nexus/knowledgebase/csd-wiki/ICSD/AWS-Cognito-User-Creation_708224408.md

AWS-Cognito-User-Creation_708224408

AWS Cognito users are used for authentication to login to the following Ops tools:

• SaaS Ops Jenkins Tool - https://saas-ops.itsma-ng.net/
• ESM SaaS System Health Page Ops Console - https://smax-health.saas.microfocus.com/ops (Use this permission to support SaaS 911 case to publish the incident report for customer communication)
• ESM Saas ELK Log Analysis (OpenSearch) - Contains 14 days of logs. Currently available only for the following farms: US2, US6/EU8, EU30 (aviator)
• Grafana Monitors for ESM SaaS Farms

CSD Ops team have the permission needed to create users in AWS Cognito. Currently, there are 3 user persona's:

• CSD Ops team - admins
• CSD Ops team - team member
• Core CPE Team limited access

To streamline the user creation process, follow the process below to create new users based on their persona.

This process eliminates the need for back and forth and simplifies the new user onboarding. Basically, the Ops team will pre-create the user, login the first time, set the roles and also configure the account so the enduser performs a single step of reset password to gain access.

Create and Configure User - jenkins admin access needed

1. Login to AWS console using your personal Ops team account. Access account: 361684190412 and set region to United States (Oregon).
2. Access AWS Cognito / User Pools - you should see the existing user pool: "notes-user-pool" Click on notes-user-pool, then click on Users on left menu.
3. Click "Create user" button: use any value for the password but write it down since you will need it in the next step.
4. 
5. Note down the new user id. You may need to do a search using the email address to get this.
6. Access Jenkins using the new user
   1. https://saas-ops.itsma-ng.net/ 2. Make sure you are logged out of your own account. 3. Login with the new user account using the password you pre-set. 4. You will be forced to set a new password. This one is not important, because we will tell the new user to reset their password on first access. 5. Will get Access Denied message in the screen - at this point, the user has been created in Jenkins and will allow us to setup their profile in the following steps. 6. Logout of new user account.
7. Login to jenkins with your admin account
   1. From Jenkins main Dashboard, use the global search at the top to find the new user id like: 333a6473-6b8a-4b16-bbcb-4bd8512e158e 2. Click Configure menu item on left - NOTE: you must have jenkins Administrator role. If not, contact one of the team who has the admin role. 3. Set the user Full Name - change it from the id to the first/last name of the user 4. Set the appropriate roles depending if this is a Ops or CPE team member (see section below).
8. Tell the user to access Jenkins URL and have them use the Forgot Password option

Role Assignment in Jenkins

Ops team should set the role based on the user persona - Ops Admin OR CPE Team member.

1. Login to Jenkins with your Admin user account
2. Click on Manage Jenkins in left menu
3. Scroll down to Security section and click on Manage and Assign Roles
4. Click on Assign Roles in left menu.
5. There are 2 sections and you need to add the user in both: Global roles + Item roles
6. At the bottom of each list, click the Add User button
7. Use the cognito user id like: 333a6473-6b8a-4b16-bbcb-4bd8512e158e
8. 
9. 
10. After you add to both lists, make sure to press the Save button

Related pages

• Page: ESM Cloud Farm Version Tracking
• Page: How to get an Opentext Confluence account
• Page: ITOM APM AppPluse Cloud Farm Information
• Page: ITOM Cloud Service Ops Doc Management Process
• Page: ITOM ESM Cloud Service Catalog
• Page: ITOM OpsB NOM Cloud Service Catalog
• Page: OpsB and NOM Cloud Deployments Version Tracking