Versions Compared

Old Version 42

changes.mady.by.user Michal Husták

Saved on

compared with

New Version Current

changes.mady.by.user Michal Husták

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Intro

User management is key functionality of TDS portal. You can effectively manage permissions for servers, applications and SaaS in unified way through portal.


What do you want to do?

Add permissions for user

Manage user

image-2023-11-13_16-1-42.pngSomething else



If you need just access to Jira/Confluence/GitLab/ ....

  • Please ask your Team leads who are usually Admins of Portal workspaces, Jira projects, confluence spaces - they are responsible for user management
  • This speed up the whole process, because TDS team has to ask owner who can access the service.
  • If the workspace admin is not sure, what to do, please send him them this manual
  • If you are not sure who is admin, please raise a ticket in TDS Portal


If you are admin or owner of Jira/Confluence/ Gilab/ ...

Add permissions for user

Organization

Expand

Organization usually represents the whole company, organizational unit or department. Organization is usually split between multiple smaller teams with some being able to manage the whole organization.

Default role (assigned to every new organization member) can be configured.

ReaderUserAdminOwnerBillingMembersList membersInvite new memberUpdate members1Delete members1Manage invitationsWorkspaceList workspaces you are part ofCreate workspace BillingView billing informationOtherConfigure organization

1 As organization Admin, you can't update and delete members with Owner role

Workspace

Workspace contains people who share resources (servers, applications, Jira project...) to effectively collaborate together.

Default role (assigned to every new workspace member) can be configured.

ReaderUserAdminOwnerBillingView WorkspaceSaaSList SaaSCreate/delete SaaSView SaaS detailList SaaS usersManipulate SaaS membersApplications

List applications

View application detailCreate/delete applicationServersList serversView server detailList backupsList server usageList server logsList server usersCreate/delete serverChange server stateChange server capacityEnable/disable backupsManipulate server membersMembersView workspace usersManipulate workspace users1Add workspace usersInvite workspace usersChange default roleService accountsManage service accountsList service accountsCloud ResourcesRequest resourcesDisable resourcesView resourcesView usageView logsView storageView firewall groups/rulesEdit firewall groups/rulesBillingView billing information

1 As workspace Admin, you can't update and delete members with Owner role

SaaS

SaaS is standalone componentsuch as Jira project, git repository or Confluence space used by single workspace.

Specific permissions for each role vary between SaaS types. Tables for each SaaS are collapsed below.

ReaderUserAdminRead accessRead-write accessManagement permissionsJira project Expand
titleShow table
ReaderUserAdminView issuesComment issuesEdit issuesTransition issuesEdit own commentsManage issuesManage versions

Manage components

Manage workflows

Confluence project

Expand
titleShow table
ReaderUserAdminView pagesComment pagesEdit pagesMove pagesEdit own commentsManage pagesManage templatesDelete all comments

Gitlab repository

Expand
titleShow table
  • If yo want to add user to SaaS service - the first the user account must be member of the workspace and TDS portal
  • To add user to the Workspace
    • In your Workspace click on Members (left side) → Add member
    • If user haven't got account in TDS portal → Invite member 
    • If user have got account → Add member
    • Check user workspace roles for the new member
  • To add user to the SaaS 
    • choose you SaaS → Members → Add member
    • Member must exists in your workspace
    • Check user SaaS roles
ReaderUserAdminView codeCommit codeCreate merge requestCommit merge request

Artifactory repository

Expand
titleShow table
ReaderUserAdminRead repository dataWrite into repositoryManage repository

SeedDMS folder

Expand
titleShow table
ReaderUserAdminRead folder dataWrite into folderManage folder

Subversion project

Expand
titleShow table
ReaderUserView codeCommit code

Bitbucket repository

Expand
titleShow table
ReaderUserAdminRead repository dataRead-write accessManage repository

Add all workspace users

You can give all workspace members the default membership in SaaS. On SaaS Members page, click Add member button and choose Add all workspace members.

Application

Not all applications support permission management. It is enabled and managed upon request by TDS support team.

Specific permissions for each role vary between SaaS types as not every application contains logical counterpart to portal role.

RoleMembersPermissionsReader
  • All members of SaaS deployed on this application
  • Login to application
User
  • Some members of SaaS deployed on this application based on their permissions
  • All Reader permissions
Administrator
  • Customer administrators
  • All User permissions
  • Manage application
  • Manage SaaS deployed to this application

Server

Server permissions give you ability to access and manage server. You need to add your public SSH key to portal.

UserAdminOwnerServer accessAccess serverAdmin access to serverServer managementManage server users1Change server stateEnable/disable backupsChange server capacityDelete server

1 As server Admin, you can't update and delete members with Owner role

Manage user

Signup

There are multiple ways to create new account in portal:

  • Single sign-on (SSO) 1
    • If your organization supports SSO, you can create account by clicking SSO button on portal login screen. You will be automatically authenticated in all TDS Services.
  • Self-invitation 1
    • Click Create new TDS account link and input your email. Depending on your organization settings your email might need to be registered in TDS Portal user source prior to account creation.
  • Accept invitation 1
    • If you receive invitation to join TDS portal, follow link in email and create account.
  • Automatically by your organization
    • You will receive welcome email from Portal. If your organization doesn't support SSO, you need to reset your password before first login.
Anchorsignup1signup1

1 Not available for all portals

Reset password

Note

If you use SSO to login to portal, this will not change your SSO password. You will be able to login with this password only into TDS portal and applications.

There are two ways how to reset your password:

  • On login screen, click Forgot your TDS password? Reset it here link. You will receive email with link to reset your password.
  • On user profile, click Change password button. You will be prompted to input your old and new password.

Invite users

If you want to add users into your organization or workspace that are not yet part of the portal, you can invite the users from Members screen on both organization and workspace.

Click Add member button and choose Invite new member. You can input multiple emails of people you want to invite. Users found in user directories connected to portal will be added automatically, others will be invited to join the portal 1.

User invitations expire after 3 days. You can prolong the expiration date or delete the invitation on the Invitations screen in organization or workspace.

Anchorinvite1invite1

1 Not available for all portal

Add SSH key

SSH keys are used in portal to access servers. it's not possible to add server membership to users without SSH key.

How to generate key link.

Once you have your SHH key pair generated, go to your user profile and input public part of your key into Public SSH key field in Security management section.

Update user information

If you need to update your user information such as name or email, contact TDS support.

Other

User profile

You access your profile by clicking the icon in upper right corner and choosing Profile from dropdown menu.

User manual contains three section:

  • Profile management: Here you can browse basic information about your account and export it in PDF or vCard format. You can also update SSH key, switch multi-factor authentication (MFA), reset your OTP token or password.
  • SaaS: Here you can see what information are TDS applications storing regarding your account.
  • Structure: Here you can see your role assignments across the whole TDS tool chain.

Manage all assets for user

You can access permissions management screen from any Members screen by clicking action menu next to your user row and choosing Show memberships.

You can manage all your SaaS, Servers and workspace roles from the screen. By clicking the hamburger menu next to search bar you can set roles in bulk for all workspace servers or all SaaS in application.

Manage service accounts

You can create service account in portal and add memberships to the account. This may come handy when doing automation.

Service accounts are being created in Service accounts section in workspace. Service account can become member of other workspaces but can be managed only by administrators of workspace it was created in. Service account is also automatically deleted when its management workspace is deleted unless it is being changed in advance.

Read more about service accounts in the article.

The recommendation for Tietoevry users

User management and granted access rights must comply with Security rule and Information Classification Rule. Carefully consider what information should be shared and with whom. Follow the rule “need to share”. Restrict access to authorized individuals for specific business purposes and choose the role carefully.

Recommendations and changes are warmly welcomed.