-
Notifications
You must be signed in to change notification settings - Fork 402
Users
This article gives you an overview of how to create user in CloudBeaver.
There are two types of users:
- Local users: Created by the Administrator.
- AWS and Federated users: These users are managed externally through AWS or federated identity providers and are authorized to access the system via Single Sign-On (SSO).
For more information on Identity providers, see Authentication methods.
To create a new local user, follow these steps:
-
As an administrator, go to Settings -> Administration -> Users and Teams -> Teams.
-
Click on the + Create button.
-
Fill in the necessary details in the provided fields.
Field Name Description Additional Info Username Enter the desired username for the account. User password Set a password for the account. The user can change their password after initial setup. Repeat password Re-enter the password for verification. User Status Toggle to enable or disable the user. Default status is Enabled. User Team (Optional) Assign the user to one or more teams. A team defines the permissions a user has within the system. For more information on teams, see Teams. First Name (Optional) Provide the user's first name. Last Name (Optional) Provide the user's last name. AWS Role ARN (Optional) Enter the AWS Role ARN. For more information about AWS roles, see AWS Settings. Microsoft Entra ID User ID (Optional) Enter the Microsoft Entra ID. For more information, see Microsoft Entra ID authentication. -
To complete the process, click on the Create button.
Once created, the user can be authenticated using local authentication methods. The user's permissions will be determined by their assigned profile.
If necessary, you can provide the user with connection access. This setting can be found and adjusted within the Connection Access tab.
See the additional information on Connection management.
Remember, user management is an important aspect of maintaining system security. Always ensure that users are granted only the access and permissions necessary for their tasks.
To allow a local user to authenticate through AWS/Federated auth methods, the local user's username must match the user's email address, which will connect via SSO (Single Sign-On). This alignment is necessary for the federated authentication process to succeed.
Note: This step is crucial during user creation as the username cannot be changed later.
When a user logs in using AWS or Federated authentication for the first time, CloudBeaver automatically creates a user profile assigned to the default team. Administrators can later change this team assignment as necessary.
Note: Administrators cannot create AWS or Federated users directly in the application. CloudBeaver only works with existing AWS and Federated users. For more information on Identity providers, see Authentication methods.
CloudBeaver AWS Edition is designed to support only AWS and Federated users, excluding local user access. Therefore, it is not possible to create local users within this environment. Users must be imported into the system.
For more information, refer to Administration Users Provisioning.
The process of editing a user is similar to creating one, except you need to access an existing user.
When editing an existing user, you also have additional options:
In the Auth Methods tab, administrators can see and remove the authentication methods associated with a user.
You can remove an existing authentication method:
- Select the desired method from the dropdown menu.
- Click the DELETE button.
Tip: If you need to restore local authentication for the user, navigate to the Info tab and assign a new password to the user. This action will re-enable local authentication.
If you need to permanently remove a user from the system, you can do so through the Delete user option. When you attempt to delete a user, a confirmation dialog will appear to ensure that this action is intentional.
-
To delete a user, select the Delete option.
-
Follow the prompts in the dialog to confirm the deletion.
Tip: If you prefer to keep the user but prevent their access, consider using the Disable option in the dialog. Alternatively, you can disable a user by selecting the checkbox in the Info section of the user profile.
- Application overview
- Demo Server
- Administration
- Server configuration
- Create Connection
- Connection Templates Management
- Access Management
-
Authentication methods
- Local Access Authentication
- Anonymous Access Configuration
- Reverse proxy header authentication
- LDAP
- Single Sign On
- SAML
- OpenID
- AWS OpenID
- AWS SAML
- AWS IAM
- AWS OpenId via Okta
- Snowflake SSO
- Okta OpenId
- Cognito OpenId
- JWT authentication
- Kerberos authentication
- NTLM
- Microsoft Entra ID authentication
- Google authentication
- User credentials storage
- Cloud Explorer
- Cloud storage
- Query Manager
- Drivers Management
- Supported databases
- Accessibility
- Keyboard shortcuts
- Features
- Server configuration
- CloudBeaver and Nginx
- Domain manager
- Configuring HTTPS for Jetty server
- Product configuration parameters
- Command line parameters
- Local Preferences
- API
-
CloudBeaver Community
-
CloudBeaver AWS
-
CloudBeaver Enterprise
-
Deployment options
-
Development