Skip to content

Set Up and use of CNO IAM

IAM Set Up

CNO IAM offers multiple tools for managing IAM users. Like creating, listing or deleting users.

Use case:

  • Creating IAM Users
  • Listing IAM Users
  • Assigning Roles IAM Users
  • Updating IAM Users
  • Deleting IAM Users
  • Creating IAM Groups
  • Deleting IAM Groups
  • Listing IAM Groups and Users
  • Assigning Roles to IAM Groups
  • Deleting Roles to IAM Groups
  • Adding Users to IAM Groups
  • Deleting Users to IAM Groups


Creating IAM Users

Head over to Secure > IAM and click the Red "Add User" Button at the top-right corner.


Fill the form with relevant details.

  • First Name
  • Last Name
  • Department
  • Username
  • Email

Below is the role you wish to assign to the user. You'll have a dropdown consisting of

  • Super Admin
  • Project Admin
  • Developers
  • Validators
  • Project Owner
  • Project Owner+

To make a Project Owner+, simply switch on the self-provisioner tag

For a complete breakdown of all the roles, visit CNO Secure

Click "Add"

You'll be taken back to the CNO IAM overview and you can see your newly added user. The user will be sent an email with a link for creating their password. After they're done. They can login to the CNO UI with their username and password.

Updating IAM Users

Things like the names and emails of users can't be changed but we can change their assigned roles to reflect any change in their positions at organization and project level.

To update their assigned roles:

Simply click on their current role and choose thier new role from the dropdown.


Deleting IAM Users

To delete IAM users, simply click the cross sign next to their email


You'll be taken to a pop-up window asking for a confirmation.




Connect to the CNO command line to use a command in this tutorial.

Creating IAM Users

cnoctl adm create user --firstname james --lastname james --email --username james --department devops

NB: The username and email flags are required to create a user.

The user will automatically be assigned a member role.

Listing IAM Users

You can list all users or a specific user.

  • To list a specific user:
    cnoctl adm get users james 
  • To list all users:
    cnoctl adm get users

Assigning and Droping Roles to IAM Users

Before assigning a role, you should verify that the user is already registered. You can assign a new role for a user or modify an existing role from the user.

  • Assigning A Role:

Assign a super-admin role to james

cnoctl adm set-role --username james --role super-admin
* Dropping A Role.

Before deleting a role, make sure there is a user with this role. Drop James's super-admin role.

cnoctl adm delete-role --username james --role super_admin 

Updating IAM Users

You can update the first name, last name, and the department of the user. Before updating the user, be sure that it exists by listing the users. Now, let’s modify the first name James to Mody.

cnoctl adm update user --firstname mody --username james 

NB: The username is required and can not be changed.

Deleting a IAM User

Before deleting a user, you must verify if the user exists. Then, delete the user james by specifying his username.

cnoctl adm delete user james 

Creating an IAM Group

To create a new group for example admin group, you use the cnoctl command:

cnoctl adm create group --name admin 

Deleting an IAM Group

To delete the admin group use:

cnoctl adm delete group admin 
Note: You can only delete empty groups, so you'll have to delete every user in the group before deleting the group

Listing IAM Groups and Users

Listing Groups and All user-member contained in the Group:

To get all groups use:

cnoctl adm get group 

To get a single group admin for example use:

cnoctl adm get group admin 

Assigning Roles to IAM Group

To add super_admin role to the admin group use:

cnoctl adm groups add-role group-name role-name 


cnoctl adm groups add-role admin super_admin

Deleting Roles from IAM Groups

Delete super_admin role from the admin group use:

cnoctl adm groups delete-role group-name role-name 


cnoctl adm groups delete-role admin super_admin

Adding Users to IAM Group

To add one or more users to a group use:

cnoctl adm groups add-user group-name user1 user2 user3 ...
Example: To add user james to the group admin use:

cnoctl adm groups add-user admin james 

Deleting Users from IAM Groups

To delete a user from a group use:

cnoctl adm groups delete-user group-name username 

To delete user james to the group admin use:

cnoctl adm groups delete-user admin james

Last update: 2022-11-15