NWS-ID

Getting Started

Getting Started

General information

What is NWS-ID?

It is the home of your user profile. Here you can update you personal profile data, set or request a new password or enable the two-factor-authentification. You will more detailed information at NWS-ID.

Where can I reset my password?

You find the Forgot Password link at the login form. 6 forgot pw.png

How can I activate Two-Factor Authentication?

Two-Factor Authentication can be activated on id.nws.netways.de in the section Signing in in Account security.

12.1 TFA.png13.1 TFA menu signing in.png14 tfa eingabe.PNG

Administrative Tasks

Administrative Tasks

Organizations

What is an organization?

An organiztation can be a private person, a company or a school or authority. Within an organization you can start Apps, Openstack, Kubernetes, DBaaS or our MyEngineer service. The legal entity stored in the organization is used as the legal contact for e.g. invoices.

How can I edit my organization?

Just  open your user menu in the upper right corner and got to "Manage Organization".15 organization.png16 organization.PNG

Why do I have an Unnamed Organization?

Because you haven't named your organization yet. To make it easier for you to distinguish between your organizations, you can name them as you like. Don't worry, the name won't appear on the invoice.

How can I leave an organization?

Just open the user menu in the upper right corner and click on "Leave organization". In step 2 you have to confirm that you really want to leave the organization.17 user leaving organization.png

Administrative Tasks

User and Groups

User and Groupmanagement

How can I add colleague to my organization?

In the NWS Customer Interface, click on your user icon in the upper right corner and select "User" or "User Groups".9.png

Just paste the email and click on "Invite".10 new user to organization.png

You can find a second way to invite a new user to your organization over the "User groups" tab. 

Just click on "Manage Users" at the relevant group,  paste the email of the colleague and click on "Invite"6.PNG11.png

How can I create a user group?

In the NWS Customer Interface, click on your user icon in the upper right corner and select "User group"

1 navigation.png

Click on "Create User Group" and name it

2.PNG

3.PNG

Now click on "Update permissions"

4.PNG


Bildschirm­foto 2023-01-26 um 08.49.05.png

By expanding the section "OpenStack Roles" you will have the option to assign a role to your OpenStack projects. 
Doing so allows you to grant access to the OpenStack API and OpenStack Webinterface for the group members. 

Go to Permissions for a detailed description.

How can I add a user to a user group?

Go to "User Groups" and click on "Manage Users" for the relevant group6.PNG

Now simply select the desired colleague 7.PNG


How can I grant full access for a colleague?

Just add the user to the Admin group.

Why am I not allowed to start new products or change the organization profile?

To start new products or change the organization you need to be a member in the Admin group.

How can I remove a colleague from my organization?

In the NWS Customer Interface, click on your user icon in the upper right corner and select "User".9.png

Now click on "Remove from organization".8 remove user.png


Administrative Tasks

Permissions

You can assign permissions individually to groups. This applies for generel permission for access your products and project in the NWS Customer Interface and for product specific permissions like access to APIs, e.g. the Openstack API.

Generel Permissions

You can grant the following permissions to groups for accessing your projects in the NWS Customer Interface.

Permissions

Openstack

You can grant the following Openstack Roles to groups which allows the group members to use the Openstack APIs and the Openstack Webinterface.

Roles

The reader role is not yet available!

If a group's access rights to an OpenStack project are revoked, the members of the group can continue to access the project for up to 8 hours in their active session.  

Kubernetes

You can grant the following Kubernetes Roles to groups which allows the group members to use the Kubernetes API. Please note that these rights relate to all clusters in the Kubernetes project.

Roles

Have a look at the clusterrole cluster-admin and view for all details, e.g. kubectl get clusterrole view -o yaml

Get an overview of your permissions with kubectl auth can-i --list

Troubleshooting

General Questions

Why don't I have to re-enter my password after logging out?

Each application, integrated with NWS-ID, receives the confirmation of your correct authenticated user from NWS-ID when logging in. After that, separate sessions are set up and managed by each application. These are independent of the session to NWS-ID.

Logging out will only destroy your session of the actual web interface or application. This could be for example the NWS Customer Center, the NWS Cloud Interface or the Openstack CLI. However, since you are authenticated at NWS-ID, too, this session will remain in place if you log out e.g, at the Customer Center. As soon as you log in again at the Customer Center, you will be logged in without providing a password, because the session to NWS-ID is still active and can confirm your validly authenticated user.

Why can't I see any projects in the Openstack web interface?

If you’re not an admin in your organization, they must authorize your NWS-ID. This happens as usual in the user group management in the customer interface.