Till now Cloud Portam is designed to be used by individual users. Individual users create their account, add cloud resources they wish to manage through the application and then manage the data in those cloud resources. While this approach works very well for individual developers, this becomes a problem when members of a team wish to manage their Cloud Resources.

Challenges

Some of the challenges are:

  • An administrator would need to give out the account credentials (e.g. storage account key) to all users in the team.
  • There is no control over who can do what. As the users have access to account credentials, they essentially have administrative privileges and thus can intentionally/unintentionally cause irreparable damage.
  • In case cloud resource credentials need to be regenerated, an administrator need to notify each user who is managing that cloud resource through the application.
  • It is not possible to audit who did what because each user has her/his own account.

How Cloud Portam Team Edition Tries To Overcome These Challenges

Team Edition tries to solve these problems:

  • Team edition of Cloud Portam relies heavily in Azure Active Directory (Azure AD). Users are authenticated against Azure AD. These users need to be provisioned into company’s Azure AD. Furthermore, an administrator need to enable access to Cloud Portam in company’s Azure AD.
  • When provisioning users in Cloud Portam (process referred to as “Importing Users”), an administrator can assign a role to a user; these roles define what management activities a user can perform in Cloud Portam. Management activities include but not limited to managing users, managing cloud resources, managing billing, viewing reports etc. A user can be in one of the following management role:
    • User: No management privileges.
    • Co-Administrator: Limited management privileges including but not limited to viewing/updating users, managing cloud resources, viewing reports etc.
    • Administrator: Full management privileges.
  • An administrator adds cloud resources (Azure Storage Account for example) that she/he wants her/his team to manage through Cloud Portam. An administrator can grant one of the four permission to a user on a cloud resource:
    • None: User does not have access to a cloud resource. This is the default permission for a team member in “User” role. With this permission, a user does not even see a cloud resource in their dashboard.
    • Read-Only: User can only view data from a cloud resource.
    • Read-Write: User can not only view the data but update it as well. User can create new data as well.
    • Full: User has full permission on the cloud resource and can perform create/read/update/delete operations on that cloud resource. This is the default permission for a team member in “Admin” or “Co-Admin” role.
  • By default Cloud Portam logs all create/update/delete operations performed via the application on cloud resources. An administrator can view a report of these operations.
  • Cloud Portam will also log all management operations.

Process

The process is quite straightforward. First you would need to sign up for the team edition which you can do so by visiting this link: https://app.cloudportam.com/team/sign-up. Once you have signed up, you import users from your Azure Active Directory into your account in Cloud Portam. You also add cloud resources (Azure Storage, Search Service, DocumentDB accounts) that you want to manage through Cloud Portam. Once that is done, you start assigning permissions to the users in your team to the cloud resources.

Few Commonly Asked Questions

  • I’m currently using Cloud Portam. Can I use the same credentials to use the Team Edition? 
    Unfortunately No. With the release of “Team Edition”, the version that you have been using is named as “Personal Edition”. You will need to sign up for the Team Edition with a different email address.
  • Why do you need access to my Azure Active Directory?
    Cloud Portam makes use of your Azure Active Directory for authenticating users in your team.
  • What kind of permissions will you need on my Azure Active Directory?
    Cloud Portam needs two permissions on your Azure Active Directory: 1) Read permission so that we can fetch the list of users from your Azure Active Directory and 2) Sign-On and read user profile permission so that we can log users in into Cloud Portam.
  • Is there a cost to use the Team Edition?
    Currently it is free but eventually yes. We haven’t decided on the pricing model yet but it will be subscription based with per user / per month kind of pricing model.

Relevant Blog Posts