This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

1:
2:

Manage user accounts

Let’s learn how to manage users on SPEKTRA Edge.

SPEKTRA Edge offers the Identify and Access Management (IAM) framework for the user management, which is based on the Role-Based Access Control (RBAC) mechanism. In other words, you apply the certain role or roles to the users or groups, which is called the role binding, to give the certain permissions to the particular individual or group of individuals.

It also has a concept of scope of role binding, which is that the permissions for the particular role only applicable in the certain scope. This means that the role binding happened at the project is only effective under that project, or sub-projects if those available, but not others, like parent projects.

This means that you can create a really powerful and effecive user management mechanism with the well-organized projects or organization structure.

User authentication

The role-binding process is one side of the whole user management process on SPEKTRA Edge. The other side is the user authentication.

There is no order dependency between the two but it just needs to happen to let users have access to SPEKTRA Edge.

What you need

To grant access to users and groups, you need the followings.

an access to the SPEKTRA Edge dashboard
an active project

Grant access to users

First, let’s learn how to grant access to users on SPEKTRA Edge.

Click the Grant access button in the Manage resources and access of this project blue bar on the Project overview page, which will ask you following things:

the E-mail address of the person you want to give access to the project
the role to be assigned to the person.

Selecting the role for the user in the Grant access to project dialog on the Project overview page. — Selecting the role for the user in the *Grant access to project* dialog on the *Project overview* page.

Now, let’s learn what those user roles mean and what kind of operations can be granted for each role next.

Roles

Here is the pre-existing user roles offered by SPEKTRA Edge.

Role name	Resource name	Permissions
Owner	scope-admin	All operations on core and third party services
Admin operator	admin-operator	All operations on core services
Device operator	devices-operator	All operations on device and applications services
Application operator	apps-operator	All operations on applications services
Viewer	viewer	Read-only operations on core services

The owner role has full access to the services offered by SPEKTRA Edge under particular scope.

The admin operator role is similar to the owner role but does not have an access to the third-party services, for example the watchdog service offered by Service Experience Insight. This is a good role for someone who manages the entire service, e.g., user management.

The devices and application operator roles are both for the application management. The devices operator role is good for someone who manages both devices and applications but the application operator is for the application management only.

The viewer role doesn’t have any write access but have read access to core services. This is a good role for someone who only monitors or observes core services.

Organize users by groups

You can create a group to manage multiple users in one-shot.

One good example of the group usage is to grant access to multiple users in a single operation, as explained in the following section.

To create a group, click the Create group button on the Project overview page and fill in the required information, such as the name and the region, as well as the E-mail addresses of the members managed in the group.

Creating Your team group under Your project. — Creating **Your team** group under *Your project*.

Grant access to groups

You can grant access to the group, which is a great way to grant access to multipe users in the efficient fashion.

To do that, use the group E-mail address to grant access instead of the individual person’s E-mail. The group E-mail address is constructed by SPEKTRA Edge with the following convention.

[Group name] @ [Project name] .groups.iam.edgelq.com

You can also get the group E-mail address on the groups overview page under your project.

Grant access by clicking the Grant access button on the Project overview page. Give the group E-mail address, your-team@your-project.groups.iam.edgelq.com for this example, and the role you want to grant access to the group.

Granting access to the group with the group’s E-mail address.

You can check the roles for the group members by going to the Access page under the IAM section. You can see all the group members have the same role of the group’s role.

All the group members have the same role of the group’s one.

Group role binding

It takes a while, a minute or two, before the role binding completes on the group members because it is done by the SPEKTRA Edge controllers behind- the-sceans in the eventual consistency fashion.

Next step

Congratulations on understanding how to manage users on SPEKTRA Edge.

With the power of the scope based role binding, you can conduct the user management with achieving the high security standard.

The role binding is one side of the user management coin. The other side of the user management is the user sign-up and sign-in.

Let’s dive in the user authentication to understand the full picture of the user management on SPEKTRA Edge.

1 -

User authentication

Let’s learn how to sign-up and sign-in on SPEKTRA Edge.

The previous topic, the user and group management, discussed how to manage users with groups and role bindings. In fact, that’s one side of the coin of the user management. The other side, the user sign-up and sign-in, is the topic in this page.

SPEKTRA Edge user authentication is the multi-factor authentication (MFA) with Google Sign-in support. Let’s learn how it works step-by-step both for the Google accounts and for the E-mail/password based authentication.

What you need

For the user authentication on SPEKTRA Edge, you need the following.

a valid E-mail address.
Multi-factor authentication mobile app, either Auth0 Guardian or Google Authenticator

Let’s learn the sign-up process on SPEKTRA Edge first.

Select Google accounts or Email and password tab below to learn the process for each case.

Select the Sign Up tab and click Sign up with Google option.

You will be asked to select the MFA app. Select your preferred MFA app and move on to the MFA setup step next.

Selecting the Google Authenticator to move on to multi-factor authentication setup step. — Selecting the **Google Authenticator** to move on to multi-factor authentication setup step.

Scan the QR code by the MFA app on your phone and fill in the six-digit pass code generated by the app.

Scan the QR code with the MFA app and fill in the six-digit pass code generated by the app. — Scan the QR code with the **MFA** app and fill in the six-digit pass code generated by the app.

That’s it. You’ve successfully sign-up on SPEKTRA Edge and will be re-directed to the SPEKTRA Edge dashboard.

Select the Sign Up tab and click SIGN UP after filling in the E-mail, password, and the full name.

You will be asked to select the MFA app. Select your preferred app and move on to the MFA setup step next.

Scan the QR code by the MFA app on your phone and fill in the six-digit pass code generated by the app.

You’ve successfully setup the MFA setup for your account. The last thing is to verify your E-mail address. Click continue and move on to the E-mail verification step.

Click Continue to move on to the E-mail verification step. — Click **Continue** to move on to the E-mail verification step.

Open your E-mail application and search for the verification E-mail sent by SPEKTRA Edge in your inbox. Click the Verify email address box in the verification E-mail to complete the sign-up process.

You will be directed to the SPEKTRA Edge dashboard and successfully complete the SPEKTRA Edge sign-up process.

Select the account type below to go through the sign-in process on SPEKTRA Edge.

Click the Sign In with Google button to sign-in to SPEKTRA Edge.

Clicking Sign in with Google to sign-in with Google. — Clicking **Sign in with Google** to sign-in with Google.

You will be asked to fill in the MFA pass code. Open your MFA app and paste the code generated by the app, then click the right arrow button to complete the sign-in process.

Fill in the MFA code to complete the sign-in process.

You will be re-directed to the SPEKTRA Edge dashboard.

Fill in your E-mail address and the password you gave during the sign-up process and click LOG IN button to proceed.

Sign-in with your E-mail address and password. — Sign-in with your **E-mail address** and **password**.

You will be asked to fill in the MFA pass code. Open your MFA app and paste the code generated by the app, then click the right arrow button to complete the sign-in process.

You will be re-directed to the SPEKTRA Edge dashboard.

Remember this browser option

You can check the Remember this browser option when you sign-in to the SPEKTRA Edge to by-pass the MFA process for the next time on this browser.

Please refrain from this option on public browsers, e.g. browsers offered at hotels, which will be shared by multiple people and leads to the security breach.

Next steps

Congratulations to successfully complete the user authentication process on SPEKTRA Edge.

Let’s go to the resource limits page to learn how to manage resources on SPEKTRA Edge, next.

Onwards.

2 -

Manage resource limits

Let’s learn how to manage resource limits on the SPEKTRA Edge platform.

What you need

To go through this page, you need the followings.

an access to the SPEKTRA Edge dashboard
an active project
a device provisioned under the project

Request resource limit changes

First step to manage the resource limits is to request the limit change.

Let’s go to the Limits overview page by clicking the Limits option from the side bar menu.

Clicking the Limits icon on the dashboard side bar menu.

Click the Change limits button to open the Request resource limit change dialog.

Clicking the Change limits button on the Limits overview page.

Let’s request the Pod resource increase from 25 pods to 50.

That’s it for the resource limit request.

What is the maximum resource limit you can request?

The resource limit applies not only to the current project but also any child projects exists underneath. For example, if the current project’s pod resource limit is 25 pods, the total number of pods for the current project and those under the child projects is limited to 25 pods.

Approve resource limit changes

After the resource limit requests, the remaining task is to approve the request to make it effective.

Click the Change limits requests tab to show the list of change limit requests.

Approve the request by selecting the Approve option of the Actions column.

Approving the pod resource limit request by selecting the Approve option of the Actions menu.

That’s it!

Manage user accounts

User authentication

What you need

Grant access to users

Roles

Organize users by groups

Grant access to groups

Group role binding

Next step

1 -

User authentication

What you need

Sign-up

Sign-in

Remember this browser option

Next steps

2 -

Manage resource limits

What you need

Request resource limit changes

What is the maximum resource limit you can request?

Approve resource limit changes