Create and manage accounts for Cyral control plane users
The Account users tab in the Cyral control plane UI allows you to manage Cyral administrators.
This section of the UI is not used to manage repository accounts that you will map for SSO-authenticated repository users. For such accounts, see Manage identity mappings.
Add a single Cyral administrator
To add a user who can do tasks in the Cyral control plane follow these steps:
- Click Account users in the left navigation bar.
- Click the plus sign.
- In the Add User screen, provide the users name and email address.
- For Role choose a role designation to determine what actions they'll be allowed to take. See Manage Cyral roles.
- Click Add User.
Cyral will email the user a link that allows them to complete their registration and set a password.
Add Cyral administrators using SSO groups
If you've enabled SSO for Cyral, you can use SSO groups in your identity provider (for example, a group in Okta) to give people administrative rights in Cyral. See this up as shown here:
- Set up SSO between Cyral and your identity provider.
- Make sure your identity provider has an appropriate group for your Cyral administrators. You can create a role for each type of administrator you want to have, and then map a unique SSO group to that role.
- Map your SSO group to a Cyral role that has administrative rights.
Once the above mapping exists, you can make any SSO user a Cyral administrator by adding them to the right group in your identity provider.