Managing access to the platform

When you add a user to the platform, a user profile (or record) is created for the user.

You can add users to the platform in the following ways:

  • You can give individual users access to the platform by manually creating a user profile.
  • You can give individual LDAP users access to the platform by adding them to a user group. When you add an LDAP user to a user group, the platform automatically creates a profile for the LDAP user.
  • You can give all of the members of an LDAP group access to the platform by adding the LDAP group to a user group. When you add the LDAP group to a user group, the platform automatically creates a profile for each LDAP user in the group. (The platform skips this step for any members of the group who already have a user profile on the platform.)
Permissions you need for this task
To manage access to the platform, you must have one of the following permissions:
  • Administer platform
  • Manage users
When you need to complete this task
You can complete this task any time you need to onboard users to the platform, remove users from the platform, edit user profiles, and assign platform roles to users.

About this task

You can create and edit user profiles from the Users tab of the Access control page.

Procedure

To give users access to the web client:

  1. Log in to Cloud Pak for Data
  2. From the navigation menu, select Administration > Access control.
  3. Open the Users tab.
  4. Click Add user.
  5. Specify the appropriate information for your environment:
    Environment Information to specify
    Connected to an LDAP server Search for the user that you want to add. The user's information is retrieved from the LDAP server.
    Connected to a SAML identity provider
    • The user's full name
    • The username that the user will authenticate with

      The appropriate value depends on the attribute that you specified for the fieldToAuthenticate in the SAML SSO configuration.

    • The user's email address
    Not connected to an LDAP server
    • The user's full name
    • The username that the user will authenticate with
    • The user's email address
    • A temporary password for the user
  6. Click Next.
  7. Specify how you want the user to get their permissions:
    Choices Instructions
    Assign roles to the user
    1. Click Assign roles directly.
    2. Select the roles the appropriate roles to assign to the user.

      If you have the Manage platform roles permission, you can optionally create a new role for the user.

    3. Click Next.
    Add the user to a user group
    1. Click Add to user group.
    2. Select the groups that you want to add the user to.

      The user inherits the permissions from each group they are added to.

    3. Click Next.
  8. Review the summary and click Add.
  9. If you are not connected to an LDAP server or SAML IDP, copy the temporary password that you specified and send an email to the user with their username and temporary password.