Manual Chapter : Users User Groups and Roles

Applies To:

Show Versions Show Versions

F5 iWorkflow

  • 2.3.0, 2.2.0
Manual Chapter

Overview: Users, user groups, and roles

A user is an individual to whom you provide resources. You provide access to users for specific iWorkflow™ system functionality through authentication. You can associate a user with a specific role, or associate a user with a user group, and then associate the group with a role.

A role is defined by its specific privileges. A user group is a group of individuals that have access to the same resources. When you associate a role with a user or user group, that user or user group is granted all of the role's corresponding privileges.

The iWorkflow™ system creates two default users as part of the initial setup and licensing process. These user accounts cannot be revised (except for their passwords) or duplicated. After setup is complete, you can create additional user types and roles to meet your business needs.

Default user type Default password Access rights
admin admin This user type can access all aspects of the iWorkflow system from the system's user interface.
root default This user has access to all aspects of the iWorkflow system from the system's console command line.

User types persist and are available after an iWorkflow system failover. You can authenticate users locally on the iWorkflow system or remotely through LDAP or RADIUS.

Changing the default password for the administrator user

You must specify the management IP address settings for the iWorkflow® system to prompt the system to automatically create the administrator user.
After you initially license and configure the iWorkflow system, it is important to change the administrator role password from the default, admin.
  1. Log in to iWorkflow™ with the administrator user name and password.
  2. At the top of the screen, click Access Control.
  3. On the Users panel, for Admin User, click the gear icon and then Properties.
  4. For the admin account, in the Old Password field, type admin.
  5. In the New Password and Confirm New Password fields, type a new password.
  6. For the root account, in the Old Password field, type default.
  7. In the New Password and Confirm New Password fields, type a new password.
  8. To save this configuration, click the Next button.

Adding a locally-authenticated iWorkflow user

You create a user and then associate that user with a particular role to define access to specific iWorkflow™ system resources.
  1. Log in to iWorkflow™ with the administrator user name and password.
  2. At the top of the screen, click Access Control.
  3. In the Users panel, hover over a user, and click the gear icon when it appears.
    The panel expands to display the User properties.
  4. From the Auth Provider list, select Local.
  5. In the Full Name field, type a name to identify this user.
    The full name can contain a combination of symbols, letters, numbers and spaces.
  6. In the Password and Confirm Password fields, type the password for the new user.
  7. Click the Add button.
You can now associate this user with a role.

About user roles

As a system manager, you need a way to differentiate between users and to limit user privileges based on their responsibilities. The iWorkflow™ system has a default set of roles you can assign to a user. Roles persist and are available after an iWorkflow system failover.

Roles definitions

iWorkflow™ ships with several standard roles, which you can assign to individual users.

Role Description
Administrator Responsible for overall administration of all licensed aspects of the iWorkflow system. These responsibilities include:
  • adding individual users
  • assigning roles
  • discovering BIG-IP® systems
  • installing updates
  • activating licenses
  • configuring an iWorkflow high availability (HA) configuration
Tenant A tenant is an entity that can consist of one or more users accessing resources provided by an administrator. : These responsibilities include:
  • customizing and deploying application templates
  • monitoring the health statistics and performance of applications and servers
Note: The iWorkflow system creates a new role when an administrator creates a new tenant. When you create a tenant, you specify the connectors that tenant can access. The name of the new role is based on the tenant name. For example, creating a new tenant named headquarters-user, produces a new role named headquarters-user (Cloud Tenant).

Associating a user or user group with a role

Before you can associate a user or user group with a role, you must create a user or user group.
When you associate a user or user group with a role, you define the resources users can view and modify. You can associate multiple roles with a given user.
  1. Log in to iWorkflow™ with the administrator user name and password.
  2. At the top of the screen, click Access Control.
  3. In the Users or User Groups panel, click the name you want to associate with a role, and drag and drop it on a role in the Roles panel.
    A confirmation popup screen opens.
  4. Click the Confirm button to assign the user or user group to the selected role.
This user or user group now has access to the resources associated with the role you specified.

Disassociating a user from a role

If you want to change the resources a user can view and modify, you can use this procedure to disassociate a user from an assigned role.
  1. Log in to iWorkflow™ with the administrator user name and password.
  2. At the top of the screen, click Access Control .
  3. In the Users panel, for the user you want to edit, click the gear icon and then select Properties.
  4. For the User Roles property, delete the user role that you want to disassociate from this user.
  5. Click the Save button to save your changes.
This user no longer has the privileges associated with the role you deleted.