Managing Users and Groups

You use VMware Cloud Services tools to invite users to your organization and organize them into user groups. By combining your users into groups, you can simplify access control by creating access policies that bind roles to groups rather than individuals. For more information about creating user groups in VMware Cloud Services, see Working with Groups in the Using VMware Cloud documentation.

You can also set up federation with your corporate domain that allows you to use your organization's single sign-on and identity source. For more information about federating identity management, see What is enterprise federation and how does it work in the Using VMware Cloud Services Console documentation.

Best Practice for Creating Groups

As a best practice, add users through the group to which they initially belong. Use the Groups tab under Identity and Access Management in the VMware Cloud Services console, rather than the Active Users tab. In this way, the new user is added to a group to which you have already assigned roles through an access policy. If you use the Active Users tab, the new user is added to the organization and service, but because they are not yet added to a group, they will likely have only minimal access to the service until you take the additional step of adding them to a group.

About Roles in VMware Cloud Services

For services in the VMware Cloud Services platform, the organization provides two roles, owner and member. While these roles provide a base set of permissions for each individual, they do not have an impact on the groups to which an individual can belong, or the service-level roles to which an individual or group can be bound.

For more context around these roles, see Access Control.