When you create an HCP tenant, HCP automatically creates the initial user or group account for the tenant, depending on which query parameters you include in the PUT request.
Creating an initial user account
To create a tenant with an initial user account, you use these query parameters, which correspond to user account properties with the same name:
•username — This parameter is required when you create a tenant. The username you specify is also used as the full name for the user account.
•password — This parameter is required when you create a tenant.
•forcePasswordChange — This parameter is optional when you create a tenant. The default is false.
For information on values for these parameters, see userAccount data type properties.
The user account that’s created:
•Is enabled
•Is locally authenticated
•Has only the security role
•Has no data access permissions
•Has no description
The username, password, and forcePasswordChange query parameters are valid only when you create an HCP tenant and only if you enable local authentication for the tenant in the same request. They are not valid on a request to modify a tenant.
For an example of a request that uses these query parameters, see “Example: Creating an HCP tenant” on page 39.
Creating an initial group account
To create the tenant with an initial group account, you use the initialSecurityGroup query parameter. The value of this parameter must be the name or SID of an AD group defined in the AD forest supported by HCP. You can specify the name in either of these formats:
group-name
group-name@ad-domain-name
If you omit the domain name, HCP uses the AD domain specified in the system configuration.
Be sure to use the second format if a group with the specified name exists in more than one domain in the AD forest or if the group name looks like a SID.
The group account that’s created:
•Has only the security role
•Has no data access permissions
The initialSecurityGroup query parameter is valid only when you create an HCP tenant and only if you enable AD authentication for the tenant in the same request. It is not valid on a request to modify a tenant.
© 2016 Hitachi Data Systems Corporation. All rights reserved.