Creating Working Environment Admins

A tenant typically includes one or more Working Environment Admins who create and manage the working environments in that tenant. A Tenant Admin can create those Working Environment Admins, if the Cloud Manager Admin did not do so already.


  1. In the upper right corner of the Cloud Manager console, click the task drop-down list, and then select Users.
  2. In the Users page, click New User.
  3. In the New User page, specify details for the new user account.
    Some of the fields in this page are self-explanatory. The following table describes fields for which you might need guidance:
    Field Description
    Authentication Type Select Cloud Manager to create a user account internal to Cloud Manager or select Active Directory if Cloud Manager was set up to work with your Active Directory user accounts.
    Email Address Enter the email address that the user must use to log in to Cloud Manager. Cloud Manager does not send emails to this address.
    Role Assign the user to a tenant and, optionally, a working environment. If the selected tenant does not have a working environment, you can modify the assigned working environments at a later time.
    Note: Working Environment Admins automatically have privileges to the working environments that they create themselves.
    AWS Access Key and Secret Key Enter the access key and secret key assigned to the user in AWS, unless you associated an IAM role with the Cloud Manager instance.

    Cloud Manager uses the keys to perform AWS actions on the user's behalf. Identity and Access Management (IAM) users must have specific AWS permissions. You can use a NetApp-provided IAM policy that includes the required permissions.

    NetApp OnCommand Cloud Manager: AWS and Azure Policies

    AWS Cost S3 Bucket Optionally enter the S3 bucket that contains detailed billing reports.

    Giving Cloud Manager access to detailed billing reports enables users to see AWS storage and compute costs associated with ONTAP Cloud.

    If you are using AWS consolidated billing and you specified AWS keys, you do not need to specify the bucket each time you create a user account. You just specify the bucket for one Cloud Manager user account that corresponds to an IAM user created under the AWS payer account, or the payer account itself.

    Setting up AWS billing and cost management for Cloud Manager

    Azure Permissions

    Enter the application ID and Azure key for the Active Directory service principal, the subscription ID for the user, and the Active Directory tenant ID for your organization. Cloud Manager needs this information to log in programmatically to Azure.

    Granting Azure permissions to Cloud Manager

  4. Click Save.


Cloud Manager creates the user account. The user can now log in to Cloud Manager.