Versions Compared

Version Old Version 9 New Version 10
Changes made by

MS (Unlicensed)

MS (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
bgColor#FFFAE6

This page describes how administrators can control user access to the platform.
For details of how administrators can control user access within the platform, see Manage Roles and Manage scopes

...

Manage users with SSO or directory systems

You can use SAML, Active Directory, LDAP, and OpenID to manage users for Abiquo.

In this case, you will need to match Abiquo roles with roles in your SSO or directory systems.

For details of how to configure these systems, see Configure authentication and authorization.

After you configure these systems, in Configuration view, you can select the option not display the Users view icon.

...

Suspend or enable a user account

...

Put a user on the notifications list

...

An enterprise manager user will receive notification emails from the cloud administrators about physical machines and their enterprise's VMs on the platform.

By default, a tenant administrator or cloud administrator user is an enterprise manager for the enterprise that they belong to.

To make a user an enterprise manager:

  1. Assign the user a role with the "Define enterprise manager privilege". See Manage Roles. You can edit the user's existing role or assign a new role with this privilege.

...

Restrict user access to the platform by networks

...

By default, users can access the platform from any network address. To restrict access, when the administrator creates or edits a user, they can allow a set of network addresses.

Panel
bgColor#FFFAE6

Privileges: Manage allowed user CIDRs

To only allow access from a set of network addresses for a specific user via console and API:

  1. Go to UsersEdit userAdvanced

  2. Enter the Allowed CIDRs to specify the network addresses that the user can access the platform from, using CIDR notation

    • The user's Allowed CIDRs will have priority over the allowed CIDRs that are inherited from the user's role and/or scope

    • The inherited CIDRs will only display if the user has no Allowed CIDRs

    • In the API, you can add a comma delimited list of addresses in CIDR format

      Create a user with restricted network accessImage Added

To restrict access of more than one user at a time, set role and/or scope CIDRs.

Screenshot: Create a scope with Allowed CIDRs.

...

Screenshot: Create a role with Allowed CIDRs

...

...

Prevent users from editing their account details

...

Include Page
Prevent users from editing their account details
Prevent users from editing their account details

...

...

Configure access to

...

enterprises

To display the Enterprises list on the left side of Users view, your user role must have the privilege to Manage users of all enterprises. The user can select an enterprise to edit its users. By default, only the Cloud administrator role has this privilege.

...