Anyware Manager as a Service Account Ownership
Anyware Manager as a Service accounts have a single account owner, and one or more administrators who have the ability to authenticate to the Admin Console and manage Anyware Manager as a Service deployments and services. The account owner is any user who is able to sign in with a supported identity provider and provide a PCoIP registration code. The following are some important points around the Anyware Manager as a Service account owner:
- Account ownership changes will change all account data, including all deployment, remote workstation and user data to another account owner and cannot be reversed without the new account owner providing authorization.
- If the account owner password is lost it can only be recovered through the identity provider. Teradici does not store any of the passwords. It is the customer's responsibility to maintain access to their account owner's password and if necessary securely store the account information.
- As the account owner's account is provided by an identity provider such as Google or Microsoft, Teradici does not have the ability to recover account owner's account and is unable to transfer data to a new account if there is no access to the old account.
- Teradici can transfer a Anyware Manager as a Service account to another account owner provided the old and new owner accounts are accessible by the system administrator. In order to perform an account transfer see below.
Both Microsoft and Google support transferring accounts from one organization to another. The process for doing this differs between the providers and in order to initiate this account transfer the user must work with the indentity provider in question. Once the account has been transferred through the identity provider, the user will be able access Anyware Manager as a Service but they will not see any of their old data as Anyware Manager as a Service recognizes this as a different account. Anyware Manager as a Service uses a unique object identifier returned by the identity providers to associate specific data to specific user's. This identifier is immutable and cannot be changed.
Account Ownership Transfers¶
If a Anyware Manager as a Service account needs to be transferred to a different account, the owner will need to open a support case and upon request from Teradici, provide the following information:
- Anyware Manager as a Service Authorization token from the old account: This needs to be provided by the user.
- Anyware Manager as a Service Authorization token from the new account: This needs to be provided by the user.
For information on how to obtain a Anyware Manager as a Service authorization token from the Admin Console, see the API Access Token section of the Anyware Manager Administrator's Guide.
All the tokens are acquired by authenticating the identity provider and as a result must have specific permissions in order to succeed.
Account Data Transfers
Transferring an account means that all data from one account is moved to another. This might not be suitable for Managed Service Providers that may be managing multiple deployments.
The two general use-cases for requiring an account ownership transfer are:
Owner account is disabled and access to the old account is possible
In the scenario where the account owner leaves the organization and their account is permanently disabled but it is possible to access the old account, an account transfer can be undertaken. The following steps need to be followed:
- The user's IT organization needs to reactivate the account and sign into Admin Console.
- Create a support ticket. See here for information on creating a support ticket with Teradici.
- Provide an authorization token from the old account.
- Provide an authorization token from the new account. Anyware Manager as a Service operations uses the above information to migrate the accounts.
- Disable the old account once more.
Owner account is disabled and access to the old account is not possible
In the scenario where the account is permanently disabled and access to old account is not possible then there is no way to validate the authenticity of the request and requester. An account transfer cannot be completed.
Performing an Account Ownership Transfer¶
The following steps outline how to transfer a Anyware Manager as a Service user account:
- Sign into the Admin Console with the old account.
- Click the user account icon and click on the Get API token.
- Copy the token and sign out of the Admin Console.
- Do the same process with the new account and copy the token again.
- Send the old account and new account tokens to HP and the transfer needs to be processed within 2 hours of receiving the tokens.