Creating user accounts

If multiple people in your organization need to use Cloud Manager, then you need to create Cloud Manager user accounts for each user. You can create several types of users: Cloud Manager administrators, tenant administrators, and working environment administrators.


  1. In the upper right corner of the Cloud Manager console, click the task drop-down list, and then select Users.

    Screen shot: Shows the Users option selected in the task drop-down list.

  2. In the Users page, click New User.
  3. In the New User page, specify details for the new user account.
    Most of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:
    Field Description
    Authentication Type Select Cloud Manager to create a user account internal to Cloud Manager or select Active Directory if Cloud Manager was set up to work with your organization's Active Directory user accounts.
    Email Address Enter the email address that the user must use to log in to Cloud Manager. Cloud Manager does not send emails to this address.
    Role Select one of the three roles:
    • Cloud Manager Admin: Administers the product and has access to all tenants and working environments.
    • Tenant Admin: Administers a single tenant. Can create and manage all working environments and users in the tenant.
    • Working Environment Admin: Administers one or more working environments in a tenant.

    When you create a Working Environment Admin user, you need to assign the user to a tenant and, optionally, a working environment. If the selected tenant does not have a working environment, you can modify the assigned working environments later.

    Note: Working Environment Admin users automatically have privileges to the working environments that they create.
    AWS Access Key and Secret Key Enter the access key and secret key assigned to the user in AWS, unless you associated an IAM role with the Cloud Manager instance.

    Cloud Manager uses the keys to perform AWS actions on the user's behalf. Identity and Access Management (IAM) users must have specific AWS permissions. You can use a NetApp-provided IAM policy that includes the required permissions.

    NetApp OnCommand Cloud Manager: AWS and Azure Policies

    AWS Cost S3 Bucket Optionally enter the S3 bucket that contains detailed billing reports.

    Giving Cloud Manager access to detailed billing reports enables users to see AWS storage and compute costs associated with ONTAP Cloud.

    If you are using AWS consolidated billing and you specified AWS keys, you do not need to specify the bucket each time you create a user account. You just specify the bucket for one Cloud Manager user account that corresponds to an IAM user created under the AWS payer account, or the payer account itself.

    Azure Permissions

    Enter the application ID and Azure key for the Active Directory service principal, the subscription ID for the user, and the Active Directory tenant ID for your organization. Cloud Manager needs this information to log in programmatically to Azure.

  4. Click Save.


Cloud Manager creates the user account. The user can now log in to Cloud Manager.