Identity Management provides an interface for managing admins, users, and permissions. This functionality is available in DivvyCloud under "Administration" --> "Identity Management" from the main navigation.
Note: Permissions will impact your ability to access certain details and features on this page.
Administrators can view their Domain Admins, Users, User Groups, Roles & Entitlements, and Authentication Servers from the Identity Management section of DivvyCloud.
You can also:
- Add administrators and users
- Manage User passwords
- Create and manage User Groups
- Manage Authentication Servers
For users with domain admin or read-only admin permissions, you also have the ability to download a CSV report that contains information on all of the domain administrators/viewers.
User accounts can be configured to authenticate using four different authentication types
- Local Authentication - This type of user authenticates against the local database
- Active Directory - Authentication for the user occurs via a configured Active Directory server
- Azure Active Directory - Authentication for the user occurs over OAuth 2.0 via a configured Azure Active Directory authentication server
- LDAP - Authentication for the user occurs via a configured LDAP authentication server
- SAML - Authentication for the user occurs via a SAML server
When users execute write operations within the tool, their actions are recorded and can be accessed via Change History.
Installation > Domains > Organizations > Groups/Roles/Users
An installation is the DivvyCloud software suite comprising of API/Webservers, Cloud Harvesting, Automation system and database. DivvyCloud can be deployed in a flexible manner from running entirely on a single server to scaling across multiple servers for performance and redundancy. Check out our Installation section to learn more.
Domains are a collection of Organizations and allow for domain administrators to manage Organizations. Check out our Domains section to learn more.
Organizations allow for complete isolation between Cloud Accounts, resources and users on a installation. Cloud Accounts and their resources can only belong to one Organization and cannot be modified or viewed from another Organization. Check out our Organization section to learn more.
With the exception of domain admins, users may only belong to a single Organization. Domain admins my change between organizations but within their current session cannot modify or view Cloud Accounts, or the cloud’s resources, without first changing to the correct organization.
All other users are Basic Users and must be explicitly granted permissions via the Role Based Access system. The system is comprised of 1) Users, 2) Groups, 3) Roles, and 4) Scopes.
Groups are used to organize users together for the same set of permissions. Eg. Power Users, View Only, AWS-Development-Team, etc.
Permissions are defined by a Role. A Role consists of a name, description and one or more permissions:
- All Permissions - Permission to execute any action within the role scope
- View - Permission to view resources within the scope
- Provision - Permission to create new resources
- Manage - Permission to manage the resources in scope
- Delete - Permission to destroy resources
- A Role can then be associated with one or more Cloud Accounts or Resource Groups which is called the Scope of the Role. Many roles can be associated with a group. Likewise many Scopes can be associated with a Role.
Once a Group with Roles is created that is scoped to some resources, a user can be created and added to the group. Authenticate with this new user’s account and you will see the clouds or groups granted to the user.
Checkout our User, Groups and Roles to learn more.
Updated about a month ago