NetIQ Documentation: NetIQ Cloud Manager 2.3 Procedures Guide - Enabling Automatic User Creation

11.2 Enabling Automatic User Creation

You can enable user accounts to be created automatically the first time valid LDAP users log in to the Cloud Manager Application Console. This process requires you to associate users’ domain names with the Cloud Manager system (for importing System users) or with organizations (for importing Organization users). For example, if you associated the netiq.com domain name with your system, any user who logged in with netiq.com in their e-mail address would be made a System user.

The following sections explain how to set up automatic user creation and how to automate role assignments for automatically imported users:

11.2.1 Setting Up Automatic User Creation for System Users

Roles that Can Perform This Task: Cloud Administrator

On the main navigation bar, click Configuration.
Click System Users.
In the Domains field, specify the email domains that you to be imported into to the system.

For example, if you want all users who log in with email addresses that include the netiq.com or novell.com domain names, specify netiq.com,novell.com. Use a comma to separate domain names.
Click OK to save your changes.

11.2.2 Setting Up Automatic User Creation for Organization Users

Roles that Can Perform This Task: Cloud Administrator

On the main navigation bar, click Organizations.
On the Organizations tab, select the organization for which you want to import users, then click Edit.
In the Domains field, specify the email domains that you want imported into the organization.

For example, if you want all users who log in with email addresses that include the suse.com domain name, specify suse.com. If you specify multiple domains, use a comma to separate domain names.
Click OK to save your changes.

11.2.3 Automating Role Assignments to Automatically Imported Users

Roles that Can Perform This Task: Cloud Administrator

When a user is automatically imported, his or her user account is created without any role assignments. You can manually assign roles to the user after the account is created, but this negates much of the administrative benefit gained by enabling the automatic import.

To receive the maximum benefit of automatic user creation, you can assign roles to users through the use of LDAP user groups. By assigning roles to LDAP user groups, you can ensure that LDAP users who are members of those groups automatically inherit those roles when they are imported.

To automate role assignments for automatically imported users:

In your LDAP source, create the LDAP user groups you want.

For example, in the LDAP directory used for authenticating System users, you could create an LDAP user group for Cloud Administrators, another for Zone Administrators, and another for Build Administrators. In the LDAP directory used for authenticating an organization’s users, you could create LDAP user groups for Organization Managers and Business Service Owners.
Add the appropriate LDAP users to each LDAP user group.

For example, if you created a Business Service Owners group, add the users who are Business Service Owners for the organization.
Add the LDAP user groups to Cloud Manager using one of the following methods:
- Import the user group information from LDAP. For instructions, see Importing System User Groups from LDAP and Importing Organization User Groups from LDAP.
- Create the user groups by manually adding group information, including the distinguished name of the user group in LDAP. For instructions, see Manually Creating System and Organization User Groups.
Assign roles to the user groups. For instructions, see Assigning Roles to Users and Groups.