Previous Topic: Customizing Tenant SettingsNext Topic: Users

Administration GuideTenant ManagementReplacing Default User Accounts

Replacing Default User Accounts

A system administrator initially creates a CA CloudMinder tenant environment. At that time, various default administrator accounts are created in the environment, including the following accounts:

User ID

Administrator Type

cspadmin

System or Hosting administrator

mspadmin

System or Service administrator

admin

Tenant administrator

The system creates these accounts with identical passwords. A system administrator typically uses these accounts during the initial configuration of a new tenant environment. Various types of administrators also use these accounts over time to perform configuration and maintenance for the CA CloudMinder environment.

For security reasons, we recommend that upon initially logging in to a default administrator account, you create a duplicate of that account with a unique User ID and password. After you have created the duplicate account, delete the default account.

Replace the default account that corresponds to the type of administrator role that you fulfill. For example, if you are a hosting administrator, replace the cspadmin default account.

Note: Do not replace or delete default accounts that do not correspond to an administrator role that you fulfill. For example, if you are a tenant administrator, do not replace or delete the cspadmin account. If you do so, other types of administrators are unable to log in with those accounts to perform configuration and maintenance for your environment.

The following diagram shows the information to understand, and the steps to perform, in replacing default user accounts.

This diagram illustrates the steps required to replace default user accounts.

The following topics explain how to replace default user accounts:

  1. Identify the roles that are associated with your default account.
  2. Duplicate your default account.
  3. Assign the appropriate admin role to the duplicate account.
  4. Confirm that the duplicate account contains the correct roles.
  5. (Optional) Add or remove additional roles, if necessary.
  6. Delete the default account.

Identifying User Account Roles

Identify the roles that are associated with your default account, so you can accurately duplicate them in your replacement account.

Follow these steps:

  1. Log in to your default account, as follows:

    Use the password that your system administrator designated to your default account during environment creation.

  2. From the navigation menu select Users, Manage Users, View User.

    A search screen appears.

  3. Search for the default user account that corresponds to the type of administrator role you fulfill, as follows:

User Account

Administrator Type

cspadmin

System or hosting administrator

mspadmin

System or service administrator

admin

Tenant administrator
  1. Select your default user account, and click Select.
  2. Click the Admin Roles tab.

    A list of admin roles that are assigned to the user account appears.

  3. Note each admin role, and whether you are a Member, Administrator, or both.

    Note: In the cspadmin account, ignore the System Manager role. It is not necessary to duplicate this role when you create the replacement account.

  4. Duplicate your default account.

Duplicating your Default Account

Create a duplicate account that is based on your default administrator account.

Follow these steps:

  1. From the navigation menu, select Users, Manage Users, Create User.
  2. Select Create a copy of a user, and search for your default user account, as follows:

User ID

Administrator Type

cspadmin

System or Hosting administrator

mspadmin

System or Service administrator

admin

Tenant administrator
  1. Select your default user account, then click Ok.

    The user account profile appears.

  2. Enter a new User ID, update any other user profile information, and click Next.

    Note: Do not alter the Organization.

    The groups screen appears. The system automatically duplicates the groups contained in the default account.

  3. Click Finish.

    The system creates the user account. The account contains the correct groups, but does not yet contain the correct roles.

  4. Assign the appropriate admin role to the account.

Assigning Admin Roles

Assign the appropriate admin roles to the duplicate account.

Follow these steps:

  1. From the navigation menu, select Users, Manage Users, Modify User.

    A search screen appears.

  2. Search for the User ID of the duplicate account you created.
  3. Select the account, and click Select.

    The user profile screen appears.

  4. Click Next, then Next again to display the Admin Roles screen.
  5. Click Add an Admin Role.

    A search screen appears.

  6. Search for the admin role that corresponds with your default user account, as follows:

User ID

Admin Role

cspadmin

CSP Administrator

mspadmin

MSP Administrator

admin

Tenant Administrator
  1. Select the role, and click Select.

    An updated list of the roles that are assigned to the account appears.

  2. Click Finish.

    The system assigns the role to the account.

    Note: When you assign one of the Administrator roles to an account, the system automatically assigns several related roles at the same time. This configuration ensures that all required privileges are assigned to the account simultaneously.

  3. Confirm that the new account contains the correct roles.

Confirming User Account Roles

Before you delete your default user account, confirm that the roles assigned to your duplicate account match the roles in the default account.

Follow these steps:

  1. From the navigation menu, select Users, Manage Users, View User.

    A search screen appears.

  2. Search for the User ID of the duplicate account you created.
  3. Select the account, and click Select.

    The user profile screen appears.

  4. Click the Admin Roles tab.

    A list of admin roles that are assigned to the user account appears.

  5. Confirm that the roles and associated privileges (Member, Administrator, or both) match those you noted when you identified the roles that are associated with your default account.

    Note: For the duplicate cspadmin account, ignore the System Manager role. It is not necessary to duplicate this role in the replacement account.

  6. If the roles do not match, add or remove roles to match the default account.
  7. If the roles match, delete the default account.

Adding or Removing Additional Roles

If the roles assigned to your duplicate account do not match the default account, add or remove additional admin roles.

Follow these steps:

  1. From the navigation menu, select Users, Manage Users, Modify User.

    A search screen appears.

  2. Search for the User ID of the duplicate account you created.
  3. Select the account, and click Select.

    The user profile screen appears.

  4. Click Next, then Next again to display the Admin Roles screen.
  5. To add a role, click Add an Admin Role, search for and select the role, and click Select.

    An updated list of the roles that are assigned to the account appears.

  6. To remove a role, uncheck the Member and Administrator checkboxes next to the role.
  7. Click Finish.

    The system assigns or removes the role.

  8. Confirm that the new account contains the correct roles.

Delete the Default Account

You have confirmed that the duplicate account you created matches your default account. You can now delete the default account.

Important! The mspadmin account is the default Inbound Administrator. The system uses the Inbound Administrator to create users during the Explore and Correlate process. Before deleting the mspadmin account, update the Inbound Administrator from mspadmin to a different user account. You must have access to the Management Console to do this. In the Management Console, select Environment, then your environment, and navigate to Advanced Settings, Provisioning.

Follow these steps:

  1. Log out of CA CloudMinder.
  2. Log in to the duplicate account you created.
  3. From the navigation menu, select Users, Manage Users, Delete User.

    A search screen appears.

  4. Search for your default account, which is one of the following accounts:
  5. Select your default account, and click Select.
  6. Confirm that you want to delete the account by clicking Yes.

    The system deletes the default account.

    The process of replacing your default user account is now complete. This process helps prevent improper login attempts on your system.

    You can now use the duplicate account that you created to perform all administrative functions that were associated with the default role.