Send Docs Feedback

Note: Most user interface tasks can be performed in Edge Classic or the New Edge experience. For an overview, getting started topics, and release notes specific to the New Edge experience, see the docs.

Creating global users

You can create a global user through the Edge management UI, Edge management API, or directly from the Apigee web site:

  • Edge management UI
    An organization administrator uses the Edge UI to add a global user to an existing organization with a specific role. If the user already exists, the user is added to the organization. 

    If the user does not exist, then Edge creates the user and sends the user an email message to activate the account and to set a password. The user appears in the Edge UI immediately, even before the user activates the account.

    While the organization administrator does not have the permission necessary to directly create the user, adding a new user to the organization in the Edge UI initiates the Edge workflow that creates the user.  
    For an Edge for the Private Cloud installation, you must configure a connection to an SMTP email server so that Edge can send email to users. See the Edge Operations Guide for more.
  • Edge management API
    A system administrator uses the Edge API to create a global user in an Edge for the Private Cloud installation. 

    After creating the user, you must make a second API call to add the user to a system administrator role, to an organization and organization role, or both. The new user cannot log in to the Edge UI until added to an organization.

    While an organization administrator cannot create a global user, an organization administrator can use the Edge API to assign a user to an organization and organization role. 
  • Apigee web site
    Anyone can register for a free Edge cloud account at https://accounts.apigee.com/accounts/sign_up. When you create an account directly on Edge, Edge automatically creates a global user and an organization for you, and your user account is assigned to the role of organization administrator for your organization. After you create the account, another organization administrator can add you to their organization.

    See Creating an Apigee Edge account for more.

Creating a global user through the Edge UI

An organization administrator can create a user in the Edge UI, and assign a role to the new user in the organization:

  1. In the Edge management UI, while logged in as an organization administrator, select Admin > Organization Users. If you are not an org admin, this menu does not show up. 
  2. Click + User. The "Add a User" screen appears.
  3. ユーザーのメールアドレスを入力します。
  4. Select the role you want to offer to the user. You can add more than one role to a user. 
  5. Click Save. The user appears in the Edge UI and Edge sends the new user an email with instructions for account activation, password reset, and logging in.

The user can log in to the Edge UI with either:

  • email address
  • username, which is the part of the email address before @.

After logging in for the first time, a new user should select the down arrow next to their email address in the menu, and then select User Settings to set their first and last name:

Creating a global user through the Edge API

In Apigee Edge for Private Cloud, adding a new user through the Edge API is a two step process:

  1. As the system administrator, make the API call to add the new global user:
    curl -H "Content-Type:application/xml" -u <sysAdminEmail:pword> \
      -X POST https://<ms_IP>:8080/v1/users \
      -d '<User> \
        <FirstName>Foo</FirstName> \
        <LastName>Bar</LastName> \
        <Password>myPword</Password> \
        <EmailId>foo@bar.com</EmailId> \
      </User>'
    where <ms_IP> is the IP address or DNS name of the Edge Management Server. 
  2. Assign the new user to a role by performing one or both of the following:
    1. If the new user is going to function as a system administrator, then as the system administrator use the following API call to add the user to the system administrator role, sysadmin, or read-only system administrator role, sysadmin-readonly:
      curl -u <sysAdminEmail>:<passwd> \
       -X POST https://<ms_IP>:8080/v1/userroles/sysadmin/users \
       -d 'id=foo@bar.com'
    2. As the system administrator or organization administrator, assign the new user to a role in an organization. A global user does not appear in the Edge UI, and cannot log into the Edge UI, until that user is assigned to a role in an organization. 
      curl -H "Content-Type:application/x-www-form-urlencoded" \
        -u <orgOrSysAdminEmail:pword> -X POST \
        https://<ms_IP>:8080/v1/organizations/{org_name}/userroles/{role_name}/users?id=foo@bar.com
      Replace {role_name} with the specific role for the new user. Roles include:
      • Organization administrator: orgadmin
      • Read-only organization administrator (Cloud only): readonlyadmin
      • Operations administrator: opsadmin
      • Business user: businessuser
      • User: user

Performing additional tasks to manage users

The following table shows operations that you can perform on a global user. 

Many of these operations, such as deleting a global user, require system administrator privileges. For a Cloud-based installation of Edge, contact Apigee Support to perform these actions. For an Edge for Private Cloud installation, the system administrator can perform them. 

All of the APIs listed below that require the system administrator role are described in the the Edge Operations Guide available on the Apigee ftp site: ftp://ftp.apigee.com/. All of the APIs that require the organization administrator role are described at http://apigee.com/docs/management/apis using SmartDocs so that you can run them from the Apigee documentation pages. 

 

Action

Required role

How

Manage global users

List all users

sys admin

API

Add user*

sys admin

API*

Delete user

sys admin

API

Changing user password or other information

sys admin

API

List all roles for user

sys admin

API

*While only the sys admin can create the user, an organization administrator can trigger the workflow by adding a new user to an organization in the Edge management UI.

Manage sys admin roles

List sys admin roles

sys admin

API

Add user to sys admin role

sys admin

API

List users in sys admin role

sys admin

API

Remove user from sys admin role

sys admin

API

Manage organization roles

List Roles of Organization

sys admin

org admin

API/UI

Add a user to a role

sys admin

org admin

API/UI

Get users for a role

sys admin

org admin

API/UI

List users in an organization**

sys admin

org admin

UI

Remove user membership in role

sys admin

org admin

API/UI

For additional operaions, see User roles

sys admin

org admin

API/UI

** There is no single API call that lists all users in an organization. Instead, you make one call to get all roles in the organization. Then you iterate through the list of roles to get all users in each role.

 

Help or comments?