Skip to content

Managing Users and Permissions

This section describes how to manage developers for your tenant. MindSphere separates between the users on the platform itself that are allowed to access the Launchpad and applications and users within Cloud Foundry. The Settings UI enables you to assign permissions and roles to your employees.


The described actions require the following rights:

  • You are Tenant Admin.
  • You have the OrgManager role for your Cloud Foundry Org.
  • You have installed Cloud Foundry CLI.
  • The developer to be added has logged into Cloud Foundry via the CLI at least once.


Upon tenant creation, only the Tenant Owner has the role OrgManager assigned, which allows to access the tenant's Cloud Foundry Org. All other users have to be assigned a role by an OrgManager or SpaceManager. Thus, if you are not able to access your Org, consider to contact your Tenant Owner.

Invite developer to your tenant by Settings application

A user with Developer roles is able to access the Developer Cockpit and manages application versions and registration workflows.

Adding users

  • Go to your Launchpad and open the Settings.
  • Open "Users" and click on plus symbol to add new user.
  • Enter the e-mail address of the new user.
  • Confirm your entry with "Save User".

The user receives the link for accessing MindSphere tenant via e-mail.

Assigning developer roles to user

To access the Developer Cockpit you must assign user mdsp:core:Developer or the mdsp:core:DeveloperAdmin role.

  • Go to your Launchpad and open the Settings.
  • Open "Users" and select the new user.
  • Select "Edit" in the editing function field.
  • Assign the corresponding unassigned role (mdsp:core:Developer or mdsp:core:DeveloperAdmin) to the user.
  • Click on "End editing"

Developer(Developer and DeveloperAdmin) roles are successfully assigned to user.

Add a developer to your tenant via CF CLI

Cloud Foundry on AWS can be fully managed using the Cloud Foundry CLI and is integrated with WebKey as an identity provider. This allows developers to sign in to Cloud Foundry with their normal MindSphere account. During the order process of an MindSphere DevOps Plan (Developer/Operator) the designated administrator gets automatically the admin privileges assigned for the Cloud Foundry Org. But you are currently required to use the CF CLI if you want to add any additional developers.

Steps to add developer to Cloud Foundry Org and Space

  1. Log into the Cloud Foundry CLI (see the Getting Started) using the following command, replace {region} by your region.

      cf login -a{region} --sso
  2. Visit, resp. in a browser.

  3. Log in using the WebKey Link below the Cloud Foundry Login Form.
    Login with WebKey to Cloud Foundry
  4. Type in your MindSphere credentials.
  5. Copy the One Time Code, paste this code into the CF CLI and press enter.
  6. Select your Org.
  7. Add the developer to your Org.

      cf set-org-role USERNAME ORG ROLE


    A user must have the CF role SpaceDeveloper to push an application.

  8. Alternatively, assign the developer to a particular space instead to the Org.

    • Create a new space within your Org.

      cf create-space space-name
    • Assign the developer only to this particular space by using following command.

      cf set-space-role USERNAME ORG SPACE ROLE  

The developer can view and push applications to the assigned CF space.

Refer to the official Cloud Foundry Docs to learn about the different user roles and permissions: Cloud Foundry Roles and Permissions Getting started with the cf CLI

Cloud Foundry Access

The creation of the account does not automatically grant access rights to your Cloud Foundry Org. However, the newly created user can already login in the Cloud Foundry environment. After the successful login the user is known in the Cloud Foundry UAA and the Org-Manager can assign either Org or Space rights. See the [Cloud Foundry Howto]

Any questions left?

Ask the community

Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.