Tenant Management
No subtopics in thissection
Software AG provisions API Control Plane on the Software AG Cloud platform exclusively in the Azure Europe region. Users registered with Software AG Cloud and having the required user roles assigned can access API Control Plane. To purchase API Control Plane, contact Software AG.
User Management
User Management in Software AG CloudUser groupsUser management refers to the processes and practices employed to create, maintain, and control user accounts within API Control Plane. It encompasses a wide range of activities related to user accounts, authentication, authorization, and user lifecycle management. User management is essential for maintaining the security, privacy, and operational integrity of API Control Plane.
Key aspects of user management in API Control Plane include:
- User Registration and Onboarding. This involves the process of adding new users. It may include gathering user information, verifying identity, and assigning appropriate access privileges.
- Authorization and Access Control. User management defines user groups, permissions, and access levels to control what each user can do within API Control Plane.
- User Profiles. User profiles enable personalization and customization of the user experience.
- User Lifecycle Management. Managing user accounts throughout their lifecycle. This includes activities such as creating, updating, and deleting accounts as needed.
- Password Management. User management includes features for users to reset default passwords, change passwords, and recover lost or forgotten passwords securely.
User Management in Software AG Cloud
You can manage user’s information from the Administration page in Software AG Cloud.
Users: User personas who can access API Control Plane and perform tasks. There are two user personas, Cloud-Tenant-Administrator and APIControlPlane-User depending on the roles assigned to the users. Based on the user groups assigned, user can access API Control Plane.
Note
Only the Cloud-Tenant-Administrators can create, modify, and delete users.
User groups
API Control Plane is shipped with the following predefined user groups:
- API Control Plane administrators
- API platform providers
- API product managers
Here’s what each user group can do:
| User group | Description |
|---|---|
| API Control Plane administrators | API Control Plane administrators oversee the assignment of user groups to new users. |
| API platform providers | API platform providers oversee the runtime registration, monitoring, and overall management of data planes, runtimes, and their associated APIs. This involves monitoring the KPIs, such as total transactions, response time, and so on, to identify anomalies or performance dips and rectify issues before they escalate. |
| API product managers | API platform managers oversee the deployment of APIs, manage the API life cycle, and monitor the API status and performance of APIs across regions. This involves tracking key metrics such as response times, error rates, and usage patterns to identify potential issues and areas for improvement. |
Note
The API platform providers and API product managers user groups are automatically assigned to a Software AG Cloud user by default. The User Management screen allows an administrator user to modify these user groups, but these modifications are reset when the Software AG Cloud user logs in again.
The following table lists the privileges based on the user group.
Note
When the API Control Plane license expires, any kind of addition, modification, and deletion within the API Control Plane are restricted. Nevertheless, you retain the ability to view assets and monitor their performance based on collected metrics until the license ceases. In essence, the API Control Plane captures snapshot of the instance, granting you read access.
Manage Users
Modifying user detailsThe User management page displays the list of users using API Control Plane. To navigate to the User management page, expand the menu options icon 
, in the title bar, and select User management.
As shown in the following figure, the highlighted areas on the User Management page allow you to customize the rows and columns of the user list, view the list of users and their respective user groups, search, filter, edit, and delete the user.
Note
- User management is the default landing page for API Control Plane administrators.
- A user with no user groups assigned cannot log in to API Control Plane.
Modifying user details
User Management allows you to modify the user details and their user groups.
Before you begin:
You must be signed in as an API Control Plane administrator to perform this task.
To modify the user details
Expand the menu options icon
, in the title bar, and select User management.
A list of available users appears.Click Action menu > Edit on any user.
The Edit page appears displaying the Step 1 Basic details section.
Edit the First name, Last name, and Email, as required.
NoteYou cannot edit the Username or the Password.
Click Next.
The Step 2 Groups section appears.
Modify the assigned user group either by selecting a new user group or removing the existing user group based on your requirements.
Note- A user must have at least one user group assigned.
- You cannot edit the user group assignment for yourself.
Click Save.
The user details are modified.
GDPR Compliance
No subtopics in thissection
Data protection laws and regulations, such as the General Data Protection Regulation (GDPR), is designed to give individuals more control over their personal data by strengthening their rights, and imposing greater responsibilities on organizations that collect, process, and store personal data.
Several measures are in place in API Control Plane to protect the privacy rights of individuals. Here are some of the essential things that are implemented:
- Data protection policy. Only authorized and authenticated users can access, create, modify, or delete personal data in API Control Plane.
- Record data processing activities. API Control Plane has an auditing functionality to verify which user created, modified, or deleted personal data.
- Encrypt personal data. To protect personal data, API Control Plane encrypts personal data that is stored on disk or other persistent storage, as well as data that is communicated over network connections using HTTPS or TLS. No personal data like usernames, passwords, or other personal details are stored in any of the log files or other external storage systems.
Custom Domain
How to configure Custom DomainChecks for existing assets after configuring custom domainA custom domain is a unique name that identifies your website. There are scenarios where you do not want to expose the default domain provided by API Control Plane. In such cases, you can customize the default tenant URL or domain and access the tenant using your own domain.
Use custom domain if you want to make your application accessible on your own domain.
How to configure Custom Domain
You can request for a custom domain name for your tenant. For example, if your company domain is abc.com, you can have the domain name as https://subdomain.abc.com. Contact Software AG Global Support for details on how to enable and configure the custom domain capability.
To configure custom domain, perform the following steps:
Determine the domain to be configured for your account.
The domain name is owned by you. For now, you can configure one custom domain per tenant.Decide the SSL certificate required, which depends on whether you want to protect the custom domain.
Share the custom domain to be configured for your account with Software AG.
Obtain the SSL certificates from a Certificate Authority (CA).
Send the SSL certificates and Certificate Key to Software AG in base64 format to configure the certificates on the custom domain load balancer.
Software AG sends you the CNAME in return.
Using the CNAME, configure your DNS to point to the custom domain load balancer.After the configuration is completed, start using the custom domain to access API Control Plane.
Checks for existing assets after configuring custom domain
External endpoints change after the custom domain is configured, so you must inform your partners about the new domain. The old URL used by the tenant doest not work.
Ensure that runtime connectivity to API Control Plane uses the new domain. If any existing runtimes are already connected, the agent configuration must be updated with the new domain URL, after the custom domain is configured.