Configuring User Access

As an administrator, you can manage users, user groups, roles, and permission from the PubSub+ Cloud console or using the PubSub+ Cloud REST API. For more information about using the REST API, see Managing Users with the PubSub+ Cloud REST API.

You can invite users and set roles manually. If you enable single sign-on (SSO) you can also enable group management to add and manage users dynamically. You can choose the level of user management that you want to do manually:

Manual configuration

If SSO is not enabled, you must manually configure all user settings.

SSO without group management

If you enable SSO without group management, users must authenticate with your identity provider to log into the Cloud Console. You must invite users and set their roles manually.

SSO with group management

If you create user groups with assigned roles and map the user claim values that PubSub+ Cloud receives from your identity provider (IdP) to the user groups, users are dynamically added to a user group when they log in based on the claim values received from the IdP. If a user's claim value does not match a claim value mapped to a user group, the user can be either denied access or added to a default group. You must still invite users manually, before they can log in. For more information, see Configuring Group Management.

SSO with group management and just-in-time provisioning

If you enable just-in-time provisioning along with group management, you only need to provide new users with the log in URL for PubSub+ Cloud. When users log in for the first time through their IdP, their account is dynamically created and they are then added to a user group based on their claim value. For more information, see Managing User Groups.

For overview information about user management, see Managing Users, Groups, Roles, and Permissions.

Manually Configuring User Settings

You can manually manage users, roles, and permissions for your PubSub+ Cloud account by performing these tasks:

Adding a User

To add a user to an account, perform these steps:

  1. Log in to the PubSub+ Cloud Console if you have not done so yet. The URL to access the Cloud Console differs based on your authentication scheme. For more information, see Logging into the PubSub+ Cloud Console.

  2. On the navigation bar, click User & Account and then select Account Details.
  3. On the Account Details page, select the User Management tab, and click Invite.
  4. In the Invite User dialog, fill the Email Address field.

    Screenshot depicting the settings described in the surrounding text.

  5. Optionally, you can change the default User Roles setting. For more information, see Changing User Roles. If you set up SSO and enable group management, the roles assigned to the user group replace any manually assigned roles.
  6. Click Invite.

After you add the user, the user receives a confirmation email with an account activation link.

Have users check their spam folders or junk mail to ensure that the invitation email has not been filtered.

Resending an Activation Email

After you add a new user to an account, the account status remains pending until the user clicks the account activation link in the email message. You can resend the account activation email as a reminder.

To resend an account activation email, perform these steps:

  1. On the navigation bar, click User & Account and then select Account Details.
  2. On the Account Details page, select the User Management tab.
  3. Find the user that want resend the invitation to. Optionally, you can type in the Search Emails field to filter the user accounts that are visible.
  4. For the user, click User Actions , and then select Re-send Invite. Note that the option to resend the invite appears only if the user hasn't accepted an invitation to log into PubSub+ Cloud.

If you have PubSub+ Insights, you can re-send the Datadog invite separately. For more information, see Resending an Invitation Email from Datadog.

Changing User Roles

As an account administrator, you can change the role of any existing user; however, you can't remove the administrator role from yourself nor delete yourself

If you enable group management, the roles assigned to the user group replace any manually assigned roles.

To edit the roles and permissions of a user, perform the following steps:

  1. On the navigation bar, click User & Account and then select Account Details.
  2. On the Account Details page, select the User Management tab.
  3. In the list of users, find the user whose roles you want to change. Optionally, you can filter the list based on role or use the search to quickly find user accounts that are visible.

  4. For the user, click User Actions , and then select Edit.

    Screenshot depicting the settings described in the surrounding text.

  5. Update the roles and permission as required, and then click Save.

The user is immediately updated with the roles and permissions you specified. Note that if you add or remove the Insights Advanced Editor role, the following occurs:

Deleting a User

As an account administrator, you can delete any user from an account except yourself.

If the user you delete has the Insights Advanced Editor role assigned, the corresponding Datadog account is disabled.

If the user owns any event broker services, reassign them to yourself or another user before you delete the user.

To delete a user from an account, perform the following steps:

  1. On the navigation bar, click User & Accounts and then select Account Details.
  2. On the Account Details page, select the User Management tab.
  3. Identify the user that you to want to delete from your PubSub+ Cloud account. Optionally, you can filter the list based on role or use the search to quickly find user accounts that are visible.
  4. For the user, click User Actions , and then select Delete
  5. Verify that email address matches the user you want to delete, and click Confirm.