Quick Start: Creating a User Account in an OU¶
This section describes how to create an individual user and grant policies.
Prerequisites¶
You must have OU admin access rights.
Note
When a user have multiple accounts and one of them is an admin account, we recommend that the user perform the identity and access management operations through the admin account.
For more information, seeApplying for an Account and Initializing the OU。
About This Task¶
Prerequisites¶
This task has the following assumptions:
The organization that the user belongs to already exist.
The role of the user does not have a corresponding user group created on EnOS.
The user will be created within its organization.
The following major steps are involved.
Define user roles and design proper access policies for different roles. The IoT Engineer role, for example, is typically responsible for the operations below:
Connect devices to EnOS Cloud, including cloud-end configurations such as creating products, provisioning devices, and testing communication.
On-site installation of edge devices and connect cables from devices to the edge gateway.
To perform the above operations, this role would need access to the following resources:
Device Connection related configuration
Edge Gateway configuration
Create a user group to centrally manage access permissions for each specific user role.
Create a single user account or batch create users.
Create a single user: Create a user and add the account into the user group corresponding to the role.
Create batch users: Download the user import template to your local directory, fill in the basic information, and allocate the policy and user component to users through template bulk import, or modify the configuration through user authorization details after import.
Assign additional access policies for the user if needed (optional).
Step 1: Create a Policy¶
In the EnOS Management Console, click IAM > Policy from the left navigation menu.
Click New Policy.
Enter the policy name and click Next.
In the Grant Permission page, you can select the services to grant the permissions to. After creating the policy, the user assigned with this policy will only see and access the service(s) that has been selected in this step.
Click Save to create the policy.
Step 2: Create a User Group¶
In this step, you will create a user group for the role, and associate the policy that you created in Step 1, which defines the permissions for the user role, to the user group.
In the EnOS Management Console, click IAM > User Group from the left navigation menu.
In the Group page, click New Group.
Enter a group name that represents the role that you defined and click Next.
Click Next to go to the Grant Permissions step.
Click Assign Policies to assign policies for this group.
Click Save.
For more information about user group management, see Creating and Managing User Groups.
Step 3: Create a User and Add User into Group¶
In this step, you will create the user in the organization, and add the user into the user group that you created in Step 2. This user will then inherit all permissions that are defined by the policies associated to the user group.
You can create single user or in batch importing them.
Method 1: Create a Single User¶
In the EnOS Management Console, click IAM > User from the left navigation menu.
In the Internal User tab, click New User and provide the necessary information, including:
Send By
other safety way: send the password via other secure offline approaches.
phone: send the password via messaging to the registered mobile phone number.
email: send the password via email to the registered email address.
Password: you can set the initial password, or you can click the key icon to let the system auto-generate the password for the account.
Click Next to go to the Grant Policies page.
In the Add User to Groups tab, click Add User to Group.
In the pop-up window, select the groups that the user belongs to and click Save.
Click Save to create the user.
Method 2: Import Users¶
In the EnOS Management Console, click IAM > User from the left navigation menu.
In the Internal User tab, click Import User.
As per the instructions, download the Import Template, and fill the local template file with the User Name, Send Password Method, Mobile Number, Email, as well as the optional information such as Policy and User Group.
User Name: The user name.
Send Password Method: Mobile or Email, the user password will be automatically generated by the system and sent to the user through the selected method.
Mobile Number: If you choose Send Password Method by Mobile, this is required. The format of the phone number is: country code - phone number, e.g. 65-XXXXXXXX.
Email: If you choose to send your password as Email, this is required.
Policy: Optional. Fill in the permission policy that has been granted for the user, that is, the name of the authority, for example, Administrator / EAP administrator / custom authority.
User Group: Optional. Fill in the user group name for the user.
Click Upload.
Note
You can assign policies and user groups to the users via the template or assign them after importing.
For more information, see Creating and Managing Users.
(Optional) Step 4: Add Additional Policies¶
If the policies inherited from the user groups are not sufficient, you can add additional policies for the user.
In the EnOS Management Console, click IAM > Users from the left navigation menu.
Click the authorize icon .
In the Polices tab, click Assign Policies .
In the pop-up window, select the policies to assign to this user and click Save.
Click Save to confirm the change.
What to Do Next¶
The user will receive an account creation notification through the channel as specified in Step 3. The user can then log in to the EnOS Management Console with the account information and verify the access rights.