Identity and Access Management
Tenants, Workgroups, and Projects
User and group roles and permissions are managed in the identity and access management (IAM) console, accessible through the product dashboard after logging in through the domain login URL. After logging in, select the "IAM Console" from the list of applications.
The entities in the IAM to which tenant users may be assigned are:
| Entity | Description |
|---|---|
Tenant Admin | Read/write access to all resources created by users in the tenant. Manage tenant and workgroup membership. |
Workgroup Admin | Read/write access to all resources created by users in the workgroup. Manage workgroup membership. |
Workgroup User | Read/write access to all resources created by users in the workgroup |
To add/promote users to a tenant admin, navigate to the IAM console and select "Manage Domain Access". Provide your credentials again and select "User Management" and then "Administrators" from the left hand menu. Input the email address of the new tenant admin and fill out the form.
Create a Workgroup
Workgroups can be created by tenant administrators through the IAM console. To create a workgroup, click the button to create a new workgroup on the IAM console dashboard.
Provide a workgroup name, description, and administrator email. Optionally choose to enable collaborators outside of the domain to add users from other domains to the workgroup.
Add Users to a Workgroup
Users can be added to a workgroup by tenant administrators or the workgroup's administrators. A workgroup can contain an unlimited number of users.
Open the IAM Console application
Select a workgroup in the Dashboard
Select "Users" from the left pane and click the Invite button.
In the Invite new user dialog box, enter the email addresses for the users you want to add. Enter one address per line or as a comma-separated list. Invitations are blocked if the email domain is not included in the domain whitelist. Ensure the "Has Access" menu item is selected from the product access drop down for the Illumina Connected Analytics.
Has Access - The user has access to Illumina Connected Analytics through the workgroup
No Access - The user does not have access to Illumina Connected Analytics through the workgroup
❗ To allow users to perform sequencing run planning and data streaming from BSSH, they must also be granted the "Has Access" role for the BaseSpace Sequence Hub product.
Select Grant access. The invited user(s) receives an email invitation and a dashboard notification.
API Keys
To access the APIs using the command-line interface (CLI), an API Key may be provided as credentials when logging in. API Keys operate similar to a user name and password, and should be kept secure. API Keys are managed through the product dashboard after logging in through the domain login URL by navigating to the profile drop down and selecting "Manage API Keys".
Click the button to generate a new API Key. Provide a name for the API Key. Then choose to either include all workgroups or select the workgroups to be included. Selected workgroups will be accessible with the API Key.
Click to generate the API Key. The API Key is then presented (hidden) with a button to show the key to be copied and a link to download to a file to be stored securely for future reference. Once the window is closed, the key contents will not be accessible through the domain login page, so be sure to store it securely for future reference if needed.
Last updated
