|
| 1 | +--- |
| 2 | +title: Manage users and organizations |
| 3 | +weight: 300 |
| 4 | +toc: true |
| 5 | +nd-docs: DOCS-000 |
| 6 | +url: /nginxaas/google/getting-started/manage-users-organizations/ |
| 7 | +type: |
| 8 | +- how-to |
| 9 | +--- |
| 10 | + |
| 11 | +## Overview |
| 12 | + |
| 13 | +This document explains how to manage users and organizations in F5 NGINXaaS for Google Cloud using the NGINXaaS console. |
| 14 | + |
| 15 | +Before you start, ensure you understand the following concepts: |
| 16 | + |
| 17 | +- **NGINXaaS Organization**: An NGINXaaS Organization is created when you subscribe to *F5 NGINXaaS for Google Cloud* via the Google Cloud Marketplace, as described in [prerequisites]({{< ref "/nginxaas-google/getting-started/prerequisites.md" >}}). You may create multiple NGINXaaS Organizations by signing up with different GCP billing accounts. |
| 18 | +- **User**: NGINXaaS Users are granted access to all resources in the NGINXaaS Organization. User authentication is performed securely via Google Cloud, requiring a matching identity. Individuals can be added as users to multiple NGINXaaS Organizations, and can switch between them using the steps documented below. |
| 19 | +- **Authorized Domains**: The list of domains allowed to authenticate into the NGINXaaS Organization using Google authentication. |
| 20 | + - This can be used to restrict access to Google identities within your Google Cloud Organization or Google Workspace, or other known, trusted Workspaces. For example, your Google Cloud Organization may have users created under the `example.com` domain. By setting the Authorized Domains in your NGINXaaS Organization to only allow `example.com`, users attempting to log in with the same email associated with `alternative.net` Google Workspace would not be authenticated. |
| 21 | + - By default, an NGINXaaS Organization has an empty authorized domains list, which accepts matching users from any Google Workspace. |
| 22 | + |
| 23 | +## Add or edit a user |
| 24 | + |
| 25 | +An existing NGINXaaS Organization user can add additional users following these steps: |
| 26 | + |
| 27 | +1. Access the [NGINXaaS Console](https://console.nginxaas.net/). |
| 28 | +1. Log in to the console with your Google credentials. |
| 29 | +1. Navigate to **Users** page on the left menu, then select **Add User**. |
| 30 | +1. Enter the **Email** address for the user to be added. The email must match the individual's Google User to be able to authenticate successfully. |
| 31 | +1. Select **Create User** to save the changes. |
| 32 | + |
| 33 | +The new user will appear in the list of users on the **Users** page. Their **Google Identity Domain** will remain empty until they log in for the first time. |
| 34 | + |
| 35 | +## Modify organization settings |
| 36 | + |
| 37 | +As an authenticated user, you may modify the authorized domains and name of an NGINXaaS Organization. |
| 38 | + |
| 39 | + |
| 40 | +### Modify Authorized Domains |
| 41 | + |
| 42 | +1. Select **Organization Details** under the **Settings** section on the left menu. |
| 43 | +1. Select **Edit** in the **Authorized Domains** section. |
| 44 | +1. To add a new authorized domain, select **Add Domain** and enter the new domain. |
| 45 | +1. To remove an existing authorized domain, select the Recycle Bin button next to it. |
| 46 | +1. Select **Update** to save changes. |
| 47 | + |
| 48 | +{{< call-out "note" >}}You cannot remove an authorized domain from the list if it matches an existing user's Google Identity Domain. To remove access from that domain you must first delete every NGINXaaS user that is associated with the domain.{{< /call-out >}} |
| 49 | + |
| 50 | +### Modify the name of an organization |
| 51 | + |
| 52 | +1. Select **Organization Details** under the **Settings** section on the left menu. |
| 53 | +1. Select **Edit** in the **Organization Info** section. |
| 54 | +1. Enter new name in **Organization Name** field, then select **Update** to save changes. |
| 55 | + |
| 56 | +## Switch organizations |
| 57 | + |
| 58 | +To switch to a different NGINXaaS Organization, select the profile symbol in the top right corner and choose **Switch Organization**. This opens a page showing the list of all the NGINXaaS Organizations that your Google Identity is linked to; select the organization you want to switch to. |
| 59 | + |
| 60 | +## Delete a user |
| 61 | + |
| 62 | +An authenticated user can delete other users (other than their own user account). Deletion is irreversible; the deleted user will no longer be able to access the NGINXaaS Organization. |
| 63 | + |
| 64 | +To delete a user in an NGINXaaS Organization: |
| 65 | + |
| 66 | +1. Select **Organization Details** under the **Settings** section on the left menu. |
| 67 | +1. Select the ellipsis (three dots) menu next to the user you want to delete. |
| 68 | +1. Select **Delete** in the menu. The deleted user will no longer appear in the **Users** page. |
| 69 | + |
| 70 | +## What's next |
| 71 | +[Add certificates using the NGINXaaS Console]({{< ref "/nginxaas-google/getting-started/ssl-tls-certificates/ssl-tls-certificates-console.md" >}}) |
0 commit comments