Skip to content

Enabling user access

Zenoss Cloud provides a native user management feature and supports integrations with popular services like Google G Suite and Microsoft Active Directory, through the Auth0 Single Sign On (SSO) service. For more information about integrating an identity management service, please contact your Zenoss Services representative.


The Zenoss API includes resources for the user management service.

Managing users

You can use the native identity management feature of Zenoss Cloud to create and manage user accounts.


The users and groups you create with the native identity management feature can be synchronized to all your Collection Zones automatically. (However, groups are not synchronized until they include at least one user. Also, synchronization is delayed when a Collection Zone is offline.) To enable this option, please contact Zenoss Support.

Creating a new user

To perform this procedure, at least one user group must be defined. For more information, see Managing groups.

To create a new user, follow these steps:

  1. Navigate to ADMIN > Users & Groups.

  2. On the USERS tab, click ADD USER.

    1. In the First Name and Last Name fields, enter the new user's name.
    2. In the Email field, enter a valid email address for the user.

      Zenoss Cloud sends a verification email to the address upon completion of the form, which requires resetting the initial password.

    3. In the Password field, enter a password. Passwords must be a minimum of 8 characters, with no more than two identical characters in a row, and must include at least one character from three of the following classes:

      • Special characters (! @ # $ % ^ & *)
      • Lower-case letters (a-z)
      • Upper-case letters (A-Z)
      • Digits (0-9)
    4. From the Groups list, assign one or more groups to the new user.

      For more information about user groups, see the next section.

  3. In the upper-right corner of the window, click SAVE.

The passwords of user accounts managed by the native identity management feature of Zenoss Cloud do not expire. Users can initiate a password reset at any time by using the login dialog box.

Managing groups

Zenoss Cloud manages users as members of groups, not as individuals. To enable access, create a Zenoss Cloud group name that matches a group name in your identity service, and then assign application roles to the groups.

Users in multiple groups get all the roles and restriction filters associated with the groups to which they belong. For example:

  • Group A is assigned the ZenOperator role in Collection Zone "Central" and the User role in Zenoss Cloud.
  • Group B is assigned the ZenManager role in Collection Zone "Central" and the Admin role in Zenoss Cloud.

Users who are members of both group A and group B receive the ZenOperator and ZenManager roles in Collection Zone "Central", and the User and Admin roles in Zenoss Cloud.


Users with multiple roles get all the privileges associated with each role. For example, if a user has both the User and Key Administrator roles in Zenoss Cloud, that user has the privileges of both roles.

Follow these steps to create a new group.

  1. In Zenoss Cloud, navigate to ADMIN > Users & Groups.

  2. On the GROUPS tab, click ADD GROUP.

  3. In the Group Name field, enter a group name.

    Group names may not include the colon (:), left curly bracket ({), or right curly bracket (}) characters.

  4. (Optional) Add roles to one or more Collection Zones and to Zenoss Cloud.

    The users associated with a group cannot gain access to Zenoss Cloud until at least one role is assigned. For more information, see Roles and permissions.

  5. (Optional) Add one or more restriction filters.

  6. In the bottom-right corner, click SAVE.

Restriction filters

A restriction filter specifies the sources of entities that you can view in Dashboards, Smart View, Events, and Inventory. You can define restriction filters for groups so all members in the group are affected by the filter.

Restriction filters are independent of Collection Zone roles. For example, if a group includes the Delegate to Collection Zone role with specific administered objects, you must mirror the settings in a restriction filter.

Set a restriction filter

To specify a restriction filter, perform the following steps:

  1. In the ADD GROUP dialog box, click the Restriction filter field.

  2. From the dropdown list of sources, select a Collection Zone or one or more streaming data sources.

    When you select a Collection Zone, you can also select one or more organizers.

    Organizers are added to the filter list as you select them. Each selected organizer includes all of its subordinate organizers as well.

  3. Click SAVE.