Managing users

As an administrator, you are responsible for determining and implementing the best approach for authenticating and managing users.

Identity provider connections

User records are stored in an internal repository database. However, you are recommended to use an enterprise-grade password management solution through identity provider connection, such as an LDAP server for password management. To connect to an identity provider, use the Identity Management (IM) service. You can open the IM service from the User management page, by clicking Configure identity provider. For more information about connecting to an LDAP provider with the IM service, see Identity Management in the IBM Cloud Pak foundational services documentation.

If you configure an identity provider connection to an LDAP server, ensure that you grant administrator privileges to a user in your LDAP server.

User management

An administrator can manage the permissions that users and groups have on the platform. However, users might need more permissions.

A user can have multiple roles. The roles can be assigned directly to a user or can be assigned to the user through a user group. If a user has multiple roles, the user has all of the permissions from all of the roles that are assigned to them.

  • You can see all of the roles (and permissions) that a user has from the user's profile page, which you can access from the User management page, on the Users tab.
  • If you update a user's role or their group membership and the user is logged in, the user must log out and log back in for the changes to take effect. If the user does not log out, their session will be refreshed after the session times out.

Before you add users to the platform, consider the following questions:

  • Do you want to use an LDAP server to manage users' passwords?
  • Do you want to use an LDAP server to manage access to the platform?
  • Do you want to use user groups to manage users with similar access requirements?
  • Do you want to be able to add all of the users in an LDAP group to a user group?
  • Do the default roles meet your business requirements?

View the appropriate topic for more information about managing users: