Managing users

The table of users is displayed in the Users section. Information about users is displayed in the following columns of the table:

• Name is the user name.
• Tenant is the tenant to which the user is assigned.
• Role is the role of the user:
  • Administrator
  • Tenant
• Source is the type of the user:
  • Local is a local user.
  • LDAP is an LDAP user.
• Groups is the group of the user.
• State is the status of the user:
  • Online
  • Offline
  • Blocked
• Two-factor authentication is the two-factor authentication status of the user:
  • Enabled means two-factor authentication is enabled for the user.
  • Disabled means two-factor authentication is disabled for the user.
  • Reinitialization means repeated two-factor authentication is performed for the user.

The actions that you can perform with the table are described in the Managing solution component tables instructions.

Creating a user

You can create local and LDAP users. Credentials of local users are stored in the orchestrator database. LDAP user credentials are stored on the remote server. If you want LDAP users to be able to log in to the orchestrator web interface using their credentials, you must first create an LDAP connection that the orchestrator uses to connect to the remote server, and then create your LDAP users or LDAP user groups.

To create a user:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Click + User.
3. In the displayed settings area, in the Source drop-down list, select the user type:
   • Local. Default value. If this value is selected in the Password and Password confirmation fields, enter the password of the user. The password must contain at least one uppercase Latin letter (A–Z), one lowercase letter (a–z), one numeral, and one special character. Password length: 8 to 50 characters. To see the entered password, you can click the show icon .
   • LDAP
4. In the Username field, enter the user name of the user. The remote server user name is specified in the user@domain or domain\user format.
5. In the Role drop-down list, select the role of the user:
   • Administrator
   • Tenant
6. If you want to enable two-factor authentication for the user, select the Two-step authentication check box. This check box is cleared by default. The user must complete two-factor authentication the next time the user logs in to the orchestrator web interface.

   You cannot enable two-factor authentication for an individual user if two-factor authentication is disabled for all users.

7. If you want to assign an access permission to a user, in the Permissions drop-down list, select the created access permission. By default, the user gets the Full access permission, which grants full access to the orchestrator web interface.
8. If you want to create a confirmation request every time the user performs an action, select the Request confirmation is required check box. By default, the check box is cleared and the user can perform actions without confirmation.
9. In the First name field, enter the first name of the employee.
10. In the Last name field, enter the last name of the employee.
11. If necessary, enter additional information about the user:
    1. In the Email field, enter the email address.
    2. In the Description field, enter a brief description of the user.
12. Click Create.

The user is created and displayed in the table. By default, the user is blocked.

You must unblock the user to grant that user access to the orchestrator web interface.

Activating or blocking a user

By default, created users are blocked. You must unblock the user to grant that user access to the orchestrator web interface.

To block or unblock a user:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Click the user that you want to unblock or block.
3. In the upper part of the displayed settings area, click Management → Unblock or Block.

The user is unblocked or blocked.

Editing a user

You cannot change the type and user name of the user. Separate instructions are given for changing the password of a local user.

To edit a user:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Click the user that you want to edit.
3. In the displayed settings area, edit the following user settings, if necessary: For a description of the settings, see the instructions for creating a user.
4. Click Save.

The user is modified and updated in the table.

Changing the password of a local user

LDAP user passwords are stored on remote servers and cannot be changed in the orchestrator web interface.

To change the password of a local user:

1. Proceed to change the local user password:
   • If you have the platform administrator role and want to change the password of the created local user, go to the Users menu section, click the local user, and click Management → Change password.
   • If you have the tenant role and want to change your own password, in the lower part of the menu click the settings icon → Change password.
2. This opens a window; type the new password in the New password and Password confirmation text boxes. The password must contain at least one uppercase Latin letter (A–Z), one lowercase letter (a–z), one numeral, and one special character. Password length: 8 to 50 characters. To see the entered password, you can click the show icon .
3. Click Save.

The password of the local user is changed.

Repeated two-factor authentication of a user

You can have the user repeat the authentication if that user has lost access to the unique code for logging in to the orchestrator web interface that was generated as a result of the previous two-factor authentication.

To repeat user authentication:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Click the user that you want to re-authenticate with two-factor authentication.
3. In the upper part of the displayed settings area, click Management → Reinitialize two-step authentication.

The user must complete two-factor authentication the next time the user logs in to the orchestrator web interface.

Deleting a user

Deleted users cannot be restored.

To delete a user:

1. In the menu, go to the Users section.

   The user management page is displayed. The Users tab, which is selected by default, displays the table of users.

2. Click the user that you want to delete.
3. In the upper part of the displayed settings area, click Management → Delete.
4. In the confirmation window, click Delete.

The user is deleted and is no longer displayed in the table.