You're viewing Apigee Edge documentation.
Go to the
Apigee X documentation. info
Create a global user through the Edge UI, Edge API, or directly from the Apigee web site, as described below.
-
Edge UI
For both Edge for Public Cloud and Edge for Private Cloud, an organization administrator uses the Edge UI to add a global user to an existing organization with a specific role. If the user already exists, the user is added to the organization.
If the user does not exist, then Edge creates the user and sends the user an email message to activate the account and to set a password. The user appears in the Edge UI immediately, even before the user activates the account.
While the organization administrator does not have the permission necessary to directly create the user, adding a new user to the organization in the Edge UI initiates the Edge workflow that creates the user.
-
Edge API
In an Edge for Private Cloud installation, a system administrator uses the Edge API to create a global user.
After creating the user, you must make a second API call to add the user to a system administrator role, to an organization and organization role, or both. The new user cannot sign in to the Edge UI until added to an organization.
- Apigee web site
Anyone can register for a free Edge cloud account at https://login.apigee.com/sign_up. When you create an account directly on Edge, Edge automatically creates a global user and an organization for you, and your user account is assigned to the role of organization administrator for your organization. After you create the account, another organization administrator can add you to their organization.
See Creating an Apigee Edge account for more.
Creating a global user through the Edge UI
An organization administrator can create a user in the Edge UI, and assign a role to the new user in the organization:
-
Access the User page, as described below.
Edge
To access the Users page using the Edge UI:
- Sign in to https://apigee.com/edge as an organization administrator.
- Select Admin > Users.
If you are not an organization administrator, this menu is not available.
Classic Edge (Private Cloud)
To access the Users page using the Classic Edge UI:
- Sign in to
http://ms-ip:9000
as an organization administrator, where ms-ip is the IP address or DNS name of the Management Server node. - Select Admin > Organization Users.
- Click + User.
The New User page displays.
- Enter the user's email address.
- Select the roles you want to assign to the user.
You can add more than one role to a user. - Click Save.
The user appears in the Edge UI and Edge sends the new user an email with instructions to activate their account and sign in.
The user can sign in to the Edge UI using one of the following:
- Email address
- Username, which is the part of the email address before @.
Creating a global user through the Edge API
In Apigee Edge for Private Cloud, adding a new user through the Edge API is a two-step process:
-
As the system administrator, make the API call to add the new global
user:
where <ms_IP> is the IP address or DNS name of the Edge Management Server.curl -H "Content-Type:application/xml" -u <sysAdminEmail:pword> \ -X POST https://<ms_IP>:8080/v1/users \ -d '<User> \ <FirstName>Foo</FirstName> \ <LastName>Bar</LastName> \ <Password>myPword</Password> \ <EmailId>foo@bar.com</EmailId> \ </User>'
- Assign the new user to a role by performing one or both of the following:
- If the new user is going to function as a system administrator, then as the
system administrator use the following API call to add the user to the system
administrator role,
sysadmin
, or read-only system administrator role,sysadmin-readonly
:curl -u <sysAdminEmail>:<passwd> \ -X POST https://<ms_IP>:8080/v1/userroles/sysadmin/users \ -d 'id=foo@bar.com'
-
As the system administrator or organization administrator, assign the
new user to a role in an organization. A global user does not appear in the Edge UI, and
cannot log into the Edge UI, until that user is assigned to a role in an
organization.
Replacecurl -H "Content-Type:application/x-www-form-urlencoded" \ -u <orgOrSysAdminEmail:pword> -X POST \ https://<ms_IP>:8080/v1/organizations/{org_name}/userroles/{role_name}/users?id=foo@bar.com
{role_name}
with the specific role for the new user. Roles include:- Organization administrator:
orgadmin
- Read-only organization administrator (Cloud only):
readonlyadmin
- Operations administrator:
opsadmin
- Business user:
businessuser
- User:
user
- Organization administrator:
- If the new user is going to function as a system administrator, then as the
system administrator use the following API call to add the user to the system
administrator role,
Performing additional tasks to manage users
The following table shows operations that you can perform on a global user.
Many of these operations, such as deleting a global user, require system administrator privileges. For a Cloud-based installation of Edge, contact Apigee Edge Support to perform these actions. For an Edge for Private Cloud installation, the system administrator can perform them.
Action |
Required role |
How |
|
---|---|---|---|
Manage global users |
List all users |
sys admin |
API |
Add user* |
sys admin |
API* |
|
Delete user |
sys admin |
API |
|
Changing user password or other information |
sys admin |
API |
|
List all roles for user |
sys admin |
API |
|
*While only the sys admin can create the user, an organization administrator can trigger the workflow by adding a new user to an organization in the Edge management UI. | |||
Manage sys admin roles |
List sys admin roles |
sys admin |
API |
Add user to sys admin role |
sys admin |
API |
|
List users in sys admin role |
sys admin |
API |
|
Remove user from sys admin role |
sys admin |
API |
|
Manage organization roles |
sys admin org admin |
API/UI |
|
sys admin org admin |
API/UI |
||
sys admin org admin |
API/UI |
||
List users in an organization** |
sys admin org admin |
UI |
|
sys admin org admin |
API/UI |
||
For additional operations, see User roles |
sys admin org admin |
API/UI |
|
** There is no single API call that lists all users in an organization. Instead, you make one call to get all roles in the organization. Then you iterate through the list of roles to get all users in each role. |