By default, any user with an Azure Active Directory (AD) account and permissions to access your Azure subscription(s) can login to SquaredUp (up to the number of SquaredUp Named User licences you have bought), and SquaredUp administrators can manage which users are allowed to login.
This article covers the following:
- Who can manage SquaredUp (SquaredUp administrators)
- How to manage who can log on to SquaredUp for full-interactive use (SquaredUp Named Users)
- Restricting what SquaredUp users can see (Azure AD role-based access control (RBAC) and Team Folders)
- Delegating dashboard authoring (Team Folders)
- How to allow non-interactive viewing by any user (Open Access)
To manage SquaredUp you will need to be a SquaredUp administrator.
Whilst any user with an Azure Active Directory (AD) account and permissions to access your Azure subscription(s) can log on to SquaredUp, the number of users is restricted by the number of Named User licences you have purchased from SquaredUp. If for example you have purchased 10 Named User licences, the first 10 users to log on will get entered as Named Users and will consume licences accordingly. SquaredUp administrators can edit the list of users allowed to log on (whitelisting), or block particular users (blacklisting).
While trialling SquaredUp, the Trial licence provides you with unlimited logons.
Users who logon to the normal SquaredUp URL
http://<dnsname> as fully interactive users, are able to drilldown to further information, as much as their Azure AD role-based access control (RBAC) allows. These users will each consume one of the Named User licences that you have purchased.
Named Users can be managed in SquaredUp from the right-hand menu ☰ > system > named users.
A user can roam across devices, but cannot connect from more than one device simultaneously. A user can have SquaredUp open in several browser tabs on the same device at the same time, but cannot access SquaredUp from multiple different browsers at the same time. See Troubleshooting users being unable to log on.
SquaredUp adheres to role-based access control (RBAC) for Azure resources. A user logging on to SquaredUp will automatically be restricted to only show what their Azure AD permissions / RBAC allows them to see.
If the user does not have access to the resources that a particular tile is scoped to, they will not see the resources. If they have access to some of the resources they will see those resources, or in the case of the Cost tile they will not see the full cost, but instead see the subset of the cost that they have permission to see.
Users with restricted access to resources in Azure AD will see a message when they are unable to see any of the resources a tile is scoped to:
In addition to this, Team Folders allow you to limit access to dashboards for security or operational reasons, and to simplify the SquaredUp experience for your different teams.
See Team Folders.
By default, only SquaredUp administrators are able to create, edit and manage dashboards in SquaredUp.
SquaredUp administrators can configure Team Folders to allow different teams, or users, to create and customise dashboards within a Team Folder.
See Team Folders.
Open Access enables easy sharing of dashboards throughout your organization. Open Access dashboards do not require authentication and do not consume named user licences. When users view an Open Access dashboard they see a server-rendered bitmap version of the dashboard that updates every minute. Open Access dashboards are non-interactive, which means that users can't click on the dashboard content to drill down to more detail.
Simply generate an Open Access URL, or add a dashboard to the Open Access navigation bar, and any user can have access to a non-interactive image of the dashboard.