Create Users and Groups

While unauthenticated access is an option when it comes to using the API Products, many situations will call for authentication to consume an API. To provide access to a Portal UI or enable authentication and rate limiting for APIs, you are going to need to set up users and groups. Those users and groups will be associated with Usage Plans that define what type of authentication is associated with an API Product, along with any additional details like rate limits.

In this guide we are going to create users and groups through the Admin Dashboard. The users and groups we create will be associated with an API Product, Portal UI, and Usage Plan.

Pre-requisites

You will need to have the Gloo Portal deployed on a Kubernetes cluster, and a connection to the Admin Dashboard as described in the Using the Admin Dashboard guide.

You will also need the following items provisioned in the Gloo Portal:

You can follow the guides linked above to perform the action through the Admin Dashboard or go through the Getting started guide to provision these resources using kubectl.

Create a Group

We will first create a group that is associated with an API Product and Portal UI. Then we will create a user and add them to the group. They will inherit the group’s access to API Products, Usage Plans, and Portal UIs.

We will start from the Overview page of the Admin Dashboard. First you will click on the Access Control item in the navigation bar to manage users, groups, and API keys.

Admin Dashboard Nav Bar

The page should load on the Users category by default. Next click on the Create a Group button to start the process.

Admin Dashboard Create Group

On the General page, you will fill out the basic fields for the new group.

Admin Dashboard Create Group General

In our example we are going to use the following values:

Then click on Next Step to move to the Users page. The users page allows you to add one or more users to the group.

Admin Dashboard Create Group Users

We do not have any users created yet, so click on the Next Step button to continue the process. The APIs page is next and it allows you to associate one or more APIs with the group.

Admin Dashboard Create Group APIs

Move the Petstore Product v2 product from Available APIs to Selected APIs by clicking on the green plus sign.

Admin Dashboard Create Group APIs

Then click on Next Step to move to the Plans page. The plans page allows you to select Usage Plans from the API Products you selected on the previous page.

Admin Dashboard Create Group Plans

In the Create a Usage Plan guide you created the basic plan for the Petstore Product. Select the check box next to that plan and click on Next Step to move to the Portals page.

Admin Dashboard Create Group Portals

On the portal page you can grant access to any Portal UIs you have created. The Petstore Portal should appear under Available Portals. Click on the green plus sign next to the listing to add it to the Selected Portal area.

Admin Dashboard Create Group Portals Selected

Click on Create Group to complete the process. Back in the Access Control view, click on Groups to view your newly created group.

Admin Dashboard Create Group Complete

Now it’s time to add a member to the group!

Create a User

We will start from the Access Control page of the Admin Dashboard. Click on the Create a User button to start the process.

Admin Dashboard Create User

On the General page, you will fill out the basic fields for the new user.

Admin Dashboard Create User General

In our example we are going to use the following values:

Then click on Next Step to move to the Groups page. The groups page allows you to add the user to one or more groups.

Admin Dashboard Create User Groups

Click on the green plus sign next to the developers group to move it from Available Groups to Selected Groups.

Admin Dashboard Create User Groups Selected

Now click on Next Step to load the APIs page.

Admin Dashboard Create User APIs

We don’t need to add any API Products since our user will inherit access from the developers group. Click on Next Step to move to the Plans page.

Admin Dashboard Create User Plans

On this page you could associate the user with one or more Usage Plans. Since we haven’t directly associated the user with any API Products, this page has no available plans to select. Click on Next Step to move to the Portals page.

Admin Dashboard Create User Portals

The user will inherit access to the Portal UI from the developers group as well, so there is no need to add a portal on this page. Click on Create User to complete the process.

From the User view we can see that the dev1 user has been created. By hovering over the View text for Groups, we can see that dev1 is a member of developers.

Admin Dashboard Create User Complete

Validate Access

Now that we have created a group with access to the Petstore product and Portal UI, we can validate that access by looking at the properties of the API Product and Portal UI.

From the navigation bar, select the APIs category.

Admin Dashboard Nav Bar

The page should load the list of API Products by default.

Admin Dashboard API View

We can see on the Petstore Product v2 entry that there is now 1 user with access. Click on the product entry and then the Access Control tab to see more information.

Admin Dashboard API Groups

We can see that the developers group has dev1 as a member and is associated with the Basic Usage Plan.

Next let’s take a look at the Portal UI. Start by clicking the Portals category on the navigation bar.

Admin Dashboard Nav Bar

Then click on the Petstore Portal entry, and select the Access Control tab.

Admin Dashboard Portal Groups

We can see that the developers group has access to the Portal UI.

From here you can test the user access by following the existing User and Groups guide starting with the “Using the Petstore portal” section.

Next steps

You may want to learn more about the concepts behind users, groups, plans, and portals. Check out the architecture page of our concepts section as an excellent jumping off point to better understand how all the pieces of the Gloo Portal fit together.