Tecton offers a self-service user management portal through our Web UI. Navigate to the Admin Console by clicking on your avatar at the top right of the screen as pictured below:
From the Admin Console, cluster administrators can add new users or remove existing users from their Tecton instance. To become an administrator, please contact your Tecton deployment specialist.
Adding a new user through this console will send the user an activation email. For security reasons, this activation email will expire in 24 hours. Administrators can send new activation links by using the link provided in the "Status" column.
Add a new User
Click on Add New User in the Admin Console. You will be prompted for the user's email. A confirmation email asking to the user to set a password will be sent immediately.
Delete a User
Click on the "X" link in the user table. The user's Tecton account will be immediately deactivated and deleted. This operation is irreversible, but an Admin will be able to add the user again if needed.
Reset a User's password
If a user has forgotten their password, they can reset it using the Need help signing in? and Forgot password? links in the login screen. If they are still unable to reset their password by answering security questions, please contact Tecton support to get a one-time password that can be used to access the account and set a new password.
Resend User activation email
If a pending user (a user who has not setup a password) needs an activation email resent, there will be a Resend Activation Email link in the status column. This option is only available for users who have not activated their account and set a password.
Unlock a locked out User
Users can be locked out of their Tecton account if invalid credentials are provided across multiple login attempts. If a user is locked out, there will be a Unlock User link in the status column that will immediately unlock the user's account. If the user has forgotten their password, they can follow instructions above for resetting a password.
Assign Admin privileges to a User
To convert a user to an admin, check the checkbox under the Admin column for the desired user. Only existing admins can give other users admin privileges.
User Management and Single Sign-On (SSO)
Access to any of Tecton's resources is restricted to authenticated users. Access restrictions apply to the Tecton Web UI, the Python SDK, and FeatureService. Users must be authenticated via single sign-on, via credentials in Tecton's interfaces (for locally managed users), or via API tokens granted to users or service accounts (user accounts that represent a service rather than a real user).
When FeatureServices are used in production, API tokens granted to service accounts are typically used to authenticate the RPC or batch requests for feature data.
If your organization has a centralized system for managing users and groups, Tecton will integrate via SAML or OpenID Connect.
Tecton maintains complete audit logs that track the following events. You can request a copy of these logs from your Tecton deployment specialist.
- successful_login: User successfully logged into Tecton.
- failed_login: User failed to log into Tecton.
- logout: User logged out of Tecton.