Standard Administrator Superusers and Standard Administrators can create new Admin users. The SSH username is automatically created for the user. To add a new user, perform the following steps:

Note: These steps are valid for all customers, though customers created in a 5.2.0 Orchestrator where they are not assigned to a Partner have certain limitations. These limitations are outlined in an Important note at the end of the article.

Procedure

  1. In the Enterprise portal, go to Enterprise Applications > Global Settings.
  2. From the left menu, click User Management, and then click the Users tab.
  3. Click New User.
  4. Enter the following details for the new user:
    Note: The Next button is activated only when you enter all the mandatory details in each section.
    Option Description
    General information Enter the required personal details of the user.
    Note: Starting from the 4.5 release, the use of the special character "<" in the password is no longer supported. In cases where users have already used "<" in their passwords in previous releases, they must remove it to save any changes on the page.
    Role Select a role that you want to assign to the user. For information on roles, see Roles.
    Edge Access Choose one of the following options:
    • Basic: Allows you to perform certain basic debug operations such as ping, tcpdump, pcap, remote diagnostics, and so on.
    • Privileged: Grants you the root-level access to perform all basic debug operations along with Edge actions such as restart, deactivate, reboot, hard reset, and shutdown. In addition, you can access linux shell.
    The default value is Basic.
  5. Select the Add another user check box if you wish to create another user, and then click Add User.
    The new user appears in the User Management > Users page. Click the link to the user to view or modify the details. As an Enterprise Administrator, you can manage the Roles, Service Permissions, and API Tokens for the Enterprise users.
    Note: Enterprise Administrator should manually delete inactive Identity Provider (IdP) users from the Orchestrator to prevent unauthorized access via API Token.
    Important: Customers created on a Release 5.2.0 Orchestrator who are not assigned to a Partner are automatically configured for Single Sign On (SSO) using VMware Cloud Services Platform (CSP) as the Identity Provider (IdP). As a result:
    • New administrators are created by an administrator with a Superuser role through the CSP portal.
    • There is one exception to this: the customer is permitted one administrator account with Native authentication (username/password) to allow them to access their portal in the event there is an issue with CSP authentication.
    • For more information about using CSP as an IdP in VMware SD-WAN, see: Configure VMware CSP for Single Sign On.
    • For more information about adding new users on the Cloud Services Platform, see: Using VMware Cloud Services Console - Identity and Access Management.