
tab, then click to display the Create User dialog box.Provide the following details to define the user:
Full Name: Specify the user’s full name as you want it to appear in Cloud Manager.
E-Mail Address: Specify the user’s email address as defined in their LDAP authentication account. If necessary, you can specify more than one address; use commas to separate addresses.
The e-mail address enables the Cloud Manager system to send messages (tasks, notifications, and so forth) to the user as needed.
If LDAP is being used for authentication (without Access Manager or Cloud Security Services), the e-mail address is also used for login.
Phone Number: This field is optional. Specify a contact number if desired.
Select the user’s scope:
Organization: An organization scope enables the user to perform roles within a specific organization. The roles are Business Group Viewer, Business Service Owner, Organization Manager, and Sponsor.
To give the user an organization scope, select
, then select the organization in which to place the user.System: A system scope enables the user to administer the Cloud Manager system. The roles are Approver, Build Administrator, Catalog Manager, Cloud Administrator, and Zone Administrator. In addition, a System user can be given any of the organization roles.
Determine cost visibility for the user:
If you want business service owners to see the costs associated with their workload templates, select
. If this check box is not selected, and the user’s visibility in the organization and business group is not set, all costs are hidden for the user.Add the user to user groups.
When you add a user to a group, the user inherits the roles assigned to the group.
Click the
tab.Click
, select the desired user groups, then click .You can Shift-click and Ctrl-click to select multiple groups.
Click
to add the user to the list.To assign roles to the user, see Assigning Roles to Users and Groups.
Roles that Can Perform This Task: Cloud Administrator |
The following steps explain how to create System users by importing information from your LDAP authentication source. For information about creating System users by manually entering information, see Manually Creating System and Organization Users.
On the main navigation bar, click
.Click
, click , then click .Authenticate to the LDAP directory:
Click the
tab.In the
section, fill in the following fields:Host: Specify the FQDN (fully qualified domain name) or IP address of the host machine running the LDAP server. For example, ldap.mycompany.com or 123.45.67.8.
Port: Specify the TCP port (on the host machine) where the LDAP server is listening for LDAP connections. The standard port for non-SSL connections is 389. The standard port for SSL connections is 636.
Use SSL: If the Cloud Manager Application Server is configured for an SSL connection to the LDAP server, select this option to enable the secure connection.
In the
section, fill in the following fields:DN: Specify the distinguished name of an account that has search rights to the directory location from which you want to import users. For example, cn=Administrator,cn=Users,dc=MyCompany,dc=com
Password: Specify the password for the account.
Confirm Password: Confirm the password for the account.
Click
.If the connection is successful, the Test Status is displayed as
. If the connection is not successful, validate the connection information and try again.Import users:
Click the
tab.Click
.When you click
, a new import entry is added to the list. You use the fields below the list to define the entry.In the ou=provo,dc=netiq,dc=com) to specify the distinguished name for the target container or object, then click .
field, use standard LDAP notation (If you specify a container, all users located within the container are imported. If you only want to import one user, specify the DN of the user object.
If you specified a container for import, select
.If you specified a container for import, select
if you want to import users located in its subcontainers.Click
.The imported users are added to the
list. Users are identified by the icon.Click
to close the System Configuration dialog box.To assign roles to a user, see Assigning Roles to Users and Groups.
Roles that Can Perform This Task: Cloud Administrator, Organization Manager |
The following steps explain how to create Organization users by importing information from your LDAP authentication source. For information about creating Organization users by manually entering information, see Manually Creating System and Organization Users.
On the main navigation bar, click
.Click the
tab, select the target organization for the import, click to display the Edit Organization dialog box.On the
tab, click , then click .Authenticate to the LDAP directory:
Click the
tab.In the
section, fill in the following fields:Host: Specify the FQDN (fully qualified domain name) or IP address of the host machine running the LDAP server. For example, ldap.mycompany.com or 123.45.67.8.
Port: Specify the TCP port (on the host machine) where the LDAP server is listening for LDAP connections. The standard port for non-SSL connections is 389. The standard port for SSL connections is 636.
Use SSL: If the Cloud Manager Application Server is configured for an SSL connection to the LDAP server, select this option to enable the secure connection.
In the
section, fill in the following fields:DN: Specify the distinguished name of an account that has search rights to the directory location from which you want to import users. For example, cn=Administrator,cn=Users,dc=MyCompany,dc=com
Password: Specify the password for the account.
Confirm Password: Confirm the password for the account.
Click
.If the connection is successful, the Test Status is displayed as
. If the connection is not successful, validate the connection information and try again.Import users:
Click the
tab.Click
.When you click
, a new import entry is added to the list. You use the fields below the list to define the entry.In the ou=provo,dc=netiq,dc=com) to specify the distinguished name for the target container or object, then click .
field, use standard LDAP notation (If you specify a container, all users located within the container are imported. If you only want to import one user, specify the DN of the user object.
If you specified a container for import, select
.If you specified a container for import, select
if you want to import users located in its subcontainers.Click
.The imported users are added to the
list. Users are identified by the icon.Assign roles to a user.
An Organization user can be assigned roles at the organization level, business group level, or business service level. If you want to assign an imported user a role at the organization level, continue with the following steps. If you want to assign roles at the other two levels, exit the dialog box and see Assigning Roles to Users and Groups.
Users must be given roles in order to do anything in the organization. There are six roles that apply at the organization level: Approver, Build Administrator, Business Group Viewer, Business Service Owner, Organization Manager, and Sponsor.
Role assignments at the organization level are inherited by the organization’s business groups. For example, if you give a user the Business Service Owner role for an organization, the user can create business services for any business group in the organization. If you want to limit the user to a role in specific business group, you must make the role assignment in the business group.
Click the role (
, , , > , or ) that you want to assign to a user.Click
.Depending on the role that you are adding, the selection dialog box can contain two lists:
and . The list includes all members of the organization and the list includes all Cloud Manager System users.Select the users you want to add, then click
.You can Shift-click and Ctrl-click to select multiple users.
Click
to close the Edit Organization dialog box.