ADMIN role
There are two types of ADMIN privileges:
- Portworx Central ADMIN:
- Portworx BaaS organization ADMIN
The default MANAGER user can get Portorx Central ADMIN privileges in one of the following ways:
- The Portworx administrator assigns one or more MANAGER users as the organization ADMIN.
- The organization ADMIN can provide ADMIN privileges to any MANAGER user. For more information about editing the user role, refer to the Edit user role section.
The default BaaS MANAGER can become an organization ADMIN by creating a BaaS service.
The following sections explain tasks that you the organization ADMIN perform:
Manage users
Organization ADMIN can:
- invite other users
- modify a user role
- delete user invites
- connect and add on-premises and cloud clusters in BaaS
- invite other Enterprise users to organization
Invite users
Using the organization ADMIN privileges, you can invite users to access the Portworx BaaS services:
In the Product Catalog page, select the Profile icon -> Manage Users.
In the User List page, select Invite Users.
(Optional) In the User Name box, you can enter the name of the user you want to invite.
The User Invitation List page that appears displays all invited users.
In the Email box, enter the email address of the user who you want to invite and select the Invite User button:
The invited user gets the User Invitation email notification from Portworx. When the user clicks the View the Invitation button in the notification email, the Portworx-BaaS sign in page appears. For more information about signing in to the portal, refer to the Access Portworx BaaS section.
Delete and resend invitation
If you invited a user by mistake or entered the wrong email address, then you can select the Remove this Invitation button in the User Invitation List page to delete the invitation.
If an invited user has not received the invitation notification email, then you can select the Resend Invitation Mail icon to send the invitation email again.
Invite users using Portworx-Backup Security
You can also invite users to access Portworx BaaS services and assign them the Portworx Backup Security roles.
In the Portworx BaaS -> Portworx Services page, click on a service name.
For more information about adding a service, refer to the Add Portworx service section.
In the Portworx Backup clusters page, select the Profile icon -> Portworx Backup Security.
In the Portworx Backup Security -> Role Mapping page, select Invite User:
In the Invite Users window that appears -> Role dropdown list, select a Portworx Backup Security role that you want to assign to the user. For more information about Portworx Backup Security roles, refer to Portworx Backup Security introduction topic.
In the User Emails box, enter valid email address(es) of one or more users that you want to invite.
noteYou can enter a maximum of twenty email IDs in the Invite Users window.
Select Submit.
The invited users receive a notification email from Portworx to confirm and activate the email account. When users click the Start using Portworx button in the notification email, Portworx authenticates the email invite and redirects to the Portworx BaaS Product Catalog page.
You cannot invite user Groups, from the Portworx Backup Security -> Role Mapping page, to access the Portworx BaaS portal.
Edit user role
The ADMIN user includes privileges to edit an existing user role. To edit a user role:
From the User List page, select the ellipses button in a user row -> Edit User.
In the user profile page -> User Management section -> Role dropdown list, select an unassigned role. For example, select MANAGER if the current user role is ADMIN:
Select Update.
Setup OIDC access
If you are an ADMIN user, then you can set up OIDC access credentials in Portworx BaaS. Using these access credentials, users can sign in to Portworx BaaS and use its services.
To setup OIDC access:
In any of the Portworx BaaS portal pages, select the Profile icon -> Setup OIDC:
In the Setup OIDC page, enter valid values in the Endpoint, Client ID, and Client Secret boxes:
noteThe Redirect URI field displays the Portworx BaaS portal URL with a domain name. The Redirect URI should be registered as application or client registration in your SSO or OIDC provider.
Select Save.
Share the domain name with users who want to sign in to the Portworx-BaaS portal.
For example, in the above screenshot, the domain name is
demotest2.com
. Users with thedemotest2.com
domain name can sign up for Portworx BaaS services.