Admin
The Admin section lets you manager Cockpit users, AdminCentral groups, and Organisations.
It’s a good idea to manage access to your DX Cloud subscription. You an easily handle this using the Admin section in your Cockpit. Here, you can create and manage users, and create user groups for your subscription as well as perform administrative operations like password resets, or creating business units (Organisations).
Manage users
You can manage existing users directly from the Cockpit under the Access section. This includes:
Adding a user
You can add a new user to your DX Cloud subscription directly from the Cockpit under the Access section.
-
Go to Admin > Users.
-
Click Add.
-
Give the user a First Name.
-
Give the user a Last Name.
-
Input the user email.
-
If desired, click Active to immediately activate the user upon creation.
-
Add the desired roles for the user.
Roles list
Role Sections Description cdn-api-access-control-read
cdn-api-access-control-write
cdn-api-blocked-ips-read
cdn-api-blocked-ips-write
cdn-api-geofencing-read
cdn-api-geofencing-write
cdn-api-object-responses-read
cdn-api-object-responses-write
cdn-api-purge-all
cdn-api-purge-url
cdn-api-segmented-caching-read
cdn-api-segemented-caching-write
cdn-api-waiting-room-read
cdn-api-waiting-room-write
certificate-api-read
certificate-api-write
cluster-api-ingress-read
cluster-api-ingress-write
cockpit-support
Predefined set of roles associated with the support group.
cockpit-business
Predefined set of roles associated with the business group.
cockpit-developer
Predefined set of roles associated with the developer group.
cockpit-devops
Predefined set of roles associated with the devops group.
logs-api-audit-read
logs-read
redirect-api-read
redirect-api-write
subscription-api-read
subscription-api-write
user-api-read
user-api-write
-
Don’t forget to click Add.
-
User types and roles
The user list allows you to quickly understand the type of user and whether the user is active.
-
Active Active users are represented by a green badge.
-
Inactive Active users are represented by a gold badge.
-
Unverified Unverified users are represented by a red badge.
You can also see the type of user, or rather how the user was created:
-
idp
: created and managed via your Identity Provider. -
Cockpit
: created in the Cockpit. -
magnolian
: a Magnolia user; this is typically Magnolia support or someone in the DX Cloud team.
User roles
User roles define what users are allowed to do and what section of the Cockpit they can access.
-
Available: roles that are not selected and therefore not assigned to the selected user.
-
Selected: roles that are selected and therefore assigned to the selected user.
-
Effective: reflects all assigned roles that are selected and those inherited from a user group.
Roles list
Role | Sections | Description |
---|---|---|
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
Predefined set of roles associated with the support group. |
|
|
Predefined set of roles associated with the business group. |
|
|
Predefined set of roles associated with the developer group. |
|
|
Predefined set of roles associated with the devops group. |
|
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
To edit the roles assigned to each user:
-
Go to Admin > Users.
-
Scroll to the desired user.
-
Editing roles depends on the user type:
Editing a user
-
Go to Admin > Users.
-
Scroll to the desired user.
-
Click Edit.
-
In the dialog window, edit the user as needed.
-
Don’t forget to click Edit.
Deleting users
-
Go to Admin > Users.
-
Scroll to the desired user.
-
Click Delete.
-
In the dialog window, click Delete to confirm that you definitely want to delete the user.
Reset user credentials
You can reset a user’s password or One-time Password (OTP) directly from the Cockpit under the Admin section.
- SSO users
-
If you’re using SSO for your DX Cloud subscription, you are unable to reset the password of those users logging in via Single Sign-On, as the password is managed via the OIDC provider.
-
Go to Admin > Users.
-
Scroll to the desired user.
-
Click Reset credentials. In the dialog, choose to:
-
Reset password Initiates password reset process
-
Reset OTP Initiates One-time Password (OTP) reset process
An email is sent to the user. Users should follow instructions to reset their password and/or OTP credentials.
-
Create user group
You can create a new user to your DX Cloud subscription directly from the Cockpit under the Admin section.
-
Go to Admin > AdminCentral groups.
-
Click Add.
-
Give the group a meaningful name.
-
Click the users that you want to add to the group.
If you accidentally click the wrong user, you can click them again and they’ll return to the Available group. -
Don’t forget to click Add.
-
Group access AdminCentral
If using the SSO module for authentication, you need to ensure the groups created in the Cockpit are granted access via the configuration in the SSO module.
-
Create a group in the Cockpit.
No special roles are needed for AdminCentral access. -
Assign users to the group. These are the users who you want to be able to access AdminCentral.
-
In the SSO module, ensure the group name created in the Cockpit is defined in the
config.yaml
file. See the SSO module configuration section for more details.path: /.magnolia/admincentral callbackUrl: http://localhost:8080/.auth postLogoutRedirectUri: http://localhost:8080/.magnolia/admincentral authorizationGenerators: - name: groupsAuthorization groups: targetProperty: groups mappings: - name: /COCKPIT_GROUP (1) targetGroups: (2) - editors targetRoles: (3) - editor
1 Where /COCKPIT_GROUP
is the name of the group you created in the Cockpit. If using Keycloak, the leading/
is mandatory.2 Defines the target group for the mapped group. 3 Defines any particular target roles for the group.
Add Organisation
You can create an Organisation so that you can group access to certain parts of your DX Cloud project based on a business unit or organisation. You can define access to clusters, domains, and namespaces this way and explicitly choose the users that are part of the unit.
-
Go to Admin > Organisations.
-
Click Add.
-
Give the organisation a meaningful name.
-
Give the organisation a meaningful description.
-
Choose the Cluster Ids for which you want to grant access.
-
Choose the Domains for which you want to grant access.
-
Choose the Namespaces for which you want to grant access.
-
Click the users that you want to add to the organisation.
If you accidentally click the wrong user, you can click them again and they’ll return to the Available group. -
Don’t forget to click Add.
-