Access Management Tab

About this tab

The Access Management tab is designed for organization’s admin users, that are the OCP® users who have been granted elevated permissions to manage authentication tokens, user groups and roles for their organization. This tab allows organization admins to streamline and control access, ensuring that only authorized users can perform specific actions.

To better understand what an Organization is and the responsibilities of its admin user in OCP infrastructure, read the Organizations, Groups, and Roles article.

Under this tab, as an organization’s admin user, you can:

• Create and revoke personal tokens

• View and create groups for your organization

• Add and remove users from your organzation’s groups

• View and create roles within your organization

• Assign roles to user within your organization

• View the list of users assigned to your organization

• Deactivate users within your organization

Below you can find more details about each of the sub-tabs.

Personal Tokens

A personal token is a string of characters that you can use for authentication when accessing OCP® Console instead of the usual credentials. Personal tokens provide a secure and less cumbersome alternative to traditional login credentials.

Under the Personal Tokens tab, you can create and revoke personal tokens.

Create a personal token

To create a personal token, proceed as follows:

1. Click + Create Token. The dialog box opens.

2. Fill in the required fields.

• Name: Your personal token’s name.

• Group: Select a group from the drop-down list.

• Expires at: The expiration date of the token. By default, the toggle is switched off. If the toggle is switched on, the token will expire on the selected day.

3. Click Create. The token is created, and the following dialog box opens:

4. Copy and save your token!

It is important to copy and save your token aside, otherwise you will not be able to see it again!

5. Click Close when finished.

The created tokens are listed as shown below:

Revoke a personal token

When a personal token expires, its status is changed to Revoked. You can also revoke your token manually. To revoke a token, click the Menu button → Revoke.

You cannot delete a personal token.

Groups

Under the Groups tab, you are able to view a list of all the groups associated with your organization, as well as have the ability to create new groups.

Create group

To create a group in your organization, proceed as follows:

1. Click + Create Group. The dialog box opens.

2. Fill in the required fields.

• Group Name: Your personal token’s name.

• Description: Optional description for your group.

3. Click Add. The created group appears on the list of groups.

Add users to group

Once you have created a group, it is possible to include users. Follow the below steps to add a user to a group:

1. Select a group from the available groups list. You will be directed to a page showing the users associated with the chosen group.

2. Click + Add Users.

3. In the opened pop-up window, fill in the fields as described below:

• Users: Input the user's email address. If the email is valid, it will be displayed in a drop-down menu. Finalize your selection by clicking on the email. You can add several users' emails at a time.

• User Role: Identify the type of user role applicable to this group.

4. Click Add when finished. The newly added users will appear within the list of the group's members.

Remove a user from a group

You have the ability to remove users from any group of your organization. To delete a user from a group, follow the steps below:

1. Select a group from the available groups list. You will be directed to a page showing the users associated with the chosen group.

2. Click on the Context Menu icon and choose the Remove option.

3. A pop-up window will appear. Confirm the removal process by selecting Delete.

The selected user will now be successfully deleted from the group.

Change a user’s role

You have the ability to change the role of any user from your organzition’s groups. To change a user’s role, follow the steps below:

1. Select a group from the available groups list. You will be directed to a page showing the users associated with the chosen group.

2. Click on the Context Menu icon and choose the Change role option.

3. A drop-down list of available roles will appear. Select the new role you wish to assign to the user.

   Following these steps will successfully update the user's role in the group.

Roles

Within the Roles tab, you can see the list of existing roles for your organization, including predefined ones. In addition, a feature to create a new custom role is available in the same tab.

The displayed fields for each role include:

• ID: The unique role ID.

• Role Name: The specific name of the role.

• Created at: The exact date when the role was established.

Create role

To create a role, proceed as follows:

1. Click + Create Role. The dialog box opens.

2. Enter a friendly name to identify the role.

3. Click Add. The created role appears on the list of roles.

Users

In the Users tab, you can view a complete list of your organization’s users and their details, such as:

• User Name: The name of the user

• Email: The email of the user

• Groups: The number of groups the user is assigned to

• Created at: The date of user account creation

• Status: The activation status of the user

Click on a selected user to get more details as shown below:

Deactivate a user

You have the ability to deactivate users within your organization. Once deactivated, these users are removed from the organization and will be unable to log in to OCP®.

You will not be able to fully deactivate a user that maintains membership in more than one organization. In this case, you can only remove such users from your organization. They will, however, retain their ability to log into OCP®.

To deactivate a user, follow these steps below:

1. Click the Context menu next to the user and select Deactivate.

2. In the pop-up window, click Deactivate to confirm the action.