Logging In and Out of the Cisco MSX Portal
To log in to the Cisco MSX user interface, enter the following URL in your web browser address field, where server-ip is the IP address or fully qualified domain name (FQDN) name of the Cisco MSX server:
https://<server-ip>Cisco MSX or https://www.example.com/
Depending on your network configuration, the first time your browser connects to the Cisco MSX web server, you may have to update your client browser to trust the security certificate of the server. This ensures the security of the connection between your client and the Cisco MSX web server.
What you can see and do in the user interface is determined by your user account privileges. For information on Cisco MSX users and the actions, they can perform, see the topic on 'Managing Users'.
To log out, select the user and click Logout.
Role-Based Access in Cisco MSX
In Cisco MSX, user permissions are managed using Role-Based Access Control (RBAC). RBAC restricts or authorizes the system access for users based on that user's roles. Based on the permissions that are assigned to a user by an administrator, a user can define and customize how their services are exposed to customers.
The permissions allow customizing the various aspects of a service workflow, such as managing tenants, notifications, integration with BSS systems, announcements, and so on. The role-based access permissions are categorized into:
-
Service Pack Specific Permissions: Include permissions for controlling various settings for the service packs.
-
Services, Configurations, and Devices Specific Permissions: Include permissions for configuring various settings for the devices and services.
-
Integrations, Settings, and Log Specific Permissions: Include permissions for controlling integration, log, and SSO configurations.
-
Users, Roles, and Tenants-Specific Permissions: Include permissions to configure user, remote users, tenants, roles, provider settings, and so on.
For more information on Cisco MSX out-of-the-box roles, see 'User and Role-Based Access in Cisco MSX' in Cisco MSX Administration. For a complete list of all the permissions available in Cisco MSX, see Cisco MSX Platform and Service Packs Permissions Addendum.
Managing the Managed Device-Specific User Roles
In Cisco MSX, you must create a new role (such as Managed Device Operator) and assign the permissions required to operate the platform tasks.
To create a new role and assign it to users:
Task |
Reference Topics |
|
---|---|---|
1. |
Log in to the Cisco MSX Portal (as an Admin/Super user). |
— |
2. |
Create the tenants. |
For more information on creating a new tenant, see Managing Tenants. |
3. |
The SP_OPERATOR role available in Cisco MSX has the permissions necessary to create and manage Managed Device services. You may also create a role specifically for Managed Device and assign the permissions required to operate Managed Device. |
For more information on creating a new user role, see Managing Users. |
4. |
Create a user (such as Tenant Operator user), assign the role that is defined in Step 3 to this user, and select all the tenants that the user must access. |
For more information on creating a new user, see Managing Users. |
Managing User Roles
A user is granted access to desired system resources only if the assigned role grants access privileges. For example, the user with the admin role can define a new role, create tenants, create users, and so on. For more information on assigning roles to a user, see Managing Users.
Adding User Role
To add a user role:
Procedure
Step 1 |
Log in to the Cisco MSX Portal. |
||||||||||||||||||
Step 2 |
In the main menu, click Roles. The Manage Roles window appears. |
||||||||||||||||||
Step 3 |
Click Add Role. |
||||||||||||||||||
Step 4 |
Enter the Role Name, Display Name, and Description. |
||||||||||||||||||
Step 5 |
To assign permission for the roles, click Category and select the corresponding check box for the permission(s) that you must grant to the role. The types of permission you can grant are:
The table below lists the Managed Device category of permissions.
For more information on permissions that are required for managing Meraki and other devices supported by Managed Device, see Cisco MSX Platform Addendum. |
||||||||||||||||||
Step 6 |
Click Save. |
Modifying User Role
To modify a user role:
Procedure
Step 1 |
Log in to the Cisco MSX Portal. |
||||||
Step 2 |
In the main menu, click Roles. The Manage Roles window appears. |
||||||
Step 3 |
Select the role that you want to modify and click the Edit icon. |
||||||
Step 4 |
To assign or revoke the permission for the roles, click Category and then select or unselect the corresponding check box for the permissions. The table below describes the type of permissions that you can grant:
|
||||||
Step 5 |
Click Save. |
Managing Tenants Groups
After you create tenants, you can configure the tenant groups, which are a collection of tenants that are grouped for assigning a common list of functions such as, service extensions parameter values, and so on.
To manage tenant groups:
Procedure
Step 1 |
Log in to the Cisco MSX Portal. |
||
Step 2 |
In the main menu, click Tenant Groups to view the list of tenant groups with their details in the Manage Tenant Groups window. |
||
Step 3 |
Click Add Tenant Group. |
||
Step 4 |
Enter the Name and Display Name of the new tenant group. |
||
Step 5 |
(Optional) Enter the Description. |
||
Step 6 |
(Optional) From the Associate Tenants drop-down list, choose the tenant to associate with the new tenant group.
|
||
Step 7 |
Click Save. |
Managing Tenants
The multi-tenant architecture of Cisco MSX can segment the data stored by a tenant. When tenants are defined, data is partitioned by the tenant. Thus, provides data security and privacy for each tenant while allowing cloud or managed service providers the flexibility to consolidate many smaller customer configurations on a set of infrastructure servers.
The key points that you should know, while configuring tenants are:-
Tenant administrators are linked to their data by a tenant object.
-
Tenant objects have to be consistent and unique across all clusters.
-
A tenant administrator cannot view or modify the data of another tenant.
To manage tenants:
Procedure
Step 1 |
Log in to the Cisco MSX Portal. |
Step 2 |
In the main menu, click Tenants. The Tenanats window appears. Displays the list of existing tenants with their details. |
Step 3 |
To add a new tenant: |
Step 4 |
To update the tenant details:
|
Step 5 |
To delete the teanant: |
Managing Users
Note |
You can also disable the creation and modification of users, by choosing Single Sign On and using Identity Provider. The procedure below describes the use of local user accounts. |
Before you begin
You should have administrator privilege for managing users.
Procedure
Step 1 |
Log in to the Cisco MSX Portal. |
||
Step 2 |
In the main menu, click Users. The Users window appears. Displays the list of users and their details. |
||
Step 3 |
To add user:
|
||
Step 4 |
To assign a role:
|