Creating and using additional tenants after installing Guardium Insights

When you install GuardiumĀ® Insights, one tenant is created. Should you need additional tenants, follow the instructions in this topic for creating them.

Before you begin

The commands that are cited in this topic utilize an authorization header (in the commands, this header is denoted by <auth_header>). This header must be generated before issuing the commands. To generate the authorization header, run this command on a Mac or Linux machine:
echo -n <ICS admin user id>:<ICS admin user password> | base64
The result will be a base64-encoded string with the admin user ID and password. Use this string in place of <auth_header> in the below commands.

Procedure

  1. Issue this command for every tenant that you want to create:
    curl -k -X POST "https://<host>/api/v3/tenants" -H "accept: application/json" -H "authorization: Basic <auth_header>" -H "Content-Type: application/json" -d "
{ \"name\": \"<user name>\", \"uid\": \"<ICS admin user id>\"}

"
    Note: For some cloud environments (for example, AWS), there may be an API timeout when creating the tenant. If this happens, you will see a response similar to curl: (52) Empty reply from server. In this case, the response can be ignored - and the tenant will be created. To see the created tenant, follow the below instructions for listing tenants.

    To avoid seeing this message, you can choose to call the API in asynchronous mode:

    curl -k -X POST "https://<host>/api/v3/tenants" -H "accept: application/json" -H "authorization: Basic <auth_header>" -H "Content-Type: application/json" -d "
{ \"name\": \"<user name>\", \"uid\": \"<ICS admin user id>\", \"async\":true}

"

    The API will respond immediately, but you will need to list the tenants and wait for is_ready to become true before you can use the tenant.

  2. After creating all of the tenants that you need, issue this command to retrieve the list of tenants:
    curl -k -X GET "https://<host>/api/v3/tenants" -H "accept: application/json" -H "authorization: Basic <auth_header>" -H "Content-Type: application/json"
  3. To delete a tenant:
    1. To retrieve the JSON Web Token (JWT) for the tenant that you want to delete, issue this command:
      curl -k -X POST "https://<host>/api/v3/authorization" -H "accept: application/json" -H "authorization: Basic <auth_header>" -H "Content-Type: application/json" -d "
{ \"tenant_id\": \"<tenantID>\"}

"
    2. After issuing the above command, you should see this message:
      {"jwt":"<jwt>"}
    3. To delete the tenant, issue this command:
      curl -k -X DELETE "https://<host>/api/v3/tenants/<tenantID>?is_permanent_delete=true" -H "accept: application/json" -H "authorization: <jwt>" -H "Content-Type: application/json"

      Where tenantID is the ID of the tenant that you want to delete - and <jwt> is the JWT that you retrieved above.

  4. Switching between tenants: After logging in to the Guardium Insights user interface, click your user icon in the top right corner. When you click this icon, you can also see your tenant ID (your tenant ID is an alphanumeric identifier that begins with TNT_). Click the down arrow to see your other tenants - and select the one that you want to switch to.