Abiquo 5.1
Edit your user account details
After you log in, you may need to edit your user account to update your details:
- Click the User icon in the lower left-hand corner of the screen
- From the menu, select Edit user
- Change your Password
- To receive VM passwords, login authentication codes, and email notifications, enter your E-mail address and Phone number
- Go to Advanced and add your Public key for remote access to VMs
If you are using a single sign on, you may need to ask your system administrator to update your details
Prevent users from editing their account details
To disable this option for standard users:
- Go to Configuration → Security
- Deselect the "Allow user to change their password" option.
Manage users in multiple tenants
Some administrators can manage users in more than one enterprise. Select an Enterprise to manage its Users.
Privilege: Manage users of all enterprises, Manage users
Privilege: Manage users
If the administrator can only manage users in one tenant, or logs in to multiple tenants separately, the platform displays the Users panel without the Enterprises list.
Create or Edit a User
Before you begin:
- To optionally limit the user to a list of resources, create a scope
- Choose a role with the appropriate privileges or create a role
To create a user:
- If you manage users in multiple enterprises, optionally select an Enterprise where the platform will create the user. Otherwise, it will create the user in the enterprise that you are logged into
- Click the + Add button and complete the dialog
Enter general user details
Field | Description |
|---|---|
Enterprise | The enterprise that the user will belong to. |
Full Name | The user's first name and family name |
Role | The Role of the user defining their set of privileges on the platform |
| Scope | The Scope of a user defining the set of enterprise and datacenters that they can manage on the platform |
Username | The username for login. After you create the user, you cannot change the username |
Password | The user account password. Requirements are set by the options of Configuration → Security. See also Manually reset a user password |
Repeat password | Re-enter the password |
The contact e-mail address of the user for platform messages, including password reset. The platform will display a Gravatar icon associated with this address on the Users's card | |
| Phone number | The phone number of the user. The platform will not validate this field. |
Restrict a user to a set of virtual datacenters
By default, all users can access all virtual datacenters. This tab will not display if the user you are creating or editing has the No VDC restriction privilege.
Select one or more checkboxes to create a list of virtual datacenters to allow the user access.
If none are selected, the user can access all VDCs.
Enter advanced user details
Field | Description |
|---|---|
Description | Optional description of the user account, maximum 100 characters |
| Public key | SSH key for secure access to VMs. Add this key before you create your VMs |
| Allowed CIDRs | To restrict user access, enter the allowed network addresses in CIDR format. This network address will have priority inherited allowed CIDRs. Requires the Manage user allowed CIDRs privilege. By default users can access the platform from any IP address. |
| Inherited allowed CIDRs | If the user does not have allowed CIDRs, and the user's role and/or scope have CIDRs, then the platform will display the allowed CIDRs that apply to the user, which are inherited from the role and/or scope. |
| Reset password on next login | If this checkbox is selected, the user must reset their password the next time they log in. |
Activated | If this checkbox is selected, the user account is active and the user can log in. |
Suspend or enable a user account
If you need to stop a user from working with or logging in to the platform on a temporary basis, you can suspend the user account.
To suspend a user account:
- Go to Users → Select user
- Click the edit button. The user dialog will open
- Go to Advanced, and unselect the Activated checkbox
The platform will suspend the account. When a user account is suspended, the platform will log the user out immediately. Be careful not to disable your own account! Fortunately, the main cloud administrator account cannot be disabled.
To enable the user account again, select the Activated checkbox.
If the user makes too many failed login attempts, the platform will automatically suspend their account for the account lock duration or until it is enabled by an administrator.
Manually reset a user password
If a user cannot automatically reset their password or if the user account is locked for too many password attempts, you can manually reset the password and unlock the account.
To manually reset a user password:
- Open the Users view and select the user
- Click the Edit button at the top-right of the Users page. The user form will open.
- Enter the new password
- Recommended: go to Advanced and select the checkbox to Reset password on next login
- If the user account is locked and you wish to unlock it, go to Advanced, and select the Activated option
- Click Save. If the user is currently logged in, they will be automatically logged out when you save a new password,
The user password will be reset. Notify the user of their new password.
Move a user to another tenant
If you manage users in multiple tenants, to move a user to another tenant:
- In the Enterprises list, select the user
- Drag and drop the user to a new enterprise
Note that you cannot edit the user to change the user's enterprise.
Privilege: Manage users of all enterprises
Manage users with the API
API Documentation
For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource UsersResource.
Display and filter users
To display the users in card view, select the card view tab from the view selectors in the top right-hand corner.
Users in card view
To display groups of users, click on the pages to display the following:
- All users on the All page
- Active users on the Activated page
- Suspended users on the Suspended page
User status
The user status is displayed either by a colored dot in the Activated column or in the colored tag on the user card:
- Green for active accounts
- Red for suspended accounts
- Red with padlock symbol for accounts suspended automatically after too many failed login attempts
Filter users
To filter users and display only those with a certain text in the user details:
- In the filter box on the right-hand side, enter a text string to search for which can include wildcards. For more details, see Search for VMs and filter the search
Display connected users
To display users that are currently connected, go to the Show logged users page.
Privilege: Display connected users
Screenshot: to display the users who are currently logged in, in Users view, select the Show logged users tab.
Put a user on the notifications list
The enterprise manager user will receive notification emails from the cloud administrators about physical machines and their enterprise's VMs on the platform.
To make a user an enterprise manager:
- Assign the user a role with the "Define enterprise manager privilege". See Manage Roles. By default, a tenant administrator or cloud administrator user is an enterprise manager for the enterprise that they belong to.
Delete a User
You cannot delete the default Cloud Administrator (username: admin) because the role is locked, unless you are another user with the same locked role (CLOUD_ADMIN). However, there must always be at least one user with this role.
Note: If you wish to delete a tenant, you do not need to delete the users manually first. When you delete an enterprise, the platform will automatically delete all tenant administrators and cloud users in the enterprise.
To delete a user:
- Select the user account and click the Delete button
- Confirm the delete
Abiquo will delete the user account but the user's VMs and other resources will remain on the cloud platform and users in the same enterprise with the appropriate permissions can work with them.
Restrict user access to the platform by networks
By default, users can access the platform from any network address. To restrict access, when the administrator creates or edits a user, they can allow a set of network addresses.
Privileges: Manage allowed user CIDRs
To only allow access from a set of network addresses for a specific user via console and API:
- Go to Users → Edit user → Advanced
- Enter the Allowed CIDRs to specify the network addresses that the user can access the platform from, using CIDR notation
- The user's Allowed CIDRs will have priority over the allowed CIDRs that are inherited from the user's role and/or scope
- The inherited CIDRs will only display if the user has no Allowed CIDRs
- In the API, you can add a comma delimited list of addresses in CIDR format
To restrict access of more than one user at a time, set role and/or scope CIDRs.
Screenshot: Create a scope with Allowed CIDRs.
Screenshot: Create a role with Allowed CIDRs
Pages related to user management
- Manage cloud tenants: Manage Enterprises
- Create roles with privileges to control access to platform actions: Manage Roles
- Create action lists for users: Manage Scopes
Overview
Content Tools
