Creating a tenant account if StorageGRID is not using SSO

When you create a tenant account, you specify a name, a client protocol, and optionally a storage quota. If StorageGRID is not using single sign-on (SSO), you must also specify whether the tenant account will use its own identity source and configure the initial password for the tenant's local root user

Steps

  1. In the Display Name text box, enter a display name for this tenant account.
    Display names do not need to be unique. When the tenant account is created, it receives a unique, numeric Account ID.
  2. Select the client protocol that will be used by this tenant account, either S3 or Swift.
  3. For S3 tenant accounts, uncheck the Allow Platform Services check box if you do not want this tenant to use platform services for S3 buckets.

    If platform services are enabled, a tenant can use features, such as CloudMirror replication, that access external services. You might want to disable the use of these features to limit the amount of network bandwidth or other resources a tenant consumes. See "Managing platform services."

  4. In the Storage Quota text box, optionally enter the maximum number of gigabytes, terabytes, or petabytes that you want to make available for this tenant's objects. Then, select the units from the drop-down list.

    Leave this field blank if you want this tenant to have an unlimited quota.

    Note: A tenant's storage quota represents a logical amount (object size), not a physical amount (size on disk). ILM copies and erasure coding do not contribute to the amount of quota used. If the quota is exceeded, the tenant account cannot create new objects.
    Note: You can monitor tenant storage usage from the Dashboard in the Tenant Manager or with the Tenant Management API. Note that a tenant's storage usage values might become out of date if nodes are isolated from other nodes in the grid. The totals will be updated when network connectivity is restored.
  5. Determine if the tenant will use the identity source that was configured for the Grid Manager:
    If the tenant will... Steps
    Manage its own groups and users
    1. Select the Uses Own Identity Source check box (default).
      Note: If this check box is selected and you want to use identity federation for tenant groups and users, the tenant must configure its own identity source. See the instructions for using tenant accounts.
    2. Specify a password for the tenant's local root user.
    Use the groups and users configured for the Grid Manager
    1. Uncheck the Uses Own Identity Source check box.
    2. Do either or both of the following:
      • Specify which existing federated group should have the initial Root Access permission for the tenant.
        Note: If you have adequate permissions, the existing federated groups from the Grid Manager are listed when you click the field. Otherwise, enter the group's unique name.
      • Specify a password for the tenant's local root user.
  6. Click Save to create the tenant account.
  7. Decide whether to configure the tenant account now or later.
    • If you did not set a password for the local root user, the Tenant Accounts page appears, with a row for the new tenant.
      • If you are ready to configure the tenant and you belong to the Root Access federated group, click Sign In to immediately access the Tenant Manager.
      • Otherwise, provide the URL for the Sign in link to a user in the Root Access federated group. (The URL for a tenant is the fully qualified domain name or IP address of the Admin Node, followed by /?accountId=20-digit-account-id.)
    • If you set a password for the local root user, the Configure Tenant Account page appears.
      Screenshot of Step 2 - Configure Tenant Account
      • If you are ready to configure the tenant, go to step 8.
      • Otherwise, click Finish. To access the tenant later, select Tenants from the menu and click the Sign in link for the account.
  8. If you set a password for the local root user and you are ready to configure the tenant, click the Sign in as root button.

    A green check mark appears on the button, indicating that you are now signed in to the tenant account as the root user.


    Sign in as root
  9. Clink the links to configure the tenant account.
    Each link opens the corresponding page in the Tenant Manager. To complete the page, see the instructions for using tenant accounts.
  10. Click Finish.
    The dialog closes. To access the Tenant Manager later, select Tenants from the menu, click the Sign in link, and sign in. Or, provide the URL for the Sign in link and the root user password to the tenant account’s administrator. (The URL for a tenant is the fully qualified domain name or IP address of the Admin Node, followed by /?accountId=20-digit-account-id.)