Identity Management provides an interface for managing admins, users, and permissions. This functionality is available in the InsightCloudSec main navigation under "Administration" --> "Identity Management".
Note: Permissions will impact your ability to access certain details and features on this page.
Administrators can view their Domain Admins, Users, Basic User Groups, Basic User Roles and Authentication Servers.
You can also:
- Add administrators and users
- Manage passwords
- View/Manage API Keys
- Create and manage Basic User Groups
- Manage Authentication Servers
For users with domain admin or read-only admin permissions, you also have the ability to download a CSV report that contains information on all of the domain administrators/viewers.
User accounts can be configured to authenticate using several different authentication types:
Local Authentication - This type of user authenticates against the local database
- Via Session Token - The user is authenticated using console login
- Using API Key - The user is authenticated based on the API-Key
Check out the Configuring Authentication Servers page for links to instructions on all of the individually supported options including Active Directory, SAML, and LDAP.
In addition, InsightCloudSec includes support for authentication and sync using external tools, allowing you to create and manage users outside of the InsightCloudSec platform. You can read more about this feature under the Just In-Time User Provisioning (Authentication Server Support) documentation.
Installation > Domains > Organizations > Groups/Roles/Users
An installation is the InsightCloudSec software suite comprising API/Webservers, Cloud Harvesting, Automation system, and database. InsightCloudSec can be deployed in a flexible manner from running entirely on a single server to scaling across multiple servers for performance and redundancy. Check out our Production Deployments section to learn more.
Domains are a collection of Organizations and allow for domain administrators to manage Organizations. Check out our Domains section to learn more.
Organizations allow for complete isolation between Cloud Accounts, resources, and users on an installation. Cloud Accounts and their resources can only belong to one Organization and cannot be modified or viewed from another Organization. Check out our Organization section to learn more.
With the exception of domain admins, users may only belong to a single Organization. Domain admins may change between organizations but within their current session cannot modify or view Cloud Accounts, or the cloud’s resources, without first changing to the correct organization.
All other users are Basic Users and must be explicitly granted permissions via the Role Based Access system. The system comprises 1) Users, 2) Groups, 3) Roles, and 4) Scopes.
Groups are used to organize users together for the same set of permissions, e.g., Power Users, View Only, AWS-Development-Team, etc.
Permissions are defined by a Role. A Role consists of a name, description, and one or more permissions:
- All Permissions - Permission to execute any action within the role scope
- View - Permission to view resources within the scope
- Provision - Permission to create new resources
- Manage - Permission to manage the resources in scope
- Delete - Permission to destroy resources
- A Role can then be associated with one or more Cloud Accounts or Resource Groups which is called the Scope of the Role. Many roles can be associated with a group. Likewise many Scopes can be associated with a Role.
Once a Group with Roles is created that is scoped to some resources, a user can be created and added to the group. Authenticate with this new user’s account and you will see the clouds or groups granted to the user.
Check out our User, Groups and Roles to learn more.
Updated 13 days ago