On the “Organization” page, the new invitee will appear on the list with the “Invited” status. Once they accept the invitation, the user will be listed in the main “Users” list.
The newly invited Admin will have the ability to set a password. If the Admin ever forgets the password, it is possible for them to reset it through a recovery email.
How to Invite a New Admin in a Workspace
On the Admins page, to invite a new Admin, click the Create New Admin button.
When a new Admin receives an invitation, they will only be able to log in with that email address. Assign the appropriate Role and click Invite Admin to send the invitation.
On the Admins page, the new invitee will appear on the list with the “invited” status. Once they accept the invitation, their status will change to “accepted”.
The newly invited Admin will have the ability to set a password. If the Admin forgets the password, it is possible to reset it through a recovery email.
⚠️ IMPORTANT: By default, the registration link will expire after 259,200
seconds (3 days). This timeframe can be configured with the
⚠️ IMPORTANT: If an email fails to send, either due to an incorrect email address or an external error, it will be possible to resend an invitation.
⚠️ IMPORTANT: If SMTP is not enabled or the invitation email fails to send, it is possible for the Super Admin to copy and provide a registration link directly. See the next section.
How to Copy and Send a Registration Link
If a mail server is not yet set up, it is still possible to invite Admins to register and log in.
Invite an Admin as described in the section above.
If the “View” link is clicked next to the invited Admin's name, a
register_urlis displayed on the invitee's details page.
Copy and directly send this link to the invited Admin so that they may set up their credentials and log in.
⚠️ IMPORTANT: If
ldap-auth-advanced, credentials are
not stored in IAM, and the Admin will be directed to Login.
How to Grant an Admin Access with LDAP
Pick a user in the LDAP Directory that will be the Super Admin.
Change the Super Admin's username in IAM by making a
admins/kong_adminand setting the value of
usernameto the corresponding LDAP
For example, if the LDAP user's attribute is
/admins/kong_admin should have a
username set to
Log in to IAM Manager using the LDAP credentials associated with the Super Admin.
Invite Admins from the “Admins” page in IAM Manager, ensuring that the
usernameof each Admin is mapped to the
attributevalue set in the LDAP directory.
⚠️ **IMPORTANT**: To enable the Admins to log in, it is still necessary to assign a Role to them.
Once an Admin has logged in successfully and accesses the Admin API using their LDAP credentials, they will be marked as “approved” on the “Admins” list in IAM Manager
⚠️ **IMPORTANT**: The new Admins will still receive an email, but all credentials will be handled through the LDAP server, not IAM Manager or the Admin API.
Using the Organization Page to Manage Users
To view all of the current Workspaces and Roles, click the “Organization” link on the top navigation bar.
From this page, it is possible to update every user's Role across any Workspace. From the “Roles” tab, it is also possible to update the permissions assigned to each Role.
Next: Vitals ›