There are two distinct user types: Morpheus users and LDAP users. Each type of user serves a specific purpose and requires different methods for account creation.

Morpheus Users (Morpheus Web Interface Access)

Morpheus users are required to log in to the Morpheus platform using their credentials to perform tasks such as provisioning VMs, managing networks, and monitoring resource usage.

To create a Morpheus user account:

      • Log in to the Morpheus using your tenant administrator credentials.
      • Navigate to the Administration → UsersCreate User
      • Fill in the required information for the new user, including first name, last name, username, email address, password and role.
      • Assign appropriate permissions and roles to the user based on their responsibilities within the tenancy 
        •  There are two roles:   ewcloud-tenant-admin ( for admin privileges ) and  ewcloud-user (for users without admin privileges )

 Save the user details to create the Morpheus user account.

Please note Linux and Windows settings are not necessary to create a Morpheus user but can be created voluntary depending on your use cases.




LDAP Users

To create a new user which syncs across all VMs in the tenancy, you need to create it inside the LDAP. 

There are two ways to do it:

Create a new LDAP user inside Morpheus Running a Morpheus Workflow

Head over to the Provisioning tab in Morpheus and click your LDAP instance. 

Select Actions > Run Workflow > Create a new LDAP user

Fill in the values, and do note that the public SSH key is mandatory. Below is a screenshot of a correctly filled workflow. 

Fill all mandatory information: FIRST NAME, LAST NAME, USERNAME, PUBLIC SSH KEY AND INITIAL PASSWORD.

The user will be prompted to change their password upon first login after successful creation and the minimum lifetime of password is set to 1 hour.


Note: Created users cannot be automatically added to the sudoers group for security reasons. However, you can grant sudo privileges manually from cli or web browser interface. Check EUMETSAT - Configure LDAP#Addsudoruletoagroup for CLI, once you create the rule (if it doesn't exists already) and you add it to a group, all users in that group will be using that rule.


Create a new user by accessing the LDAP itself

To create a user manually (this might be needed if you need to customize access to VMs, reset passwords, etc.) you can follow the guide at: EUMETSAT tenancy: Default setup or use the following instructions to access and use the UI:

Connect using your browser to : https://ldap/

Proceed despite the security warning of the browser due to the self-signed certificate.  Log in using the username "admin" and the credentials stored in Morpheus (see under the Tools → Cypher menu and decrypt the entry for "ipa_admin" for the password).

Adding a new user via the LDAP GUI

Under the users tab, add a new user


Accessing via the command line

ssh to your ldap server (this likely requires you to go via a SSH proxy server or jumphost).  Once there, change to the LDAP admin user by running "su - {take the user from Cypher secret/ipaadmin_username}" and the password stored in Morpheus under the Tools → Cypher menu (decrypt the entry password/ipaadmin). 

Then run 

ipa user-add <USERNAME>--first=<FIRSTNAME> --last=<LASTNAME> --password