Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

This page describes how administrators can control user access to the platform.
For details of how administrators can control user access within the platform, see Manage Roles and Manage scopes

For details of how manage users, see Manage users for tenant admin or Manage users


Manage users with SSO or directory systems

You can use SAML, Active Directory, LDAP, and OpenID to manage users for Abiquo.

In this case, you will need to match Abiquo roles with roles in your SSO or directory systems.

For details of how to configure these systems, see Configure authentication and authorization.


Suspend or enable a user account

If you need to stop a user from working with or logging in to the platform on a temporary basis, you can suspend the user account.

To suspend a user account:

  1. Go to Users

  2. Select a user

  3. Click the pencil edit button. The user dialog will open

  4. Go to Advanced, and unselect the Activated checkbox

The platform will suspend the account. When a user account is suspended, the platform will log the user out immediately. Be careful not to disable your own account! Fortunately, the main cloud administrator account cannot be disabled.

To enable the user account again, select the Activated checkbox.

If the user makes too many failed login attempts, the platform will automatically suspend their account for the account lock duration or until it is enabled by an administrator.


Manually reset a user password

If a user cannot automatically reset their password or if the user account is locked for too many password attempts, you can manually reset the password and unlock the account. 

To manually reset a user password:

  1. Open the Users view and select the user

  2. Click the Edit button at the top-right of the Users page. The user form will open.

  3. Enter the new password

  4. Recommended: go to Advanced and select the checkbox to Reset password on next login

  5. If the user account is locked and you wish to unlock it, go to Advanced, and select the Activated option

  6. Click Save. If the user is currently logged in, they will be automatically logged out when you save a new password,

The user password will be reset. Notify the user of their new password.


Put a user on the notifications list

An enterprise manager user will receive notification emails from the cloud administrators about physical machines and their enterprise's VMs on the platform.

By default, a tenant administrator or cloud administrator user is an enterprise manager for the enterprise that they belong to.

To make a user an enterprise manager:

  1. Assign the user a role with the "Define enterprise manager privilege". See Manage Roles. You can edit the user's existing role or assign a new role with this privilege.


Restrict user access to the platform by networks

By default, users can access the platform from any network address. To restrict access, when the administrator creates or edits a user, they can allow a set of network addresses.

Privileges: Manage allowed user CIDRs

To only allow access from a set of network addresses for a specific user via console and API:

  1. Go to UsersEdit userAdvanced

  2. Enter the Allowed CIDRs to specify the network addresses that the user can access the platform from, using CIDR notation

    • The user's Allowed CIDRs will have priority over the allowed CIDRs that are inherited from the user's role and/or scope

    • The inherited CIDRs will only display if the user has no Allowed CIDRs

    • In the API, you can add a comma delimited list of addresses in CIDR format

      Create a user with restricted network access

To restrict access of more than one user at a time, set role and/or scope CIDRs.

Screenshot: Create a scope with Allowed CIDRs.

Create a scope with restricted network access

Screenshot: Create a role with Allowed CIDRs

Create a role with restricted network access


Disable access to users view

To prevent administrators from accessing Users view:

  1. Go to Configuration view

  2. Deselect the option to Show Users button on main toolbar

The platform will not display the button, and you cannot edit users until a cloud administrator changes this option.


Stop users from editing their account details

By default, users can edit their own account details by going to Main menu → User icon menu → Edit user.

To disable the Edit user option on the User icon menu for cloud users:

  1. Go to Configuration → Security 

  2. Deselect the option to Allow user to change their password


Configure access to enterprises

To display the Enterprises list on the left side of Users view, your user role must have the privilege to Manage users of all enterprises. The user can select an enterprise to edit its users. By default, only the Cloud administrator role has this privilege.

Users in users view

To switch directly to different enterprises your user role must have the Allow user to switch enterprise privilege. You can select the enterprise name and click the Switch enterprises button, as in Home view.

You can view and manage users of the enterprises in your user scope. And you can share resources with tenants in scopes beneath your scope.


A Tenant admin role might not have the privilege to Manage users of other enterprises. In this case, you can only display and manage users of your own enterprise.

The Users view for a Tenant admin user

  • No labels