Quick Start: Creating a User Account in an OU¶
This section describes how to create an individual user and grant policies.
You must have OU admin access rights.
When a user have multiple accounts and one of them is an admin account, we recommend that the user perform the identity and access management operations through the admin account.
About This Task¶
The following major steps are involved:
Define user roles and design proper access policies for different roles. The IoT Engineer role, for example, is typically responsible for the following operations:
- Connect devices to EnOS Cloud, including cloud-end configurations such as creating products, provisioning devices, and testing communication.
- On-site installation of edge devices and connect cables from devices to the edge gateway.
To perform the above operations, this role would need access to the following resources:
- Device Connection related configuration
- Edge Gateway configuration
Create a user group to centrally manage access permissions for each specific user role.
Create a user account, and add the account into the user group corresponding to the role.
Assign additional access policies for the user if needed (optional).
This task has the following assumptions:
- The organization that the user belongs to already exist.
- The role of the user does not have a corresponding user group created on EnOS.
- The user will be created within its organization.
Step 1: Create a Policy¶
In the EnOS Management Console, click IAM > Policy from the left navigation panel.
Click New Policy.
Enter the policy name and click Next.
In the Grant Permission page, you can select the services to grant the permissions to. After creating the policy, the user assigned with this policy will only see and access the service(s) that has been selected in this step.
Click Save to create the policy.
Step 2: Create a User Group¶
In this step, you will create a user group for the role, and associate the policy that you created in Step 1, which defines the permissions for the user role, to the user group.
- In the EnOS Management Console, click IAM > User Group from the left navigation panel.
- In the Group page, click New Group.
- Enter a group name that represents the role that you defined and click Next.
- Click Next to go to the Grant Permissions step.
- Click Assign Policies to assign policies for this group.
- Click Save.
For more information about user group management, see Creating and Managing User Groups.
Step 3: Create a User and Add User into Group¶
In this step, you will create the user in the organization, and add the user into the user group that you created in Step 2. This user will then inherit all permissions that are defined by the policies associated to the user group.
In the EnOS Management Console, click IAM > User from the left navigation panel.
In the Internal User tab, click New User and provide the necessary information, including:
- Send By
- other safety way: send the password via other secure offline approaches.
- phone: send the password via messaging to the registered mobile phone number.
- email: send the password via email to the registered email address.
- Password: you can set the initial password, or you can click the key icon to let the system auto-generate the password for the account.
Click Next to go to the Grant Policies page.
- Send By
In the Add User to Groups tab, click Add User to Group.
In the pop-up window, select the groups that the user belongs to and click Save.
Click Save to create the user.
(Optional) Step 4: Add Additional Policies¶
If the policies inherited from the user groups are not sufficient, you can add additional policies for the user.
- In the EnOS Management Console, click IAM > Users from the left navigation panel.
- Click the authorize icon .
- In the Polices tab, click Assign Policies .
- In the pop-up window, select the policies to assign to this user and click Save.
- Click Save to confirm the change.
What to Do Next¶
The user will receive an account creation notification through the channel as specified in Step 3. The user can then log in to the EnOS Management Console with the account information and verify the access rights.