Manage Users of Operations for Applications on VMware Cloud Services | VMware Aria Operations for Applications Documentation

Add and manage users of VMware Aria Operations for Applications on VMware Cloud services.

Note: Starting July 3, 2023, VMware Aria Operations for Applications is a service on the VMware Cloud services platform. The content in this chapter is valid for VMware Cloud services subscriptions. For original subscriptions, see Manage User Accounts.

VMware Cloud services provides identity access management for the users of your services, including Operations for Applications. For example, see our tutorial Invite New Users from the VMware Cloud Services Console.

Note: To manage user access to the services in your VMware Cloud organization, you must hold the VMware Cloud Organization Owner or Organization Administrator role. See What organization roles are available in VMware Cloud Services in the VMware Cloud services documentation.

Adding Users to Your Service Instance

To add a user to your Operations for Applications service instance, you must assign that user:

An organization role for the VMware Cloud organization running the service instance.

Note: I you are a VMware Cloud Organization Administrator, you can assign only the VMware Cloud Organization Member role. Only a VMware Cloud Organization Owner can add VMware Cloud Organization Owners and VMware Cloud Organization Administrators.
An Operations for Applications service role for the service instance.

You can assign a combination of service roles. For example, if the user that you want to invite will set up integrations, make sure that you assign that user both the Integrations and the Proxies service roles.

If you plan to assign that user a custom role, you must assign that user at least the Viewer Operations for Applications service role, so that the user can access the service instance.

Important: Make sure that you assign the Super Admin service role to at least one user of your Operations for Applications service instance. There are some Super Admin tasks that no one else can perform.
Optionally, a custom role with an Operations for Applications permission.

Important: In a multi-tenant Operations for Applications environment, custom roles apply to all service instances (tenants) to which the user has access, that is, for which the user has at least one Operations for Applications service role.

You can assign users with these roles in the following ways:

Adding Users to Your Organization

When you are adding an individual user or a list of users to the VMware Cloud organization running the service instance, you must assign that users organization, service, and custom roles.

For details, see How do I add users to my Organization.

The newly added users receive an invitation email with an account activation link to sign up to the service instance. The invitations you send are valid for seven days. You can view the status of the invitation on the Identity and Access Management > Pending Invitations page.

Creating or Editing a Group

When you are creating or editing a group in the VMware Cloud organization running the service instance, you can add a list of users as members of the group and you can assign organization, service, and custom roles to the group.

You can add users who already belong to the VMware Cloud organization as well as new users who don’t belong to the VMware Cloud organization yet. You can add users from your federated domain as well as users that are outside your federated domain.

For details, see How do I work with groups in the VMware Cloud services documentation.

Editing a User’s Roles

If a user already belongs to the VMware Cloud organization running the service instance, you can edit the user’s roles to assign that user with Operations for Applications service or custom roles.

For details, see How do I change user roles in the VMware Cloud services documentation.

Remove a User

To remove a user from your service instance, you must remove their Operations for Applications service roles.
- If the roles are individually assigned to the user, edit the user’s roles. See How do I change user roles in the VMware Cloud services documentation.
- If the roles are inherited from a group, edit the group and remove that user from the list of members. See How do I work with groups in the VMware Cloud services documentation.
To remove a user from your organization, therefore from all services in the organization, see How do I remove users from my Organization in the VMware Cloud services documentation.

Sign Out a User

As a user with the Super Admin service role, you can sign out other users by using the REST API. To sign out a user while you enabled Super Admin mode, simply run a POST request with the logout API call. For example:

POST https://<your_instance>.wavefront.com/api/logout/{identifier}

You must specify the {identifier}, which is the email address of the user that you want to log out. If you are not logged in to your service instance, when you run the POST request, you must also provide a valid API token.