Managing access to the web client

When you add a user to the platform, a user profile (or record) is created for the user.

You can add users to the platform in the following ways:

  • You can give individual users access to the platform by manually creating a user profile.
  • You can give individual LDAP users access to the platform by adding them to a user group. When you add an LDAP user to a user group, the platform automatically creates a profile for the LDAP user.
  • You can give all of the members of an LDAP group access to the platform by adding the LDAP group to a user group. When you add the LDAP group to a user group, the platform automatically creates a profile for each LDAP user in the group. (The platform skips this step for any members of the group who already have a user profile on the platform.)

Before you begin

Required permissions
To manage access to the web client, you must have one of the following permissions:
  • Administer platform
  • Manage users

About this task

You can create and edit user profiles from the Users tab of the User management page.

Procedure

To give users access to the web client:

  1. Log in to Cloud Pak for Data
  2. From the navigation menu, select Administration > User management.
  3. Open the Users tab.
  4. Click New user.
  5. Specify the appropriate information for your environment:
    Environment Information to specify
    Connected to an LDAP server
    • The user's full name

      Ensure that you enter the user's given name and surname as they are specified in the LDAP server.

    • The username that the user will authenticate with

      The appropriate value depends on the attribute that you specified for the User search field in the LDAP configuration.

    • The user's email address

      Ensure that you enter the user's email address as it is specified in the LDAP server.
    Connected to a SAML identity provider
    • The user's full name
    • The username that the user will authenticate with

      The appropriate value depends on the attribute that you specified for the fieldToAuthenticate in the SAML SSO configuration.

    • The user's email address
    Not connected to an LDAP server
    • The user's full name
    • The username that the user will authenticate with
    • The user's email address
    • A temporary password for the user
  6. Select the roles that you want to assign to the user.
  7. Click Create.
  8. If you are not connected to an LDAP server or SAML IDP, copy the temporary password that is displayed and send an email to the user with their user name and temporary password.