Managing User Access

Managing User Access#

CU Boulder Users#

CU Boulder user groups are managed through grouper.

Note: Users must be logged in to the CU Boulder VPN to access Grouper.

Adding Users#

AWS customers can add team members as Administrators to their AWS account. This is done using CU’s Grouper Tool. Note that changes can take up to 15 minutes to take effect.

  1. Navigate to the Grouper Group for your AWS Account using one of the following methods:

    Method 1: Use the direct link that was sent to you in your welcome email to go directly to the group you wish to administer, and login using your CU IdentiKey.

    Method 2: Go to the My Grouper Groups view in Grouper. Login using your CU IdentiKey. Filter for ‘AWS’ (if you can’t find your group easily). You will see a list of groups that you can administer. Select the Group for your AWS Account.

    The Grouper "My groups" page with the AWS filter applied

  2. In the ‘Members’ tab view, click the “Add members” button.

    The Grouper "Add members" button

  3. In the ‘Member name or ID’ field, enter the user’s CU IdentiKey and select the matching entry.

    The Grouper dropdown box for selecting members to add to a group

  4. Click the ‘Add’ button.

    The Grouper "Add" button for adding the selected member to a group

  5. Verify the new user show up in the table.

    The Grouper group membership page with a sample user circled in red

Removing Users#

Users can be removed from accessing the AWS account by removing them from the Grouper Group.

  1. Login to the Grouper Group, as described above, using your CU IdentiKey.

  2. In the ‘Members’ tab view, place a ‘check’ next to the user(s), and click the ‘Remove selected members’ button.

    The Grouper group membership page with a sample user checked for removal

  3. Verify the user(s) no longer appear in the table.

Non CU Boulder Users#

Non CU Boulder user groups are managed through Microsoft Entra groups.

Your Group Name#

The Entra group name to manage access to your AWS account is in the form ‘<account-alias>-CustomerAdmin’. To find your account alias view the top right corner of the screen when logged into the AWS console.

AWS console top right corner showing the account alias identifier highlighted within a red square in the navigation bar

Adding Users#

AWS customers can add team members as Administrators to their AWS account. This is done using AWS Entra Groups. Note that changes can take up to 15 minutes to take effect.

The technical contact person is added as Owner of the Entra group and they will have access to add members to the group.

Refer to Microsoft’s Documentation to add members to groups.

Removing Users#

Users can be removed from accessing the AWS account by removing them from the Entra Group.

Refer to Microsoft’s Documentation to remove members from groups.

Contents