Quick Start: Creating a User Account in an OU¶
This section describes how to create an individual user account and grant policies.
Before You Start¶
You must have OU admin access rights.
Note
When a user have multiple accounts and one of them is an admin account, we recommend that the user perform the identity and access management operations through the admin account.
For more information, see Applying for an Account and Initializing the OU.
Ensure that the organization that the user belongs to already exist.
Ensure that the role of the user does not have a corresponding user group created on EnOS.
Ensure that the user will be created within its organization.
About This Task¶
The following major steps are involved.
Define user roles and design proper access policies for different roles. The IoT Engineer role, for example, is typically responsible for the operations below:
- Connect devices to EnOS Cloud, including cloud-end configurations such as creating products, provisioning devices, and testing communication.
- On-site installation of edge devices and connect cables from devices to the edge gateway.
To perform the above operations, this role would need permission for the following services.
- EnOS Edge
- Device Management
Create a user group to centrally manage access permissions for each specific user role.
Create a single user account or batch create users.
- Create a single user: Create a user and add the account into the user group corresponding to the role.
- Create batch users: Download the user import template to your local directory, fill in the basic information, and allocate the policy and user component to users through template bulk import, or modify the configuration through user authorization details after import.
Assign additional access policies for the user if needed (optional).
Step 1: Define User Role and Access Permissions¶
Once the user role and the corresponding access permissions have been defined, you can determine whether a built-in policy is sufficient or a custom policy needs to be created for the required permissions. For example, the IoT Enginner role mentioned above can be assigned the Resource Manager policy as well as assign a custom policy with model/device/asset management services and access items such as Device Management, Models, and etc. in the Console Menu.
For more information, see Policies, Roles, and Permissions and Creating and Managing Policies.
To create a custom policy, see Creating a Policy.
Step 2: Create a User Group¶
In this step, you will create a user group for the role, and associate the policy that you created in Step 1, which defines the permissions for the user role, to the user group.
- In the EnOS Management Console, click IAM > User Group from the left navigation menu.
- In the Group page, click New Group.
- Enter a group name that represents the role that you defined and click Next.
- Click Next to go to the Grant Permissions step.
- Click Assign Policies to assign policies for this group.
- Click Save.
For more information about user group management, see Creating and Managing User Groups.
Step 3: Create a User and Add User into Group¶
In this step, you will create the user in the organization, and add the user into the user group that you created in Step 2. This user will then inherit all permissions that are defined by the policies associated to the user group.
You can create single user or in batch importing them.
Method 1: Create a Single User¶
In the EnOS Management Console, click IAM > User from the left navigation menu.
In the Internal User tab, click New User and provide the necessary information, including:
- Send By
- other safety way: send the password via other secure offline approaches.
- phone: send the password via messaging to the registered mobile phone number.
- email: send the password via email to the registered email address.
- Password: you can set the initial password, or you can click the key icon to let the system auto-generate the password for the account.
Click Next to go to the Grant Policies page.
- Send By
In the Add User to Groups tab, click Add User to Group.
In the pop-up window, select the groups that the user belongs to and click Save.
Click Save to create the user.
Method 2: Import Users¶
In the EnOS Management Console, click IAM > User from the left navigation menu.
In the Internal User tab, click Import User.
As per the instructions, download the Import Template, and fill the local template file with the User Name, Send Password Method, Mobile Number, Email, as well as the optional information such as Policy and User Group.
- User Name: The user name.
- Send Password Method: Mobile or Email, the user password will be automatically generated by the system and sent to the user through the selected method.
- Mobile Number: If you choose Send Password Method by Mobile, this is required. The format of the phone number is: country code - phone number, e.g. 65-XXXXXXXX.
- Email: If you choose to send your password as Email, this is required.
- Policy: Optional. Fill in the permission policy that has been granted for the user, that is, the name of the authority, for example, Administrator / EAP administrator / custom authority.
- User Group: Optional. Fill in the user group name for the user.
Click Upload.
Note
You can assign policies and user groups to the users via the template or assign them after importing.
For more information, see Creating and Managing Users.
(Optional) Step 4: Add Additional Policies¶
If the policies inherited from the user groups are not sufficient, you can add additional policies for the user.
- In the EnOS Management Console, click IAM > Users from the left navigation menu.
- Click the authorize icon
. - In the Polices tab, click Assign Policies .
- In the pop-up window, select the policies to assign to this user and click Save.
- Click Save to confirm the change.
Next Steps¶
The user will receive an account creation notification through the channel as specified in Step 3. The user can then log in to the EnOS Management Console with the account information and verify the access rights.