Managing admin users
Customers who have a self-hosted (on-premises) installation of Tonic can designate admin users to perform administrative tasks in Tonic.
A self-hosted customer should designate at least one admin user. However, administrator privileges should be limited to a small number of high-trust users.
Admin users have access to the Admin Panel. From the Admin Panel, they can:
- Remove and reset passwords for Tonic users, if the instance does not use single sign-on (SSO)
- View summary usage metrics
Admin users can also see the entire list of workspaces in the instance. They are not automatically granted any access to view or edit workspaces. Each admin user can only view and edit workspaces that they individually own or are granted access to.
However, admin users can:
- Copy any workspace identifier
To establish the first admin users for a new instance of Tonic, you add a variable to your environment configuration.
These users do not have to be Tonic users when you update the environment configuration. They are not created as Tonic users based on the environment configuration.
When Tonic users with these email addresses are created, they are granted administrator access.
Update your .env file to include the email addresses of the Tonic users who should receive administrator access.
The docker-compose.yaml should contain the
TONIC_ADMINISTRATORSenvironment variable within the
tonic_web_serverconfiguration block. If not, pull the newest version.
In the values.yaml file, under
tonicai.web_server, edit the
administratorsproperty to include the email addresses of the Tonic users who should receive administrator access.
To verify that you have the required version of the Helm charts, check that values.yaml contains the
tonic-web-server-deployment.yaml should contain a block for the
TONIC_ADMINISTRATORSenvironment variable. If not, pull the newest version from our Github repo.
On the User Management tab of the Admin Panel, the Tonic Admins list contains the current list of admin users.
Tonic Admins list on the Admin Panel
To display the Admin Panel, in the Tonic heading, click Admin.
For each admin user, the list shows the name, email address, and when the user was most recently active in Tonic.
To use a column to sort the list, click the column heading. To reverse the sort order, click the column heading again.
You can use the name or email address to filter the list. To filter the list, begin to type text that is in the name or email address of the admin users to display.
You can grant administrator privileges to an existing Tonic user.
To add an admin user:
- 1.Under Tonic Admins, click Add Admin User.
- 2.From the User dropdown list, select the user to grant administrator privileges to.
- 3.Click Grant Access.
You can remove administrator privileges from an admin user. They are removed from the Tonic Admins list.
They are not removed from the Tonic Users list. They are still Tonic users.
To remove administrator privileges, click the delete icon for the admin user.
For admin users that are configured in the environment variable, there is no delete icon. Instead, there is a lock icon. To remove administrator privileges from those users, you must update the environment variable.