User Management

Cloud Orbiter, to provide hyperscalar equivalent experience over globally distributed infrastructure, managing a variety of applications extending different solutions will require mapping identity, access, and privileges corresponding to various individuals and teams. Cloud Orbiter provides a comprehensive user management solution that allows you to manage local users and users from external Identity Providers (IDPs) such as Okta, Microsoft, Google, or any other OpenID Connect IDP. With the user management feature in Cloud Orbiter, you can create, read, update, and delete (CRUD) users, manage groups and roles, and assign users to these groups, roles, and projects.

Cloud Orbiter extend solutions and better user experience to different types of users.

  • Infrastructure Owners / Providers: are tasked with creating and managing the infrastructure components' lifecycle.
  • Application Developers / Providers: those would be responsible for the delivery of applications running over the infrastructure.
  • Solution Engineers: teams tasked with deploying and interfacing various applications instances together.
  • DevOps: the team is responsible for looking after the continuity of operations.
  • Admins: responsible for overseeing the operations and tweaking some security, RBAC controls, and other global settings.

Key Concept

Before getting started with user management in Cloud Orbiter, it's essential to understand key concepts related to user management in Cloud Orbiter.

  • Local Users : Local users are created and managed within Cloud Orbiter. These users have credentials (username and password) that are stored in Cloud Orbiter.

  • External Users : External users are individuals authenticated by external IDPs and authorized to access Cloud Orbiter. Cloud Orbiter supports integration with IDPs like Okta, Microsoft, Google, and other OpenID Connect IDPs. Cloud Orbiter creates a corresponding local user account when an external IDP authenticates a user. Additionally, if account linking is enabled, existing users can be linked to their corresponding IDP user account.

  • Groups : Groups are a collection of users that share a standard set of permissions in Cloud Orbiter. By assigning users to groups, you can manage resource access more efficiently.

  • Roles : Roles are permissions that define what actions users can perform once you assign roles to users in Cloud Orbiter.

Create and Manage Users

Cloud Orbiter provides a default user for access associated with the tenant admin role, which cannot be deleted or deactivated. Configuration for this user can be provided during installation or for SaaS deployment, after which only a password change is allowed.

Cloud Orbiter provides two options to onboard users. You can bring users from identity providers, or you can also create users locally into the systems.

Generally, like organizations, they require a centralized identity management system to integrate their internal identity. So we promote integrating a central identity management with Cloud Orbiter. Cloud Orbiter provides three SSO integrations, using Google, Microsoft, and Okta identity integration. The other mechanism is that you can create a local user when you are in a development environment.

Adding Local User

In Cloud Orbiter, you can create and manage local users or bring users from external IDPs. Only users associated with the admin role can manage local users. Admins of existing organization can invite new users.

Once a local user is created, you can view and manage their information from the User Management section within Cloud Orbiter. It includes updating their personal information, resetting their password, and modifying their group and role assignments. You can also delete local users if they are no longer needed. After logging in with the temporary password, the user must create a new password.

Procedure to add a user to Cloud Orbiter:

  1. Sign in as a tenant-admin and go to the Settings section.
  2. Click on Users menu .
  3. Click on the +Add User button to add a user you want to give access to. This field consists of
    • First Name
    • Last Name
    • Email/Username
    • Temporary Password
  4. Assign project and role of user.
  5. Click on Create

Email or Username is a mandatory field if you want to create a local user.

Bring Users from External IDPs

Cloud Orbiter can bring users from external identity providers (IDPs) such as Okta, Microsoft, Google, or any other OpenID Connect IDP. It lets you easily manage users across multiple platforms and streamline onboarding.

When a user is brought in from an external IDP, Cloud Orbiter creates a local representation of the user in its system. The user's email address, name, and groups or roles associations are stored in Cloud Orbiter's database. It allows you to manage the user's access and permissions within Cloud Orbiter's platform and to assign them to groups, roles, and projects.

You must first set up the IDP integration within Cloud Orbiter to bring users in from an external IDP. Once the integration is established, you can initiate the user import process. Cloud Orbiter will then retrieve the user information from the external IDP and create a corresponding user record in its database.

Once the user is imported, you can perform all CRUD (create, read, update, delete) operations on the user just as you would with a local user. It includes managing their groups, roles assignments, and access to projects. If the user's information changes in the external IDP, you can trigger a re-sync to update the user's information in Cloud Orbiter.

Once a user is created using IDPs, you can perform the following:

  1. To sign up using IDP portals, visit Single Sign-On (SSO)
  2. Log in to Cloud Orbiter.
  3. Select IDP provider to sign in.
  4. Select Overview from left ribbon menu.
  5. Select Users.
  6. Click on +Add User button. Fill all the mandatory details.
  7. Click create.

Managing Users: Once you have created users in Cloud Orbiter, you can manage them by performing CRUD operations, such as updating user details, resetting passwords, or deleting users.

Groups

Groups are the mechanism offered to group individuals together, representing teams. It allows role assignment to all its members by assigning the role directly to the group. Only users associated with the tenant-admin role are authorized to manage groups.

  • Creating Groups: To create a new group in Cloud Orbiter, navigate to the User Management section of the dashboard and click on Groups. From here, click "New Group" and enter the name and description of the group. You can also add users to the group during the creation process.

  • Managing Groups: Once a group is created, you can manage its members, permissions, and other attributes. To manage a group, select the group from the list of groups and click Manage Group. Here you can add or remove members from the group, assign permissions, and edit the group's details.

  • Assigning Users to Groups: To assign a user to a group, navigate to the User Management section of the dashboard and click on Users. From here, select the user you want to assign to a group and click on Edit Under the Groups section, you can assign the user to one or more groups.

  • Removing Users from Groups: To remove a user from a group, navigate to the User Management section of the dashboard and click on Users. From here, select the user you want to remove from a group and click on Edit. Under the Groups section, you can remove the user from one or more groups.