Managing Users with the Identity Broker
The Identity Broker enables you to manage AtScale users, as well as configure and assign user groups and roles.
If you are running AtScale in a test environment, you can manage users with the Identity Broker alone. In this case, you must manually add users and configure their passwords as described below.
For production environments, AtScale recommends connecting the Identity Broker to your organization's IdP or LDAP server. When managing users via one of these options, users are automatically added to the Identity Broker the first time they log in to AtScale. They are also automatically added to the everyone
group, which assigns them the query_user
role. If you need additional groups to manage your users, or need to assign them additional roles, you must do so manually within the Identity Broker, as described below. For more information on the default roles available in AtScale, see Identity Broker Default Roles.
Add Users
To add AtScale users via the Identity Broker:
-
Open the main menu and select Security. The Identity Broker opens.
-
Log in using your AtScale admin username and password.
-
Select the atscale realm if it is not already selected.
-
In the left-hand navigation, click Users. The Users page opens.
-
Click Add User.
-
Define user details as needed.
-
(Optional) By default, the new user will be added to the
everyone
group. If you need to add them to other groups:- In the Groups field, click Join Groups.
- Select the groups you want to add the user to, then click Join.
-
Click Save.
Configure User Passwords
Once you have added users, you should configure passwords for them.
To configure user passwords:
- Log in to the Identity Broker and select the atscale realm.
- In the left-hand navigation, click Users. The Users page opens.
- Select a user, then click the Credentials tab.
- Click Set Password and enter a password for the user.
- (Optional) Enable the Temporary option to require the user to change their password the next time they log in.
- Click Save.
Assign Roles
Before users can do anything in AtScale, they must be assigned roles. A role is a grouping of system permissions, allowing you to grant sets of permissions to users at the same time.
The Identiy Broker contains a number of default realm roles; for the full list and descriptions, see Identity Broker Default Roles.
All users are assigned the query_user
role automatically via the everyone
group. If you need to assign the admin
role to anyone, you must do so manually.
To assign user roles:
- Log in to the Identity Broker and select the atscale realm.
- In the left-hand navigation, click Users. The Users page opens.
- Click on the user you want to assign roles to, then select the Role mapping tab.
- Click Assign Role.
- Select the roles you want to assign to the user, then click Assign.
Create Groups
Groups allow you to grant runtime permissions to your users in bulk, rather than one user at a time.
By default, all users are added to the everyone
group. You should create additional groups and add users to them as needed.
To create user groups:
- Log in to the Identity Broker and select the atscale realm.
- In the left-hand navigation, click Groups. The Groups page opens.
- Click Create group.
- Enter a name for the group, then click Create.
- Click the group name and define group details as needed.
To assign groups to users:
- Log in to the Identity Broker and select the atscale realm.
- In the left-hand navigation, click Users. The Users page opens.
- Click a user in the list, then click the Groups tab.
- Click Join Group
- Select the groups you want to add the user to, then click Join.