Identity and Access Management

Tenants, Workgroups, and Projects

User and group roles and permissions are managed in the identity and access management (IAM) console, accessible through the product dashboard after logging in through the domain login URL. After logging in, select the "IAM Console" from the list of applications.

The entities in the IAM to which tenant users may be assigned are:

EntityDescription

Tenant Admin

Read/write access to all resources created by users in the tenant. Manage tenant and workgroup membership.

Workgroup Admin

Read/write access to all resources created by users in the workgroup. Manage workgroup membership.

Workgroup User

Read/write access to all resources created by users in the workgroup.

To add/promote users to a tenant admin, navigate to the IAM console and select "Manage Domain Access". Provide your credentials again and select "User Management" and then "Administrators" from the left hand menu. Input the email address of the new tenant admin and fill out the form.

Create a Workgroup

Workgroups can be created by tenant administrators through the IAM console. To create a workgroup, click the button to create a new workgroup on the IAM console dashboard.

Provide a workgroup name, description, and administrator email. Optionally choose to enable collaborators outside of the domain to add users from other domains to the workgroup.

Add Users to a Workgroup

Users can be added to a workgroup by tenant administrators or the workgroup's administrators. A workgroup can contain an unlimited number of users.

  1. Open the IAM Console application

  2. Select a workgroup in the Dashboard

  3. Select "Users" from the left pane and click the Invite button.

  4. In the Invite new user dialog box, enter the email addresses for the users you want to add. Enter one address per line or as a comma-separated list. Invitations are blocked if the email domain is not included in the domain whitelist. Ensure the "Has Access" menu item is selected from the product access drop down for the Illumina Connected Analytics.

    • Has Access - The user has access to Illumina Connected Analytics through the workgroup

    • No Access - The user does not have access to Illumina Connected Analytics through the workgroup

    ❗ To allow users to perform instrument run setup and data streaming from BSSH, they must also be granted the "Has Access" role for the BaseSpace Sequence Hub product.

  5. Select Grant access. The invited user(s) receives an email invitation and a dashboard notification.

Last updated