NWS-ID
Getting Started
General information
What is NWS-ID?
It is the home of your user profile. Here you can update you personal profile data, set or request a new password or enable the two-factor-authentification. You will more detailed information at NWS-ID.
Where can I reset my password?
You find the Forgot Password link at the login form.
How can I activate Two-Factor Authentication?
Two-Factor Authentication can be activated on id.nws.netways.de in the section Signing in in Account security.
Administrative Tasks
Organizations
What is an organization?
An organiztation can be a private person, a company or a school or authority. Within an organization you can start Apps, Openstack, Kubernetes, DBaaS or our MyEngineer service. The legal entity stored in the organization is used as the legal contact for e.g. invoices.
How can I edit my organization?
Just open your user menu in the upper right corner and got to "Manage Organization".
Why do I have an Unnamed Organization?
Because you haven't named your organization yet. To make it easier for you to distinguish between your organizations, you can name them as you like. Don't worry, the name won't appear on the invoice.
How can I leave an organization?
Just open the user menu in the upper right corner and click on "Leave organization". In step 2 you have to confirm that you really want to leave the organization.
User and Groups
User and Groupmanagement
How can I add colleague to my organization?
In the NWS Customer Interface, click on your user icon in the upper right corner and select "User" or "User Groups".
Just paste the email and click on "Invite".
You can find a second way to invite a new user to your organization over the "User groups" tab.
Just click on "Manage Users" at the relevant group, paste the email of the colleague and click on "Invite"
How can I create a user group?
In the NWS Customer Interface, click on your user icon in the upper right corner and select "User group"
Click on "Create User Group" and name it
Now click on "Update permissions"
By expanding the section "OpenStack Roles" you will have the option to assign a role to your OpenStack projects.
Doing so allows you to grant access to the OpenStack API and OpenStack Webinterface for the group members.
Go to Permissions for a detailed description.
How can I add a user to a user group?
Go to "User Groups" and click on "Manage Users" for the relevant group
Now simply select the desired colleague
How can I grant full access for a colleague?
Just add the user to the Admin group.
Why am I not allowed to start new products or change the organization profile?
To start new products or change the organization you need to be a member in the Admin group.
How can I remove a colleague from my organization?
In the NWS Customer Interface, click on your user icon in the upper right corner and select "User".
Now click on "Remove from organization".
Permissions
You can assign permissions individually to groups. This applies for generel permission for access your products and project in the NWS Customer Interface and for product specific permissions like access to APIs, e.g. the Openstack API.
Generel Permissions
You can grant the following permissions to groups for accessing your projects in the NWS Customer Interface.
Permissions
- Access: can view the product in the NWS Customer Interface.
- Manage: can change the product settings, resource and other. For example, restart an app, create or delete a virtual machine, upgrade a kubernetes cluster
- Destroy: can delete the product and recall the contract.
- Billing: can view and download the bills which have been issued.
Openstack
You can grant the following Openstack Roles to groups which allows the group members to use the Openstack APIs and the Openstack Webinterface.
Roles
- Member: can create, change and delete resources
- Reader: can list and show resources
The reader role is not yet available!
If a group's access rights to an OpenStack project are revoked, the members of the group can continue to access the project for up to 8 hours in their active session.
Kubernetes
You can grant the following Kubernetes Roles to groups which allows the group members to use the Kubernetes API. Please note that these rights relate to all clusters in the Kubernetes project.
Roles
- Admin: can create, change, and delete resources
- Reader: can list and show all resources
Have a look at the clusterrole cluster-admin and view for all details, e.g. kubectl get clusterrole view -o yaml
Get an overview of your permissions with kubectl auth can-i --list
Troubleshooting
General Questions
Why don't I have to re-enter my password after logging out?
Each application, integrated with NWS-ID, receives the confirmation of your correct authenticated user from NWS-ID when logging in. After that, separate sessions are set up and managed by each application. These are independent of the session to NWS-ID.
Logging out will only destroy your session of the actual web interface or application. This could be for example the NWS Customer Center, the NWS Cloud Interface or the Openstack CLI. However, since you are authenticated at NWS-ID, too, this session will remain in place if you log out e.g, at the Customer Center. As soon as you log in again at the Customer Center, you will be logged in without providing a password, because the session to NWS-ID is still active and can confirm your validly authenticated user.
Why can't I see any projects in the Openstack web interface?
If you’re not an admin in your organization, they must authorize your NWS-ID. This happens as usual in the user group management in the customer interface.