Manage users in Watson Studio Local
Watson Studio Local users can be managed from either an external LDAP server (recommended) or an internal repository database.
In the Admin Console, click the menu icon ( ) and click User Management to approve sign-up requests, add users, filter them, edit them, assign permissions to them, or delete them.
The user permissions are as follows:
- Admin can sign in to both the Admin Console and the Watson Studio Local client.
- Deployment Admin
- Deployment Admin can create project releases in IBM Watson Machine Learning.
- User can sign in to the Watson Studio Local client only. This is the default permission if neither Admin check box is selected.
When you add new users, Watson Studio Local automatically emails the
username and temporary password to them. If new users request an account, you must approve them by
editing them and selecting Approved user. Unapproved users have a status of
If an SMTP server is set up in the Settings panel from the administrator's user profile icon, then Watson Studio Local automatically emails the administrators anytime a new user is created or requests access. Watson Studio Local also emails notifications to users anytime their account changes.
Set up your own LDAP server (recommended)
By default, Watson Studio Local user records are stored in its internal repository database. Alternatively, you can use your own external LDAP server instead. To set up your own LDAP server, click Connect to an LDAP server.
In the LDAP host field, use the
ldap:// prefix for a
non-secure port and the
ldaps:// prefix for a secure port. For example,
If you opt to authenticate LDAP with search, then specify the domain search user, password, and
base. If you opt to authenticate by distinguished name without search, ensure the LDAP
Prefix and LDAP Suffix fields match the distinguished name
exactly, for example,
uid for prefix and
for suffix, for the setup to succeed.
To verify that your LDAP connection works, type in an existing LDAP user in the Username for testing and Password for testing fields, then click the Test LDAP button.
When finished, click the Set up LDAP button. If the LDAP setup succeeds, Watson Studio Local no longer displays password fields whenever you sign up a new user in the Admin Console. Because the Watson Studio Local user records are stored in the external LDAP server, only the LDAP administrator can perform user management tasks like password resets and changes. Otherwise, a Watson Studio Local administrator can edit the user's password from the User Management page.
Note that after LDAP is enabled, both local and LDAP users can sign in, but only LDAP users can be added.
Reset the Watson Studio Local administrator password
To enable a Watson Studio Local administrator and set a new login password, enter the following command:
manage_admin_user.sh --enable-admin <ADMIN_USERNAME>
To disable a Watson Studio Local administrator, enter the following command:
manage_admin_user.sh --disable-admin <ADMIN_USERNAME>
Ability to sign up to a Watson Studio cluster
Set the configuration
False in the
/user-home/_global_/config/config.properties file to disable the Sign
up tab on the Watson Studio login page. The default value for
Modify the session token expiration time
To modify the session token expiration time for all of the Watson Studio Local users in the cluster, complete the following steps:
- SSH to the Watson Studio Local cluster.
- Run kubectl exec to a
- Edit or create the following file:
/user-home/_global_/config/jwt/expiry.config to specify the number of hours.
If the expiry.config file does not exist, the default session expiration is
usermgmtby deleting all of the current