Explore user-and-role-management setups to help you choose a workflow for your organization.
Common workflows
The diagram below shows four common workflows for managing users and roles in Cloud Observability. It covers single sign-on (SSO) setups and options for creating users, assigning roles, and deleting users.
Visit the sections below to learn about the different workflows and find links to further documentation.
* Cloud Observability comes with five standard user roles. You can also create custom roles for more specific setups. See Manage custom roles and Custom roles and examples for more information.
Add users and assign roles manually
Use Cloud Observability’s UI to manually manage users and roles. This approach can work well for small organizations with few role changes.
Documentation links:
- Create users in Cloud Observability
- Assign roles in Cloud Observability
- Delete users in Cloud Observability or with the API
Auto-create users with SSO and JIT provisioning
Use SSO to authenticate users with your Identity Provider (IdP). Just-in-Time (JIT) provisioning auto-creates and assigns default roles to new users. SSO with JIT provisioning can streamline user onboarding at scale.
Documentation links:
Manage roles at scale with SAML group mapping
Set up SSO to let IdPs authenticate users, and use JIT provisioning to auto-create new users. SAML group mapping assigns roles automatically based on your IdP’s existing SAML group attributes. This workflow helps you manage access at scale, lowering the need for manual intervention.
Documentation links:
Manage users and roles in bulk
Use Cloud Observability’s API and Terraform to handle user and role assignments in bulk. Bulk management can help you migrate users, onboard large teams, or scale access control.
Documentation links:
- Set up SSO
- Create users with the API
- Assign roles with Terraform
- Delete users in Cloud Observability or with the API
See also
Roles and permissions reference
Updated Nov 7, 2024