Tenants

The Tenant Administration page provides an administrator the ability to create, modify, and/or delete tenants using a simple user interface.

From the left navigation bar, click Administer and select Tenants.Tenant Admin

Tenants

The left panel contains the list of tenants. For example, SevOne, Europa, and Pandora as shown in the screenshot above. Pagination is available to allow you to page through the list of tenants. Also, it has the capability to search the tenants from the tenant list.

Tenant Details

Use this section to create a new tenant or modify an existing one.

Associated Teams

To associate a team to a tenant, click Manage Teams button.

Modify Tenant

To modify a tenant, select a tenant from the left panel and modify the field(s) or logo(s). Click Save to update the tenant details.

Create a Tenant

If a tenant in the left panel is not selected, you are by default in create tenant screen. Or, click Create Tenant to create a new tenant. Perform the following steps to create a new tenant.

  1. In the Tenant Name field, enter the tenant's name.
  2. In the Tenant Display Name field, enter the tenant's display name.
  3. In the Logout URL field, enter the URL to be redirected to on logout. This field is optional.
  4. In the Tenant NMS Role ID field, enter the NMS Role ID.
    Important: To assign a specific user role for a tenant, any NMS Role ID >= 2 is allowed and can be set using the Graphical User Interface.

    NMS Role ID 0 is invalid and cannot be used.

    NMS Role ID 1 should not be used as it is a special role in SevOne NMS.

    NMS Role ID cannot be set to NULL in the current version using the Graphical User Interface, however it can be set from GraphQL.

    When creating a new tenant, if NMS Role ID is not set, it is automatically set to NULL. This means that each user on Authentication Source of the tenant can log into that tenant from SevOne Data Insight. However, if a user role is set to a specific value and you want to change it to NULL, then this can only be done from GraphQL.

    1. Using ssh , log into SevOne Data Insight as sevone .

      $ ssh sevone@<SevOne Data Insight IP address or hostname>
    2. Execute the following GraphQL command. Example: NMS Role ID = 1 and tenant configuration is not updated

      $ kubectl exec -it deployment/di-graphql -- npm run reconfig-tenant
      
      > insight-server@6.8.0 reconfig-tenant /opt/insight-server
      > NODE_PATH=./dist/libs node dist/scripts/database-init/reconfigure-tenant.js
      
      This system is configured with more than one tenant.
      [1] SevOne
      [2] Europa
      [3] Pandora
      [0] CANCEL
      
      Select the tenant to reconfigure. [1...3 / 0]: 2
      Current tenant config:
        Name:   Europa
        Role ID: 1
        Use alternate name: no
      
      Update tenant config? [y/n]: n
      
      Authsource config:
        Name:      SevOne
      
      Tenant is configured with 1 datasource(s) including the authsource
      
      Update datasource(s)? [y/n]: n
      Add datasource to Europa? [y/n]: n
      Tenant reconfiguration complete.

      Example: NMS Role ID changed to NULL and tenant configuration is updated

      $ kubectl exec -it deployment/di-graphql -- npm run reconfig-tenant
      
      > insight-server@6.8.0 reconfig-tenant /opt/insight-server
      > NODE_PATH=./dist/libs node dist/scripts/database-init/reconfigure-tenant.js
      
      This system is configured with more than one tenant.
      [1] SevOne
      [2] Europa
      [3] Pandora
      [0] CANCEL
      
      Select the tenant to reconfigure. [1...3, 0]: 2
      
      Current tenant config:
        Name:   Europa
        Role ID: 1
        Use alternate name: no
      
      Update tenant config? [y/n]: y
      Tenant name [Europa]:
      Tenant role ID [1]("-" for null): -
      Use alternate name mode [y/N]: n
      
      New tenant config:
        Name:   Europa
        Role ID: null
        Use alternate name: no
      
      Is this config correct? [y/n]: y
      
      info: [SevOne@Europa] SOA request (SOA-1) post https://10.129.14.35/api/v3/users
      (node:241) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
      (Use `node --trace-warnings ...` to show where the warning was created)
      error: Error fetching users from the NMS: AccessDeniedError: Access is denied.
          at translateError (/opt/insight-server/dist/libs/local/integration/soa.js:227:24)
          at /opt/insight-server/dist/libs/local/integration/soa.js:309:19
          at Generator.throw (<anonymous>)
          at rejected (/opt/insight-server/dist/libs/local/integration/soa.js:6:65)
          at processTicksAndRejections (internal/process/task_queues.js:93:5)
      
      Tenant config updated!
      
      Authsource config:
        Name:      SevOne
      
      Tenant is configured with 1 datasource(s) including the authsource
      
      Update datasource(s)? [y/n]: n
      Add datasource to Europa? [y/n]: n
      Tenant reconfiguration complete.
    Note: Please refer to section User Role / Role ID in SevOne NMS below for details on how to create a user role, create a user and assign the user role to it, and create the NMS Role ID from SevOne NMS.
  5. To Use Alternate Names, toggle the switch to turn it on.
  6. Click the Authentication Source drop-down to select an authentication source from the list available.
  7. Drag a new logo file or click in the box to select a file from your computer. Click Upload Logo to upload a new tenant logo. You can add one or more logos.
    Note: The image can be no larger than 1.5MB.

    Example

    Tenant Admin
  8. In the example above, you can see that two logos (Logo icon and Logo icon have been added to tenant Europa and logo Logo icon has been assigned to it.
    1. Select one or more of the existing logos and click Delete to delete it.
    2. Click the check box under Expanded column to choose the logo (under the Logo column) for the tenant when the side navigation is expanded.
    3. Click the check box under Collapsed column to choose the logo (under the Logo column) for the tenant when the side navigation is collapsed.
  9. Configure Data Sources and Themes as shown in section Data Sources / Themes.
  10. Click Save as button to create a new tenant with the name specified in field Tenant Name.

Data Sources / Themes

Datasources

  1. Select one or more data sources from Available Data Sources list.
  2. Click Right Arrow to move the selected data sources to Active Data Sources list.
  3. To remove the data sources from Active Data Sources, select the data sources and click Left Arrow to move them back to Available Data Sources.
    Note: Search Available Data Sources... and Search Active Data Sources... fields provides the administrator the ability to search the data sources from available and active lists respectively.
  4. To modify a data source under Active Data Sources , click the Edit button for the data source to be modified. A modal pop-up allows you to select a Namespace, Attribute name, and attribute Value.
    Tenant Admin Data Source

    Enter the required fields and click Plus buton button to add the new filter to the current list of filters.

    Note: This allows you to select the metadata to be filtered on. By doing this, you will only see the objects assigned to the tenant's metadata that is selected.

    SevOne NMS is the data source (a SevOne NMS appliance or cluster) from where SevOne Data Insight gets the data. For details on how to view this information from SevOne NMS, please see:

    • SevOne NMS System Administration Guide > section Metadata Schema

    • SevOne NMS User Guide > for objects, see section Object Manager > sub-section Manage Metadata Values

    Please see Metadata Quick Start Guide (a SevOne NMS guide) for details on how to add a Metadata Namespace and Attribute.

  5. Once the filters have been added, click OK to save the newly configured tenant.

Themes

  1. Select one or more custom themes from Available Custom Themes list.
  2. Click Right Arrow to move the selected themes to Active Custom Themes list.
  3. To remove the themes from Active Custom Themes, select the themes and click Left Arrow to move them back to Available Custom Themes.
    Note: Search Available Custom Themes... and Search Active Custom Themes... fields provides the administrator the ability to search the custom tenants from available and active lists respectively.
  4. To create a new theme, click the Create New Theme button. For details, please refer to section Themes.

Buttons

Delete

  1. Select one or more tenants from the left panel.
  2. Delete button is now available.
  3. Click the Delete button to delete the selected tenant(s).

Duplicate

  1. Select a tenant from the left panel.
  2. Duplicate button is now available.
  3. Click the Duplicate button to duplicate the selected tenant.

Restore

Click the Restore button to revert all the changes made.

Save / Save as

When done with creating a new tenant or modifying an existing one, click Save to save the existing tenant or Save > Save As to save the new tenant. The Save / Save As button is available from the upper-right corner. The new tenant will appear in the left panel.

User Role / Role ID in SevOne NMS

Create a User Role

  1. Navigate to the appropriate URL in your browser to access the SevOne NMS appliance Login page and log in as admin.
  2. To create a role, from the navigation bar, go to Administration, click on Access Configuration, and select User Role Manager.
    User Role Manager
  3. Click on + Add Role in the upper-left corner and it opens a popup window. Enter values in Parent, Name, and Description fields.

    Example: Add Role

    Add Role
  4. Click on Save.

Create a User & Assign User Role

  1. To create a user, from the navigation bar, go to Administration, click on Access Configuration, and select User Manager.
    User Manager
  2. Click on + Add User in the upper-left corner and it opens a popup window. Enter values in fields under User Information, Credentials, and Role Assignments (choose one from the list that already exists) sections.

    Example: Add User

    Add User
  3. Now, authorize the User Role created. From the navigation bar, go to Administration, click on Access Configuration, and select User Role Manager.
  4. From the Left pane, select the User Role created. For example, nms_role1 as shown in the example above.
  5. In the Right pane, you will see the following tabs.
    1. Permissions
      Provides the list of entities that the user can have access to. For example, Device Manager, Discovery Management, Device Group Manager, Object Manager, etc. Toggle to enable the entities that you would like the selected role (for example, nms_role1) to have. Now, the user who is logged in with user role lets say, nms_role1, will only have permissions to the entities enabled for this role. In the example below, user role nms_role1 only has permissions to entities Device Manager and Object Manager as these are the only two that are enabled.

      Example

      Permissions
      Note: It is recommended to enable all the permissions if you are unsure about which permissions to provide.
    2. Devices and Device Groups Access
      Allows you to view all the Devices and Device Groups in a tree hierarchy. It allows you to set the permissions individually to each device/device group in the tree. Each entity has the following four permissions that you can set by enabling it.
      • Group View - provides read permission to the Device Group
      • Group Edit - provides read/write permissions to the Device Group
      • Device View - provides read permission to the Devices in the Device Group
      • Device Edit - provides read/write permissions to the Devices in the Device Group
        Device & Device Group
    3. Users and User Roles Access
      Allows you to view the list of all user roles in the Left pane along with the permissions set for each in the Right pane. Each user role has the following four permissions that you can set by enabling it.
      • Role View - provides read permission to the selected user role
      • Role Edit - provides read/write permissions to the selected user role
      • User View - likely for Users only
      • User Edit - likely for Users only
        Note: It is recommended to enable Role View and User View for its respective access.

        Example

        User & User Roles
  6. Click on Save.
    Note: For more information on creating user roles and assigning users to user roles, see the User Role Manager topic in the SevOne NMS System Administration Guide. Role ID can be obtained using REST API's swaggerUI. For details, please refer to section Obtain User Role ID below.

Obtain User Role ID

Perform the steps below to complete the provisioning process without providing a SevOne NMS password. First, you will need to sign in to the REST API for your SevOne NMS cluster or appliance. Perform the following actions.

  1. Go to the SevOne API Documentation page at http:///api/docs/. Replace with the hostname or IP address of your SevOne NMS appliance.
  2. Click on Authentication.
  3. Under Authentication, click on POST.
  4. Under Parameters, all the way to the right, locate the Model Schema field. Click on the field to copy its content to the user field.
  5. On the left side of the Parameters section, you will notice that the content now appears in the user field. Perform the following actions in the user field:
    1. After "name":, replace string with a SevOne NMS user name. Make sure to enter it within the quotes.
    2. After "password":, replace string with the corresponding SevOne NMS password. Make sure to enter it within the quotes.
      API - 1
  6. At the bottom of the POST section, click the Try it out! button.
  7. Scroll down to the Response Body field. You should see a long alphanumeric string after "token". This is the API key that you need to sign in. Copy it without the quotes.
    API Response Body
  8. In the upper-right corner of the SevOne API Documentation page, locate the Explore Api Keys... field. Paste the token into this field. You should now have permissions to perform operations.
    Important: Sign-out is required after the API Key from /api/v3/users/apikey endpoint is retrieved.

To get the User Role ID, go toward the bottom of the page, click on Users.

  1. Click on GET /api/v2/users/myroles.
  2. Click the Try it out! button.
  3. The Response Body field displays the user roles assigned to the current user.
    Role ID

    Locate the user role that the user is assigned.

    The user role name appears in field name. For example, System Administrators, Administrators.

    Field id contains the user role ID. For example, 2, 3. This is the NMS Role ID.