Create Content


This article describes how to create a new Sub-Administrator account using the CloudControl UI for SAML-Enabled Organizations.


  1. Only the Primary Administrator for an Organization can create additional Sub-Administrator users.
  2. This process is relevant only to SAML-Enabled Organizations. For standard organizations, see How to Create a Sub-Administrator using the CloudControl UI

Content / Solution:

  1. From the Home screen, click on the Compute button and select Account Management from the drop-down menu:

  2. You will be on the User Management page. Click on the Add User button in the upper left-hand side of the page:

  3. The Add User dialog will be displayed:

  4. Fill out the form with the appropriate information. Once the form has been filled out, click Save:

    • Corporate Credentials Identifier -  This field needs to match the desired user in your Organization's corporate identity provider (e.g. Active Directory).

      1. The Corporate Credentials Identifier must be identical to the identifier configured in your Identity Provider.  This will be either the SAMAccountName or the UPN.
      2. The username restrictions do not apply to the Corporate Credentials Identifier.
    • First Name - First name of the person for whom the Sub-Administrator account is being created.
    • Last Name - Last name of the person for whom the Sub-Administrator account is being created.
    • Email Address - Email address of the person for whom the Sub-Administrator account is being created.
    • Country Code (optional) - Telephonic Country code (i.e. "1" for USA, "61" for Australia, etc.)
    • Phone Number (optional) - This field is used for the Two-Factor Authentication functionality - it defines the mobile phone to which the two-factor function will send the SMS authentication code. This phone number needs to be valid or the user will not be able to log in. The field will be visible here in the "Optional" section only if Two Factor Authentication is Disabled. If it's enabled, this is a required field. For details, see How to Enable or Disable Two Factor Authentication Using SMS for your Organization 
    • Department (optional) - This field is metadata that you can add for audit log purposes. It will appear on the Administrator Logs report described in How to Create an Administrator Logs Report.
    • Custom Defined 1 (optional) - This field is an additional metadata field that can be used for the same purpose as the 'Department' field. You should define the values you wish to use for any of these metadata fields and use it consistently across all subscribers. For example, if I wanted the ability to generate reporting about usage of the service by Department Manager, I could populate the Customer Defined 1 field with the name of each user's Department Manager. However, for the reporting to be useful, I need to consistently use the Customer Defined 1 field with the Department Manager. These fields are limited to 255 characters with no additional restrictions.

    • Custom Defined 2 - This field is automatically populated with the Corporate Credentials Identifier.

    • Roles - All Sub-Administrators will have read-only access to all functions of the application. However, you can choose which roles you want to associate with the user, which determines what functions they can actually perform. You can choose to assign as many roles as you want to a given user.

      Note: Hovering your mouse over one of the Roles will display a tooltip with a description of the role.

      • Network - Allows the user to utilize any of the Network functions, allowing them to create new networks, delete networks, or modify existing ones (such as adding/removing firewall rules).

      • Server - Allows the user to deploy servers, modify the characteristics of servers, or delete servers. They can take any action on the Server function except to create a Client Image.

      • Create Image - Allows the user to create Client Images from any deployed server.

      • Reports - Allows the user to view Reports functions available on the Reports page.

      • Backup - Allows the user to manage Backup facilities associated with Servers.

      • Tag - Allows the user to create and manage Tags, which can be used for tagging of Cloud assets.

      • DRS -  Allows the user to manage DRS for Cloud

      • VPN -  Allows the user to have access to VPN

  5. The system will display a success message:

  6. The new Sub-Administrator will be created and the UI will be updated to reflect the change:

For instructions on how to manage a Sub-Administrator, see How to Manage Sub-Administrators for a SAML-Enabled Organization