Create and manage users

Edit online

Add users to your organization to give them access to Aspera on Cloud functions and content.

Note: For details on the various user roles and privileges, see this article.
Important: If a workspace manager attempts to create a user who is already a member of the organization, they may receive the following message: Encountered error trying to process the full operation. Please check the new users and verify all memberships and settings. This error typically occurs when the user you are trying to add is already part of the organization. To resolve this, review the user’s existing memberships and confirm their settings before attempting to add them again. For more information, refer to the Manage workspace memberships and roles section.

When you create a new user in Aspera on Cloud, you can configure the following for that user:

  • Email address
  • Identity provider for login
  • Workspace membership
  • Group membership and role
  • Optional Aspera on Cloud administrator privileges
  • Optional transfer service administrator privileges (requires Aspera on Cloud administrator privileges)
Note:

A user must be a member of a workspace to use the Files and Packages applications; see Create a new workspace for a procedure.

To create a new user in your Aspera on Cloud application, do the following:

  1. Go to Users > Create new.
  2. In the Email field, enter one or more user email addresses; these become the user login names.
  3. Select the identity provider (IdP) that the new user should use to log in to Aspera on Cloud.
    • The menu contains the identity providers configured for this organization in Admin > Authentication. If you don't see the IdP you expect, configure it for your organization in that location.
    • If you select IBMid, Aspera on Cloud sends the new user an email invitation to join the organization. The email contains a link that allows them to create an account and log in.
    • To allow users to log in through one SAML provider only, select that specific SAML provider.
    • To allow your users to login through multiple SAML providers, set the Authentication type to Any identity provider.
    • Unless you select Any identity provider, the user must log in using the identity provider you select.
    • If you select Any identity provider, the user can log in using any configured authentication method for which they have valid credentials.
  4. To make this user a member of a workspace (required to use the Files and Packages apps), click Add to workspaces.
    1. Enter the workspace name.
    2. To set the user's role in that workspace, select Member or Manager.
    3. Click Add.
  5. To make this user a member of a group, click Add to groups. This user will inherit the memberships and privileges assigned to this group.
    1. Enter the name of one or more groups.
    2. Click Add.
  6. To give this user transfer service administrator privileges in the Aspera on Cloud organization, select the check box labeled Transfer service admin. This privilege includes organization admin privileges.
    Note:

    You must be a transfer service administrator to see this setting and to grant this privilege to another user.

  7. To give this user administrator privileges in the Aspera on Cloud organization, select Organization admin.
  8. Click Create user.

Update a user record

Edit online

You can update a user's email address directly in AoC only if the user logs in to AoC directly, rather than through an external authentication system or identity provider like IBMid or a SAML system.

For a user who logs in through an external system, you must change the user's name and email address in the external system. However, even after the update in the external system, the user must continue to log in to AoC using their original email address. AoC sends email notifications to the new email address.

You can make the following changes to an existing user record:

  • Upload a profile photo (click Upload to open your Finder or Explorer). Individual users can open their Account settings to upload their own photo.
  • Enter the user's public key for use with an API client. Individual users can open their Account settings to update their own public key.
  • Update the identity provider this user can use to log in to Aspera on Cloud.
    • If this user was assigned an IdP that has since become unavailable, the authentication type for this user shows as "Deleted." You must assign an available IdP for this user.
  • Assign or remove workspace or group memberships.
  • Assign or remove administrator privileges.
  • If the user has never logged in ('pending' status), click Re-invite to send a new email invitation.
  • Click Deactivate to prevent a user from logging in without deleting their account. A deactivated user cannot log in or run API requests. Click Reactivate to reactivate a deactivated user account. For related information, see Manage inactive users.
  • Click Delete to remove the user account entirely from the user listing. Usage incurred by users who are later deleted remains recorded in the Activity app, although you cannot filter for activity by a deleted user. Folders shared by a user remain available even after the user is deleted. But a submission link issued by a user becomes invalid when that user is deleted.
    Note: When you delete a user, you do not delete the user's packages, files, or folders. To browse, share, or delete a user's content, see Managing storage usage.