Create Users and Groups
While unauthenticated access is an option when it comes to using the API Products, many situations will call for authentication to consume an API. To provide access to a Portal UI or enable authentication and rate limiting for APIs, you are going to need to set up users and groups. Those users and groups will be associated with Usage Plans that define what type of authentication is associated with an API Product, along with any additional details like rate limits.
In this guide we are going to create users and groups through the Admin Dashboard. The users and groups we create will be associated with an API Product, Portal UI, and Usage Plan.
Pre-requisites
You will need to have Gloo Portal deployed on a Kubernetes cluster, and a connection to the Admin Dashboard as described in the Using the Admin Dashboard guide.
You will also need the following items provisioned in Gloo Portal:
You can follow the guides linked above to perform the action through the Admin Dashboard or go through the Getting started guide to provision these resources using kubectl.
Create a Group
We will first create a group that is associated with an API Product and Portal UI. Then we will create a user and add them to the group. They will inherit the group’s access to API Products, Usage Plans, and Portal UIs.
We will start from the Overview page of the Admin Dashboard. First you will click on the Access Control item in the navigation bar to manage users, groups, and API keys.
The page should load on Basic Authentication including Groups and Users. Click on the Create a Group button to start the process.
On the General page, you will fill out the basic fields for the new group.
In our example we are going to use the following values:
- Name: developers
- Display Name: Developers
- Description: Developers team for Pet Store
Then click on Next Step to move to the Users page. The users page allows you to add one or more users to the group.
We do not have any users created yet, so click on the Next Step button to continue the process. The APIs page is next and it allows you to associate one or more API Environments with the group.
We will select the Development 2 Environment, then click on Next Step to move to the Plans page. The plans page allows you to select Usage Plans from the API Products you selected on the previous page.
In the Create a Usage Plan guide you created the Basic plan for the Petstore Product. Select the check box next to that plan and click on Next Step to move to the Portals page.
On the portal page you can grant access to any Portal UIs you have created. The Petstore Portal should appear under Available Portals. Click on the green plus sign next to the listing to add it to the Selected Portal area.
Click on Create Group to complete the process. Back in the Access Control view, you should see the newly created group under the Groups area.
Now it’s time to add a member to the group!
Create a User
We will start from the Access Control page of the Admin Dashboard. Click on the Create a User button to start the process.
On the General page, you will fill out the basic fields for the new user.
In our example we are going to use the following values:
- Name: dev1
- Email: dev1@example.com
- Password: mysecurepassword1!
Then click on Next Step to move to the Groups page. The groups page allows you to add the user to one or more groups.
Click on the green plus sign next to the developers group to move it from Available Groups to Selected Groups.
Now click on Next Step to load the APIs page.
We don’t need to add any API Products since our user will inherit access from the developers group. Click on Next Step to move to the Plans page.
On this page you could associate the user with one or more Usage Plans. Since we haven’t directly associated the user with any API Products, this page has no available plans to select. Click on Next Step to move to the Portals page.
The user will inherit access to the Portal UI from the developers group as well, so there is no need to add a portal on this page. Click on Create User to complete the process.
From the Basic Authentication view we can see that the dev1 user has been created. By hovering over the View text for Groups, we can see that dev1 is a member of developers.
Validate Access
Now that we have created a group with access to the Petstore product and Portal UI, we can validate that access by looking at the properties of the API Product and Portal UI.
From the navigation bar, select the APIs category.
The page should load the list of API Environments by default.
Let’s go into the Development 2 environment and take a look at the Petstore Product v2 API Product.
We can see that our Basic usage plan now has one user and one group associated with it. We can view more information by clicking on the Access Control tab.
The Developers group has one member and one plans associated with it.
Next let’s take a look at the Portal UI. Start by clicking the Portals category on the navigation bar.
Then click on the Petstore Portal entry, and select the Access Control tab.
We can see that the developers group and the dev1 user have access to the Portal UI.
From here you can test the user access by following the existing User and Groups guide starting with the “Using the Petstore portal” section.
Next steps
You may want to learn more about the concepts behind users, groups, plans, and portals. Check out the architecture page of our concepts section as an excellent jumping off point to better understand how all the pieces of Gloo Portal fit together.