Managing Users
Creating Users in a UAA Instance
You can create users locally in UAA for authentication and assign them to the required groups from the UAA dashboard.
Before You Begin
- Log in to Predix.io.
About This Task
uaa.admin
authority to your admin client. You can use the UAA command-line interface (UAAC) to add the uaa.admin
authority to your admin client. For more information on installing the command-line interface, see https://github.com/cloudfoundry/cf-uaac.If you prefer using the UAAC to create the users, see uaas-managing-users.html#task_j3f_mbl_rdb.
Use the following procedure to create users locally through the UAA dashboard.
Procedure
Using UAAC to Create Users in a UAA Instance
Optional procedure to create users in a UAA instance using the UAAC instead of UAA dashboard. .
About This Task
For applications accessing your UAA instance, you can create additional clients and users with required scopes.
uaa.admin
authority to your admin client. You can use the UAA command-line interface (UAAC) to add the uaa.admin
authority to your admin client. For more information on installing the command-line interface, see https://github.com/cloudfoundry/cf-uaac.Procedure
Creating Groups in a UAA Instance
If you design your application to authorize using specific scopes, you can create groups corresponding to those scopes in UAA and assign users to those groups. When the users log into your web application, the application redirects them to UAA. If a user is in the specified group and you chose to authorize the web application with that scope, the web application gets a signed token that contains that scope.
About This Task
Predix platform services have scopes specific to each service. When you create users for these services, you can create groups corresponding to these scopes to provide permissions specific to a service. After creating groups, you can assign users to the required groups.
For example, if you use the Time Series service, you must create the timeseries.zones.<instance_id>.user
and timeseries.zones.<instance_id>.ingest
groups for users with data ingestion permission.
For a list of scopes for all platform services, see uaas-managing-clients.html#reference_ec1_t3d_bx.
Use the following procedure to create groups in UAA: