How to setup and manage federated users

Elastic Cloud Gate provides an option to setup federated users who are able to access AWS Management Console directly from ECG portal, without knowing AWS credentials.

The ECG federated user works the same as AMI user, with one exception: under ECG portal, you can specify days and time when user can access the AWS Management Console.

To create a federated user from the Settings menu, select Manage Users.

Enter user email and password.

To force the user to change password with next login, check User must change password with next login.

From the Access Type drop down list, select AWS Console.

To send notification email to the new user, check Send notification email to user.

If for security reasons you do not want to include the password in the email, check Don’t include password in email.

Click Add New User.

Note: Any user created though the Users Management section has to use a different URL to login to ECG portal. The URL is: https://portal.ecloudgate.com/console/login.aspx

Additionally, beside email and password, the user is asked for the access code on the login page.

You can see your access code on the Users Management page. This number is statically assigned to your account and does not change.

Once the new user is created, you must grant him permission to select AWS account as well as to choose what permission he will have on AWS Management Console.

To grant permission under users table from the context menu, select AWS Console.

Under new windows, the selected account user has permission to specify AWS policy.

You can choose either one of the pre-defined policies, or enter a customized policy.

Under Session Duration, enter how long the user is allowed to stay logged in to AWS Management Console.

To limit days and hours the user can login to AWS Management Console, check days or enter start and end hours. For 24/7 access, leave all blank.

Click Save.

At any time, you can edit or delete user by selecting the appropriate option from the context menu.

If you need to temporarily prevent user from logging in, from the context menu select Locked. To unlock the user account, select Unlocked from the context menu.