Skip to content

Rafay Partners are provided with access to a Multi-tenant "Operations Console" providing them with critical capabilities to manage multiple customers and their tenants (i.e. Orgs).

Note

Providers can also integrate their existing mgmt systems with their Partner Operations Console using Rafay's Swagger based APIs.

Organizations

An Organization is an isolated tenant on the controller managed by a partner. An Org typically maps to a customer. After logging into the Operations Console, click on Organizations to view the list of organizations. A partner/provider can manage as many organizations as they require.

Create Org

Sign up for Organization is available in three (3) ways:

1. Using the Swagger based REST APIs

  • Login to the console and click API DOCS from the Home page menubar

API DOCS

Platform API screen appears

  • Under Organization, use the available REST APIs to signup for new organization(s)

API DOCS

2. Self-service Sign up

A self-service signup page is available for the end users to sign up for a new organization

Sign-up Page

  • Click SIGN UP and provide the required details
  • Click Register

Sign-up Details

On successful registration, the user will receive a verification email on the given email id. A non-existing user will receive an email with a random password, whereas the existing users will receive successful org creation email

These Organizations need to be reviewed and approved by a Partner Admin before they are considered active

Important

Super Admin can enable or disable the Self Signup option via Ops Console

3. Register to Add Organization

Add Organization button is available in the Ops Console for Super Admins

  • Login to the Operations Console and click Add Organization
  • Provide the required details and click Register

Add Organization

On successful registration, user will receive a verification email.

View Org

Click on Organizations to view the list of Organizations under management by the Partner/Provider.

List of Organizations

Search Options

There are multiple search options provided allowing the user to quickly search and list the organizations that match the specified criteria.

  • Search by Name: Provide the Organization name to get a specific Organization details
  • Filter by Status: Select the status, Approved (or) Approval Pending from the drop-down and retrieve the required organization status
  • Filter by Partner: Select a partner from the drop-down to view all the organizations available with a specific partner

Update Org

Partner Admins can update an Org using the Operations Console.

  • Click on an Org and use the Edit icon to perform any changes in the existing organization. The following changes can be made to an existing Org.

General Settings

  • Tier Type: Defines the subscription tier assigned to the organization. Available options:
    • Free: Default tier with limited feature access, primarily for evaluation and small-scale usage.
    • POC (Proof of Concept): Temporary tier for trial and testing purposes with extended capabilities beyond Free, but time-bound.
    • Paid: Full-featured subscription tier with production-grade capabilities, enterprise features, and support enabled.
  • Default Currency: Currency used for billing and pricing calculations (e.g., USD, EUR).
  • External ID: A unique identifier assigned to this organization, typically used for integrations or external tracking.

Security & Access

  • Multi-Factor Authentication (MFA): Require users to provide an additional verification step during login (e.g., OTP, authenticator app) for enhanced security.
  • Attribute-Based Access Control (ABAC): Enable fine-grained access control based on user attributes (e.g., department, role, project). Helps enforce security policies dynamically.
  • IPv6 Support: Allow IPv6 networking for clusters and services. Useful for modern networking requirements and dual-stack environments.
  • IP Whitelist: Restrict access to specific IP addresses or ranges. Only whitelisted IPs can access the organization’s resources.
  • Restrict SKU Sharing: Controls how SKUs (resource bundles or packages) are shared across projects within an organization.
    • The toggle is off by default, meaning SKU sharing is enabled, and all shared SKUs are automatically available to every project.
    • When the toggle is turned on, automatic sharing is disabled, and Org Admins can manually select which projects can access specific SKUs.
    • This is an organization-level setting that defines whether SKU availability is global (shared with all projects) or restricted (project-specific).

Registry Configuration

  • Registry FQDN: Custom registry Fully Qualified Domain Name (FQDN) used for pulling container images. Example: registry.example.com.

List of Organizations

PaaS Settings

The PaaS Settings section allows administrators to manage provisioning control for compute and service instances. When disabled, instance creation is blocked and a custom message is shown to users.

Compute

  • Toggle: Enable or disable compute resources and training capabilities
  • Custom Disable Message: Administrators can add an HTML script that is displayed to users when compute provisioning is disabled
  • Preview: View how the custom message will appear to users

Service

  • Toggle: Enable or disable service deployment and management features
  • Custom Disable Message: Administrators can add an HTML script that is displayed to users when service provisioning is disabled
  • Preview: View how the custom message will appear to users

Example Custom Disable Message

<html>
  <body>
    <h2>Service Unavailable</h2>
    <p>PaaS Compute provisioning is currently disabled for your organization due to exceeded resource or quota limits.</p>
    <p>Please contact your administrator or support team for more information.</p>
  </body>
</html>

List of Organizations

  • Click Save Changes

Users can verify the custom registry configuration and workload images, as demonstrated in the examples below.

Verify Custom Registry Configuration

Below is an example where Custom Org is configured to use the custom registry FQDN demouser1.registry.net. This will check the bootstrap YAML file to ensure that all specified Rafay service images are correctly listed and sourced from the appropriate user registry, verifying that the deployment configuration is accurate and ready for execution.

cat ~/Downloads/customorg-cluster-1-bootstrap.yaml | grep 'image:'
image: demouser1.registry.net/rafay/rafay-relay-agent-redhat:master-84
image: demouser1.registry.net/rafay/busybox:1.33
image: demouser1.registry.net/rafay/cluster-controller:master-32
image: demouser1.registry.net/rafay/rafay-connector:master-89

Verify Rafay Workloads from Custom Registry

For example, as part of the initial cluster provisioning with a minimal blueprint, the provisioning and blueprint synchronization are successful.

In this example, the organization has a custom registry configured as demouser1.registry.net. All Rafay addons are pulled from this configured custom registry.

To verify the images, run the following command:

kubectl get pods -n rafay-system -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq -c
demouser1.registry.net/rafay/busybox:1.33
demouser1.registry.net/rafay/cluster-controller:master-32
demouser1.registry.net/rafay/edge-client:main-34
demouser1.registry.net/rafay/rafay-connector:master-89
demouser1.registry.net/rafay/rafay-relay-agent:master-83

Users

Add Users to an organization or view the existing user details of a specific organization

List of Organizations

Feature Capabilities

At the org level, default capability options (enable/disable) can be set. Enable/disable Overrides are available and these override the default capability option

List of Organizations

Deactivate Org

Click Deactivate button to deactivate the organization. This blocks all the users within this organization from accessing it. A good example for this action is when an end customer is delinquent on their payments.

Note: Only the Approved organization can be deactivated

  • Click Save Changes

Operations Console UI

Delete Org

Existing Organizations can be deleted permanently if required. Note that this is a destructive, non-reversible action.

Users

As a best practice, we recommend that partners and providers have at least two "partner admins" configured for their Ops Console. This will ensure that they minimize the chance of getting locked out of their console in situations where one of the partners is no longer available or has misplaced their credentials.

Add User

An existing partner admin can add/invite another user as a partner admin.

  • Click on Users
  • Click on New User
  • Enter the email address, first and last name, select partner admin from the dropdown.

The new user will receive an activation email. Once they verify their email address, they will be asked to set a password and will have access to the Operations Console.

Add Partner Admin User

When adding an existing users to an org, email verification happens. For non-verified emails, users must verify the email id to access the console.

View User

To view all users configured to access the Operations Console, click on "Users". This will present you with list of users, their status etc.

View Users

Deactivate User

User access to the Operations Console can be temporarily suspended by deactivating the user.

  • Click on Actions for the specific user
  • Select "Deactivate" from the action dropdown

Follow the same steps to reactivate the deactivated user.

Delete User

Users can be permanently deleted from the Operations Console. Once performed, they will no longer be able to access the console.

  • Click on Actions for the specific user
  • Select "Delete" from the dropdown actions

Audit Logs

An audit trail is available for activity performed by users on the Operations Console. Click on Audit Logs to view the logs in a reverse chronological format.

Audit Logs