Skip to main content

Add Users

Use the CLI or GUI to add or invite users.

Using the CLI

  1. To configure the CLI to use the username and password, run styra configure.

    Provide the following values when prompted:

    • Organization ID: styra-das-id.styra.com.
    • Access token: Leave this empty for now.
    • Username: The username you use to login to styra-das-id.styra.com.
    • Password: Your password.

    The configuration settings are written to a local file at ~/.styra/config.

  2. To create an user on styra-das-id.styra.com with the CLI, run styra create <email>, where <email> is the email address of the user. For example: To create an user alicia@hooli.com, run styra create user alicia@hooli.com.

  3. When prompted for a password, provide the user password. The user can also have a specific username or password for logging into styra-das-id.styra.com, in addition to signing in with SSO. If the user wants to only sign on using SSO, then leave the password empty.

  4. Verify that your SSO configuration works. In your browser, logout from styra-das-id.styra.com and sign in again using the Okta button on the login page.

Using the GUI

You can add a new user or an existing user to your Workspace, and also add permissions to systems, stacks, and the workspace.

Invite Users to Your Workspace

In the Workspace access control, you can invite a user to access the DAS system or stack and assign them a Workspace role. The system or stack will send them an email invitation with a link to your DAS tenant.

Use Single Sign-On

  • Configure a Single Sign-On (SSO) provider and choose whether or not invitations are required.

    • If invitations are required then you must invite each user from your SSO identity provider that you want to access the DAS system or stack.

    • If invitations are not required then a user from your SSO identity provider who has your DAS tenant URL can login to the DAS system or stack. They are automatically added to your Workspace.

  • Even if invitations are not required, you can still invite users from your SSO identity provider.

  • When uninvited users registered with your SSO identity provider log into DAS, they are automatically added to your Workspace.

info
  1. Just-in-time (JIT) users will have no permissions until they are granted either directly (as user) or via SSO configuration.

  2. Users with no Workspace permissions can only see the systems or stacks on which they have permissions and edit their own user settings. This is the default behavior.

The following sections use an example company and DAS workspace called hooli.

Invite a User

To add a user named Ruchita as a WorkspaceAdministrator in the Workspace level, do the following:

  1. Click on the hooli Workspace >> Access Control tab >> Users button.

  2. In the Users pane, click the + Invite user button to add a user.

  3. Now, hooli > Invite user dialog appears.

  4. Perform the following actions in your dialog box.

    • Email address (required): Enter the user’s email address. Enter ruchita@hooli.com.

    • Workspace roles: Currently, the default Workspace role for Invite user is the no role, but you can invite WorkspaceAdministrator or WorkspaceViewer (or neither). Users with the WorkspaceViewer role can view all systems or stacks in the Workspace and all tabs, settings for the Workspace. Now, click the drop-down list and select WorkspaceAdministrator.

    • Click Send invite tab to add a DAS user or invite a user in the Workspace level.

  5. Now, ruchita@hooli.com is added to the Workspace level with the status marked as pending. An invitation is sent to ruchita@hooli.com. When Ruchita clicks the DAS URL in the invitation and logs in, the list of users column is updated with ruchita@hooli.com (the pending status is removed).

  6. To view the status of the invitation, click on the hooli workspace >> Access Control tab >> Users button >> All pane.

Manage Permissions

You can manage permissions to SYSTEMS, STACKS, and WORKSPACE for the following subject types:

  • User - A DAS user.

  • SSO Claim - For managing permissions for groups or other organizations of users.

  • API Token - Managing permissions for API bearer tokens.

important

In DAS Pro and DAS Enterprise, using the Administrator switch, you can designate the user to be either

  • a Workspace Administrator with full access to all settings and all systems or
  • a Workspace Viewer with read-only access to all settings and all systems.

You can give Workspace Viewers access to specific systems by adding them to a system's user as System Owners.

In DAS Free and DAS Pro Trial, all users are Workspace Administrators, so the Administrator switch is on and disabled.