Intro
User management is key functionality of TDS portal. You can effectively manage permissions for servers, applications and SaaS in unified way through portal.
What do you want to do?
Add permissions for user
Organization
Organization usually represents the whole company, organizational unit or department. Organization is usually split between multiple smaller teams with some being able to manage the whole organization.
Default role (assigned to every new organization member) can be configured.
Reader | User | Admin | Owner | Billing | |
---|---|---|---|---|---|
Members | |||||
List members | |||||
Invite new member | |||||
Update members | 1 | ||||
Delete members | 1 | ||||
Manage invitations | |||||
Workspace | |||||
List workspaces you are part of | |||||
Create workspace | |||||
Billing | |||||
View billing information | |||||
Other | |||||
Configure organization |
1 As organization Admin, you can't update and delete members with Owner role
Workspace
Workspace contains people who share resources (servers, applications, Jira project...) to effectively collaborate together.
Default role (assigned to every new workspace member) can be configured.
Reader | User | Admin | Owner | Billing | |
---|---|---|---|---|---|
View Workspace | |||||
SaaS | |||||
List SaaS | |||||
Create/delete SaaS | |||||
View SaaS detail | |||||
List SaaS users | |||||
Manipulate SaaS members | |||||
Applications | |||||
List applications | |||||
View application detail | |||||
Create/delete application | |||||
Servers | |||||
List servers | |||||
View server detail | |||||
List backups | |||||
List server usage | |||||
List server logs | |||||
List server users | |||||
Create/delete server | |||||
Change server state | |||||
Change server capacity | |||||
Enable/disable backups | |||||
Manipulate server members | |||||
Members | |||||
View workspace users | |||||
Manipulate workspace users | |||||
Add workspace users | |||||
Invite workspace users | |||||
Change default role | |||||
Service accounts | |||||
Manage service accounts | |||||
List service accounts | |||||
Cloud Resources | |||||
Request resources | |||||
Disable resources | |||||
View resources | |||||
View usage | |||||
View logs | |||||
View storage | |||||
View firewall groups/rules | |||||
Edit firewall groups/rules | |||||
Billing | |||||
View billing information |
SaaS
SaaS is standalone component such as Jira project, git repository or Confluence space used by single workspace.
Specific permissions for each role vary between SaaS types as not every application contains logical counterpart to portal role
Reader | User | Admin | |
---|---|---|---|
Read access | |||
Read-write access | |||
Management permissions |
Jira project
Confluence project
Gitlab repository
Artifactory repository
SeedDMS folder
Subversion project
Bitbucket repository
Add all workspace users
You can give all workspace members the default membership in SaaS. On SaaS Members page, click Add member button and choose Add all workspace members.
Application
Not all applications support permission management. It is enabled upon request by TDS support team.
Specific permissions for each role vary between SaaS types as not every application contains logical counterpart to portal role.
Role | Members | Permissions |
---|---|---|
Reader |
|
|
User |
|
|
Administrator |
|
|
Server
Server permissions give you ability to access and manage server. You need to add your public SSH key to portal.
Role | Members | Permissions |
---|---|---|
User |
| |
Admin |
| |
Owner |
|
Manage user
Signup
There are multiple ways to create new account in portal:
- Single sign-on (SSO) 1
- If your organization supports SSO, you can create account by clicking SSO button on portal login screen. You will be automatically authenticated in all TDS Services.
- Self-invitation 1
- Click Create new TDS account link and input your email. Depending on your organization settings your email might need to be ...TODO
- Accept invitation 1
- If you receive invitation to join TDS portal, follow link in email and create account.
- Automatically by your organization
- You will receive welcome email from Portal. If your organization doesn't support SSO, you need to reset your password before first login.
1 Not available for all portals
Reset password
If you use SSO to login to portal, this will not change your SSO password. You will be able to login with this password only into TDS portal and applications.
There are two ways how to reset your password:
- On login screen, click Forgot your TDS password? Reset it here link. You will receive email with link to reset your password.
- On user profile, click Change password button. You will be prompted to input your old and new password.
Invite users
If you want to add users into your organization or workspace that are not yet part of the portal, you can invite the users from Members screen on both organization and workspace.
Click Add member button and choose Invite new member. You can input multiple emails of people you want to invite. Users found in user directories connected to portal will be added automatically, others will be invited to join the portal 1.
User invitations expire after 3 days. You can prolong the expiration date or delete the invitation on the Invitations screen in organization or workspace.
1 Not available for all portal
Add SSH key
SSH keys are used in portal to access servers. it's not possible to add server membership to users without SSH key.
How to generate key link.
Once you have your SHH key pair generated, go to your user profile and input public part of your key into Public SSH key field in Security management section.
Update user information
If you need to update your user information such as name or email, contact TDS support.
Other
User profile
You access your profile by clicking the icon in upper right corner and choosing Profile from dropdown menu.
User manual contains three section:
- Profile management: Here you can browse basic information about your account and export it in PDF or vCard format. You can also update SSH key, switch multi-factor authentication (MFA), reset your OTP token or password.
- SaaS: Here you can see what information are TDS applications storing regarding your account.
- Structure: Here you can see your role assignments across the whole TDS tool chain.
Manage all assets for user
You can access permissions management screen from any Members screen by clicking action menu next to your user row and choosing Show memberships.
You can manage all your SaaS, Servers and workspace roles from the screen. By clicking the hamburger menu next to search bar you can set roles in bulk for all workspace servers or all SaaS in application.
Manage service accounts
You can create service account in portal and add memberships to the account. This may come handy when doing automation.
Service accounts are being created in Service accounts section in workspace. Service account can become member of other workspaces but can be managed only by administrators of workspace it was created in. Service account is also automatically deleted when its management workspace is deleted unless it is being changed in advance.
Read more about service accounts in the article.
The recommendation for Tietoevry users
User management and granted access rights must comply with Security rule and Information Classification Rule. Carefully consider what information should be shared and with whom. Follow the rule “need to share”. Restrict access to authorized individuals for specific business purposes and choose the role carefully.
Recommendations and changes are warmly welcomed.