Search…
Identity and Access Management

Tenants, Workgroups, and Projects

User and group roles and permissions are managed in the identity and access management (IAM) console, accessible through the product dashboard after logging in through the domain login URL. After logging in, select the "IAM Console" from the list of applications.
The entities in the IAM to which tenant users may be assigned are:
Entity
Description
Tenant Admin
Read/write access to all resources created by users in the tenant. Manage tenant and workgroup membership.
Workgroup Admin
Read/write access to all resources created by users in the workgroup. Manage workgroup membership.
Workgroup User
Read/write access to all resources created by users in the workgroup
To add/promote users to a tenant admin, navigate to the IAM console and select "Manage Domain Access". Provide your credentials again and select "User Management" and then "Administrators" from the left hand menu. Input the email address of the new tenant admin and fill out the form.

Create a Workgroup

Workgroups can be created by tenant administrators through the IAM console. To create a workgroup, click the button to create a new workgroup on the IAM console dashboard.
Provide a workgroup name, description, and administrator email. Optionally choose to enable collaborators outside of the domain to add users from other domains to the workgroup.

Add Users to a Workgroup

Users can be added to a workgroup by tenant administrators or the workgroup's administrators. A workgroup can contain an unlimited number of users.
  1. 1.
    Open the IAM Console application
  2. 2.
    Select a workgroup in the Dashboard
  3. 3.
    Select "Users" from the left pane and click the Invite button.
  4. 4.
    In the Invite new user dialog box, enter the email addresses for the users you want to add. Enter one address per line or as a comma-separated list. Invitations are blocked if the email domain is not included in the domain whitelist. Ensure the "Has Access" menu item is selected from the product access drop down for the Illumina Connected Analytics.
    • Has Access - The user has access to Illumina Connected Analytics through the workgroup
    • No Access - The user does not have access to Illumina Connected Analytics through the workgroup
    ❗ To allow users to perform instrument run setup and data streaming from BSSH, they must also be granted the "Has Access" role for the BaseSpace Sequence Hub product.
  5. 5.
    Select Grant access. The invited user(s) receives an email invitation and a dashboard notification.

API Keys

To access the APIs using the command-line interface (CLI), an API Key may be provided as credentials when logging in. API Keys operate similar to a user name and password, and should be kept secure. API Keys are managed through the product dashboard after logging in through the domain login URL by navigating to the profile drop down and selecting "Manage API Keys".
Click the button to generate a new API Key. Provide a name for the API Key. Then choose to either include all workgroups or select the workgroups to be included. Selected workgroups will be accessible with the API Key.
Click to generate the API Key. The API Key is then presented (hidden) with a button to show the key to be copied and a link to download to a file to be stored securely for future reference. Once the window is closed, the key contents will not be accessible through the domain login page, so be sure to store it securely for future reference if needed.