Manage Users

After you log in, you may need to edit your user account to update your details:

1. Click the User icon in the lower left-hand corner of the screen
   
2. From the menu, select Edit user
   
3. Change your Password
4. To receive VM passwords, login authentication codes, and email notifications, enter your E-mail address and Phone number
   
   
5. Go to Advanced and add your Public key for remote access to VMs
   

If you are using a single sign on, you may need to ask your system administrator to update your details

To disable the Edit user option on the User icon menu for cloud users:

1. Go to Configuration → Security 
2. Deselect the option to Allow user to change their password. 

Some administrators can manage users in more than one enterprise. Select an Enterprise to manage its Users. 

If the administrator can only manage users in one tenant, or logs in to multiple tenants separately, the platform displays the Users panel without the Enterprises list.

Cloud administrators, before you begin:

1. To optionally limit the user to a list of resources, create a scope for the user
2. Choose a role with the appropriate privileges or create a role

To create a user:

1. Optionally, select another enterprise if you manage users in multiple enterprises, and you want to create the user in an enterprise that you are not logged into
2. Click the + Add button and complete the dialog

Enter general user details

For more details see GUI Create user General information

Restrict a user to a set of virtual datacenters

For more details see GUI Create user Limit access to VDCs

Enter advanced user details

For more details see GUI Create user Advanced

If you need to stop a user from working with or logging in to the platform on a temporary basis, you can suspend the user account.

To suspend a user account:

1. Go to Users → Select user
2. Click the pencil edit button. The user dialog will open
3. Go to Advanced, and unselect the Activated checkbox

The platform will suspend the account. When a user account is suspended, the platform will log the user out immediately. Be careful not to disable your own account! Fortunately, the main cloud administrator account cannot be disabled.

To enable the user account again, select the Activated checkbox.

If the user makes too many failed login attempts, the platform will automatically suspend their account for the account lock duration or until it is enabled by an administrator.

If a user cannot automatically reset their password or if the user account is locked for too many password attempts, you can manually reset the password and unlock the account. 

To manually reset a user password:

1. Open the Users view and select the user
2. Click the Edit button at the top-right of the Users page. The user form will open.
3. Enter the new password
4. Recommended: go to Advanced and select the checkbox to Reset password on next login
5. If the user account is locked and you wish to unlock it, go to Advanced, and select the Activated option
6. Click Save. If the user is currently logged in, they will be automatically logged out when you save a new password,

The user password will be reset. Notify the user of their new password.

If you manage users in multiple tenants, to move a user to another tenant:

1. In the Enterprises list, select the user
2. Drag and drop the user to a new enterprise

Note that you cannot edit the user to change the user's enterprise.

To display the users in card view, select the card view tab from the view selectors in the top right-hand corner.

To display groups of users, click on the pages to display the following:

• All users on the All page

• Active users on the Activated page

• Suspended users on the Suspended page

To filter users and display only those with a certain text in the user details:

1. Go to Users view → Users
2. In the filter box on the right-hand side, enter a text string to search for which can include wildcards.
   For more details about how the platform's search works, see Search for VMs and filter the search

The user status is displayed either by a colored dot in the Activated column or in the colored tag on the user card:

• Green for active accounts
• Red for suspended accounts
  
  • Red with padlock symbol for accounts suspended automatically after too many failed login attempts 

To display users that are currently connected to the platform, go to the Show logged users page.

Screenshot: to display the users who are currently logged in, go to Users → Users → select the Show logged users tab.

An enterprise manager user will receive notification emails from the cloud administrators about physical machines and their enterprise's VMs on the platform.

By default, a tenant administrator or cloud administrator user is an enterprise manager for the enterprise that they belong to.

To make a user an enterprise manager:

1. Assign the user a role with the "Define enterprise manager privilege". See Manage Roles. You can edit the user's existing role or assign a new role with this privilege.

You cannot delete the default Cloud Administrator (username: admin) because the role is locked, unless you are another user with the same locked role (CLOUD_ADMIN). There must always be at least one user with this role.

To delete a tenant, you do not need to delete the users manually first. When you delete an enterprise, the platform will automatically delete all tenant administrators and cloud users in the enterprise.

To delete a user:

1. Select the user account and click the Delete button
2. Confirm the delete

Abiquo will delete the user account but the user's VMs and other resources will remain on the cloud platform and users in the same enterprise with the appropriate permissions can work with them.

By default, users can access the platform from any network address. To restrict access, when the administrator creates or edits a user, they can allow a set of network addresses.

To only allow access from a set of network addresses for a specific user via console and API:

1. Go to Users → Edit user → Advanced
2. Enter the Allowed CIDRs to specify the network addresses that the user can access the platform from, using CIDR notation
   • The user's Allowed CIDRs will have priority over the allowed CIDRs that are inherited from the user's role and/or scope
   • The inherited CIDRs will only display if the user has no Allowed CIDRs
   • In the API, you can add a comma delimited list of addresses in CIDR format
     

To restrict access of more than one user at a time, set role and/or scope CIDRs.