Changing account ownership

It is sometimes necessary to reassign an existing Arvados user account to a new Google account.

Examples:

  • A user’s email address has changed from person@old.example.com to person@new.example.com.
  • A user who used to authenticate via LDAP is switching to Google login.

This can be done by an administrator using Arvados APIs.

First, determine the user’s existing UUID, e.g., aaaaa-tpzed-abcdefghijklmno.

Ensure the new email address is not already associated with a different Arvados account. If it is, disassociate it by clearing that account’s identity_url and email fields.

Clear the identity_url field of the existing user record.

Create a Link object with the following attributes (where tail_uuid is the new email address, and head_uuid is the existing user UUID):

{
  "link_class":"permission",
  "name":"can_login",
  "tail_uuid":"person@new.example.com",
  "head_uuid":"aaaaa-tpzed-abcdefghijklmno",
  "properties":{
    "identity_url_prefix":"https://www.google.com/"
  }
}

Have the user log in using their person@new.example.com Google account. You can verify this by checking that the identity_url field has been populated.


Previous: Using arvados-sync-groups Next: Merging a remote account

The content of this documentation is licensed under the Creative Commons Attribution-Share Alike 3.0 United States licence.
Code samples in this documentation are licensed under the Apache License, Version 2.0.