Skip to content

Enabling user access

Zenoss Cloud provides a native user management feature and supports integrations with popular services like Google G Suite and Microsoft Active Directory, through the Auth0 Single Sign On (SSO) service. For more information about integrating an identity management service, please contact your Zenoss Services representative.

Tip

The Zenoss API includes a user management service, which enables automated integrations with your identity management service.

Managing users

You can use the native identity management feature of Zenoss Cloud to create and manage user accounts. The following image shows an example of the USERS tab on the ADMIN > Users & Groups page.

Creating a new user

To perform this procedure, at least one user group must be defined. For more information, see Managing groups.

To create a new user, follow these steps:

  1. Navigate to ADMIN > Users & Groups.

  2. On the USERS tab, click ADD USER.

    1. In the First Name and Last Name fields, enter the new user's name.
    2. In the Email field, enter a valid email address for the user.

      Zenoss Cloud sends a verification email to the address upon completion of the form, which requires resetting the initial password.

    3. In the Password field, enter a password. Passwords must be a minimum of 8 characters, with no more than two identical characters in a row, and must include at least one character from three of the following classes:

      • Special characters (! @ # $ % ^ & *)
      • Lower-case letters (a-z)
      • Upper-case letters (A-Z)
      • Digits (0-9)
    4. From the Groups list, assign one or more groups to the new user.

      For more information about user groups, see the next section.

  3. In the upper-right corner of the window, click SAVE.

The passwords of user accounts managed by the native identity management feature of Zenoss Cloud do not expire. Users can initiate a password reset at any time by using the login dialog box.

Managing groups

Zenoss Cloud manages users as members of groups, not as individuals. To enable access, create a Zenoss Cloud group name that matches a group name in your identity service, and then assign application roles to the groups.

Users in multiple groups receive the sum of all roles and restriction filters associated with the groups to which they belong. For example:

  • Group A is assigned the ZenOperator role in Collection Zone "Central" and the User role in Zenoss Cloud.
  • Group B is assigned the ZenManager role in Collection Zone "Central" and the Admin role in Zenoss Cloud.

Users who are members of both group A and group B receive the ZenOperator and ZenManager roles in Collection Zone "Central", and the User and Admin roles in Zenoss Cloud.

Follow these steps to create a new group.

  1. In Zenoss Cloud, navigate to ADMIN > Users & Groups.

  2. On the GROUPS tab, click ADD GROUP.

  3. In the Group Name field, enter a group name.

    Group names may not include the colon (:), left curly bracket ({), or right curly bracket (}) characters.

  4. (Optional) Add roles to one or more Collection Zones and to Zenoss Cloud.

    The users associated with a group cannot gain access to Zenoss Cloud until at least one role is assigned. For more information, see Roles and permissions.

  5. (Optional) Add one or more restriction filters.

  6. In the bottom-right corner, click SAVE.

Using restriction filters

A restriction filter specifies the Collection Zone entities that users can view on dashboards and Smart View pages. You define restriction filters on groups; all group members are affected by the filter.

Restriction filters are independent of Collection Zone roles. In particular, if a group includes the Delegate to Collection Zone role with specific administered objects, you must mirror the settings in a restriction filter.

To specify a restriction filter, follow these steps:

  1. In the ADD GROUP dialog, click the Restriction filter field.

  2. From the list of sources, select one Collection Zone.

    Sources other than Collection Zones are not supported.

  3. Navigate into the organizer hierarchy and select at least one organizer.

    Organizers are added to the filter list as you select them. Each selected organizer includes all of its subordinate organizers as well.

  4. Click SAVE.