How to manage OpenShift access in the UKCloud Portal
If your cluster is using OpenShift Container Platform 3.10 or later, you can manage access to OpenShift clusters in the UKCloud Portal so that users need to remember only one lot of credentials and can also take advantage of two-factor authentication (2FA) that is provided via the Portal.
UKCloud engineers will sometimes need to add their user accounts (ending in *@ukcloud.com*) to your UKCloud Portal account and OpenShift environment to diagnose issues in response to customer tickets or monitoring alerts. The access will be removed when it is no longer required, however the user may continue to show in the output of the
oc get users command. If you have any concerns about a user showing in your account, raise a service request for advice.
Managing access to an OpenShift cluster
If your cluster is using OpenShift Container Platform 3.9, raise a service request to add new users.
Log in to the UKCloud Portal
For more detailed instructions, see the Getting Started Guide for the UKCloud Portal.
You must log in as a Portal administrator.
If necessary, switch to the account that contains the services you want the user to be able to access.
If the user does not already have a UKCloud Portal user account, you'll need to create an account for them first. For more information, see How to create a new user in the UKCloud Portal.
To grant the user permissions to log into your OpenShift cluster, in the navigation panel, expand Contacts, then select All Contacts.
On the Contacts page, use the Search field to find the user to whom you want to assign OpenShift permissions and then click the Edit button.
On the Edit contact page, select the OpenShift Permissions tab.
Select the check box(es) for the cluster(s) that you want the user to have access to, then click Save
If you've enabled two-factor authentication (2FA) in the account that includes the OpenShift cluster and the user has set up 2FA for their user account, they'll be prompted to provide a 2FA code when logging in to OpenShift.
By default, the user will be able to create new projects in OpenShift but they will be unable to view existing projects. Additional cluster or project roles can be added to the user if required. See the OpenShift Managing role bindings documentation.
If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to email@example.com.