To Delete the Local User after Installing Private Cloud Edition
During installation, Anypoint Private Cloud Edition creates a local Anypoint Platform user that enables you to configure platform components during installation. The credentials for this user are stored locally in Anypoint Platform. However, after configuring an external authentication provider such as LDAP, you should delete this user to improve security.
Prerequisites
Before deleting the local user, perform the following:
-
Install and configure your external identity provider.
-
Ensure that
SystemAdmin
user is not the owner of any other organizations.
Disabling the Local User
-
Select the new user you want to assign administrator privileges. This user must be defined in your external identity provider.
-
Determine the internal user ID for this user.
-
From Anypoint Platform, select Access Management.
-
Click the Users tab, then click the name of the user.
-
Record the internal user ID. This ID appears in the URL as:
-
-
Enter the gravity shell.
gravity enter
-
Identify one of the
cs-auth
containers using the following command:kubectl get pods -l microservice=cs-auth
-
Change the owner using the following command, providing the internal the
cs-auth
container and user ID obtained above:kubectl exec -it <cs-auth-container> – node bin/change_owner.js --new-owner-id <user_id>
This command changes the owner from the default system user to a new user managed by the external authentication provider. The command you use should be similar to the following example:
kubectl exec -it cs-auth-1572348378-0kb57 – node bin/change_owner.js --new-owner-id a363279f-982f-493c-b08f-9feb91be90d4
-
Disable and delete the
System Admin
user.-
Login as the user you just added as the organization owner. as owner.
-
From Anypoint Platform, select Access Management.
-
Click the Users tab, then click
username
in the same row asSystemAdmin
. -
Click Disable, then click Delete.
This removes the default user from the platform.
-