# NWS-ID # Getting Started # General information #### What is NWS-ID? It is the home of your user profile. Here you can update you personal profile data, set or request a new password or enable the two-factor-authentification. You will more detailed information at [NWS-ID](https://nws.netways.de/nws-id). #### Where can I reset my password? You find the *Forgot Password* link at the login form. [![6 forgot pw.png](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/4w1bAHKug6hQ6ZC9-6-forgot-pw.png)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/4w1bAHKug6hQ6ZC9-6-forgot-pw.png) #### How can I activate Two-Factor Authentication? Two-Factor Authentication can be activated on [id.nws.netways.de](https://id.nws.netways.de) in the section *Signing in* in *Account security*. [![12.1 TFA.png](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/mMYlmfkGjIM64pHO-12-1-tfa.png)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/mMYlmfkGjIM64pHO-12-1-tfa.png)[![13.1 TFA menu signing in.png](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/aiFwRYPGAs504LvL-13-1-tfa-menu-signing-in.png)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/aiFwRYPGAs504LvL-13-1-tfa-menu-signing-in.png)[![14 tfa eingabe.PNG](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/ssrlYMZ4TgKXE8N7-14-tfa-eingabe.PNG)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/ssrlYMZ4TgKXE8N7-14-tfa-eingabe.PNG) # Administrative Tasks # Organizations ##### What is an organization? An organiztation can be a private person, a company or a school or authority. Within an organization you can start Apps, Openstack, Kubernetes, DBaaS or our MyEngineer service. The legal entity stored in the organization is used as the legal contact for e.g. invoices. ##### How can I edit my organization? Just open your user menu in the upper right corner and got to "Manage Organization*"*.[![15 organization.png](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/fWXw6f9gtEDU7Ajg-15-organization.png)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/fWXw6f9gtEDU7Ajg-15-organization.png)[![16 organization.PNG](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/uOQtdrTZqCKRW7X9-16-organization.PNG)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/uOQtdrTZqCKRW7X9-16-organization.PNG) ##### Why do I have an *Unnamed Organization*? Because you haven't named your organization yet. To make it easier for you to distinguish between your organizations, you can name them as you like. Don't worry, the name won't appear on the invoice. ##### How can I leave an organization? Just open the user menu in the upper right corner and click on "Leave organization". In step 2 you have to confirm that you really want to leave the organization.[![17 user leaving organization.png](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/KgmqtGAXdvN8urDA-17-user-leaving-organization.png)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/KgmqtGAXdvN8urDA-17-user-leaving-organization.png) # User and Groups ## User and Groupmanagement ### How can I add colleague to my organization? In the NWS Customer Interface, click on your user icon in the upper right corner and select "User" or "User Groups".[![9.png](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/o3xTgNigfAcXS6jC-9.png)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/o3xTgNigfAcXS6jC-9.png) Just paste the email and click on "Invite".[![10 new user to organization.png](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/rrXulsxTHm9r8QAf-10-new-user-to-organization.png)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/rrXulsxTHm9r8QAf-10-new-user-to-organization.png) You can find a second way to invite a new user to your organization over the "User groups" tab. Just click on "Manage Users" at the relevant group, paste the email of the colleague and click on "Invite"[![6.PNG](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/RXN6KVx4dNPPyxth-6.PNG)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/RXN6KVx4dNPPyxth-6.PNG)[![11.png](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/l0gnTw1rgkx1G7sN-11.png)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/l0gnTw1rgkx1G7sN-11.png) ### How can I create a user group? In the NWS Customer Interface, click on your user icon in the upper right corner and select "User group" [![1 navigation.png](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/Uzc5MRz7BdWZXPHs-1-navigation.png)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/Uzc5MRz7BdWZXPHs-1-navigation.png) Click on "Create User Group" and name it [![2.PNG](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/IsK8I896v6b9YNh4-2.PNG)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/IsK8I896v6b9YNh4-2.PNG) [![3.PNG](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/ixAODJeihRIF2z1V-3.PNG)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/ixAODJeihRIF2z1V-3.PNG) Now click on "Update permissions" [![4.PNG](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/7p9WSNv1Imsd6Id2-4.PNG)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/7p9WSNv1Imsd6Id2-4.PNG) [![Bildschirm­foto 2023-01-26 um 08.49.05.png](https://docs.nws.netways.de/uploads/images/gallery/2023-01/scaled-1680-/xEoW6Ro7xeJzaeal-bildschirmfoto-2023-01-26-um-08-49-05.png)](https://docs.nws.netways.de/uploads/images/gallery/2023-01/xEoW6Ro7xeJzaeal-bildschirmfoto-2023-01-26-um-08-49-05.png) By expanding the section "OpenStack Roles" you will have the option to assign a role to your OpenStack projects. Doing so allows you to grant access to the OpenStack API and OpenStack Webinterface for the group members. Go to [Permissions](https://docs.nws.netways.de/books/nws-id/page/permissions "Permissions") for a detailed description. ### How can I add a user to a user group? Go to "User Groups" and click on "Manage Users" for the relevant group[![6.PNG](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/RXN6KVx4dNPPyxth-6.PNG)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/RXN6KVx4dNPPyxth-6.PNG) Now simply select the desired colleague [![7.PNG](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/kHYfHCzYpX19bbM5-7.PNG)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/kHYfHCzYpX19bbM5-7.PNG) ### How can I grant full access for a colleague? Just add the user to the *Admin* group. ### Why am I not allowed to start new products or change the organization profile? To start new products or change the organization you need to be a member in the *Admin* group. ### How can I remove a colleague from my organization? In the NWS Customer Interface, click on your user icon in the upper right corner and select "User".[![9.png](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/o3xTgNigfAcXS6jC-9.png)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/o3xTgNigfAcXS6jC-9.png) Now click on "Remove from organization".[![8 remove user.png](https://docs.nws.netways.de/uploads/images/gallery/2022-12/scaled-1680-/ynQbAogyHm7rsczP-8-remove-user.png)](https://docs.nws.netways.de/uploads/images/gallery/2022-12/ynQbAogyHm7rsczP-8-remove-user.png) # Permissions You can assign permissions individually to groups. This applies for generel permission for access your products and project in the NWS Customer Interface and for product specific permissions like access to APIs, e.g. the Openstack API. ## Generel Permissions You can grant the following permissions to groups for accessing your projects in the NWS Customer Interface. #### Permissions - **Access:** can view the product in the NWS Customer Interface. - **Manage:** can change the product settings, resource and other. For example, restart an app, create or delete a virtual machine, upgrade a kubernetes cluster - **Destroy:** can delete the product and recall the contract. - **Billing:** can view and download the bills which have been issued. ## Openstack You can grant the following Openstack Roles to groups which allows the group members to use the Openstack APIs and the [Openstack Webinterface](https://cloud.netways.de). #### Roles - **Member:** can create, change and delete resources - **Reader:** can list and show resources

The reader role is not yet available!

If a group's access rights to an OpenStack project are revoked, the members of the group can continue to access the project for up to 8 hours in their active session. ## Kubernetes You can grant the following Kubernetes Roles to groups which allows the group members to use the Kubernetes API. Please note that these rights relate to all clusters in the Kubernetes project. #### Roles - **Admin:** can create, change, and delete resources - **Reader:** can list and show all resources

Have a look at the clusterrole *cluster-admin* and *view* for all details, e.g. *kubectl get clusterrole view -o yaml*

Get an overview of your permissions with *kubectl auth can-i --list*

# Troubleshooting ## General Questions ### Why don't I have to re-enter my password after logging out? Each application, integrated with [NWS-ID](htttps://id.nws.netways.de), receives the confirmation of your correct authenticated user from NWS-ID when logging in. After that, separate sessions are set up and managed by each application. These are independent of the session to NWS-ID. Logging out will only destroy your session of the actual web interface or application. This could be for example the [NWS Customer Center](https://my.nws.netways.de "NWS Customer Center"), the [NWS Cloud Interface](https://cloud.netways.de "NWS Cloud Interface") or the Openstack CLI. However, since you are authenticated at [NWS-ID](htttps://id.nws.netways.de), too, this session will remain in place if you log out e.g, at the Customer Center. As soon as you log in again at the Customer Center, you will be logged in without providing a password, because the session to NWS-ID is still active and can confirm your validly authenticated user. ### Why can't I see any projects in the Openstack web interface? If you’re not an admin in your organization, they must authorize your NWS-ID. This happens as usual in the user group management in the customer interface.