@@ -49,6 +49,8 @@ Beside the Root Administrator type of Account (available in the root domain only
4949of Accounts can be created for each domain: Domain Administrator and User.
5050
5151
52+ .. _users :
53+
5254Users
5355~~~~~
5456
@@ -901,6 +903,124 @@ password for a user:
901903 .. figure :: /_static/images/reset-password.png
902904 :align: center
903905
906+ Add Users
907+ ------------
908+ CloudStack allows administrators to create :ref: `users ` within an Account.
909+ Users represent individual identities that can access CloudStack
910+ resources based on their assigned roles and permissions.
911+
912+ Who can add Users
913+ ~~~~~~~~~~~~~~~~~~
914+
915+ The following administrators can create Users:
916+
917+ - Root Administrators – across all domains and accounts
918+ - Domain Administrators – within their domain hierarchy
919+
920+ **UI Flow: **
921+
922+ #. Navigate to **Accounts → Users **.
923+ #. Click **Add User **.
924+ #. Fill in the User details, including the initial password.
925+ #. (Optional) Enable **User must change password at next login **.
926+ #. Add the User.
927+
928+ .. figure :: /_static/images/add-user-popup.png
929+ :align: center
930+ :alt: Add user by administrator
931+ :width: 400px
932+
933+ If password change is enforced during User creation, the User is prompted to
934+ change the password on first login.
935+ See :ref: `user-login-flow-enforced-password-change `.
936+
937+
938+ Password Change for Users
939+ -------------------------
940+ CloudStack allows User passwords to be changed either by the User
941+ themselves or by an administrator. Password changes may be performed
942+ voluntarily or as part of an administrative action.
943+
944+ User-initiated password changes
945+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
946+ Users can change their own password at any time after successfully
947+ logging in to the CloudStack UI.
948+
949+ **UI Flow: **
950+
951+ #. Log in to the CloudStack UI.
952+ #. Click the User profile menu.
953+ #. Select **Change Password **.
954+ #. Enter the current password.
955+ #. Enter and confirm the new password.
956+ #. Submit the change.
957+
958+ .. figure :: /_static/images/user-change-password-popup.png
959+ :align: center
960+ :alt: User changing their own password
961+ :width: 400px
962+
963+ Administrator-initiated password changes
964+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
965+ Root and Domain Admins can change User's password when required, for example
966+ during account recovery or administrative maintenance.
967+
968+ **UI Flow: **
969+
970+ #. Navigate to **Accounts → Users **.
971+ #. Open the required User details page.
972+ #. Select **Change Password **.
973+ #. (Optional) Enable **User must change password at next login **.
974+ #. Change the password.
975+
976+ .. figure :: /_static/images/admin-change-password-popup.png
977+ :align: center
978+ :alt: Change user password by administrator
979+ :width: 400px
980+
981+ When password change is selected, the User must change the temporary password on the
982+ next login. See :ref: `user-login-flow-enforced-password-change `.
983+
984+
985+ Force Password Reset for Users (Quick Action)
986+ -----------------------------------------------
987+ CloudStack allows administrators to enforce a password change
988+ **without modifying the current password **.
989+
990+ **UI Flow: **
991+
992+ #. Navigate to **Accounts → Users **.
993+ #. Open the required User details page.
994+ #. Click **Force password reset ** from the actions menu.
995+ #. Confirm the action.
996+
997+ .. figure :: /_static/images/force-password-reset-quick-action.png
998+ :align: center
999+ :alt: Force password reset using quick action
1000+
1001+ .. raw :: html
1002+
1003+ <br >
1004+
1005+ .. _user-login-flow-enforced-password-change :
1006+ User login flow for enforced password change
1007+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1008+
1009+ When password change is enforced, the User login flow is as follows:
1010+
1011+ #. The User enters username, domain, and password.
1012+ #. Authentication succeeds.
1013+ #. The User is redirected to the **Change Password ** page.
1014+ #. The User must set a new password that complies with configured
1015+ password policies.
1016+ #. Until the password is changed, no other UI actions or API operations are permitted.
1017+ #. Upon successful password update, normal access is granted.
1018+
1019+ .. figure :: /_static/images/force-password-change-login.png
1020+ :align: center
1021+ :alt: User prompted to change password after login
1022+ :width: 400px
1023+
9041024Using API Key and Secret Key based Authentication
9051025-------------------------------------------------
9061026Users can generate API key and Secret key to directly access CloudStack APIs.
0 commit comments