User Onboarding¶
From registration to fully provisioned cloud account -- automated across all clouds.
Overview¶
RosettaOps supports multiple onboarding paths to bring users into the platform. Whether users self-register, are created by managers, or are automatically provisioned through SSO, the end result is the same: a fully managed cloud account with an initial budget, sandboxed and governed by the organization's policies.
| Onboarding Path | How It Works | When To Use |
|---|---|---|
| Self-registration | Users register via the organization's dedicated website, verify email, accept terms, and await manager approval | Open enrollment for universities, research institutions, public programs |
| Manager registration | Managers create users directly via form or batch import (no email verification required) | Controlled onboarding for known users, workshops, courses |
| SSO / Active Directory | Users are automatically onboarded when they authenticate via an SSO provider (Active Directory, SAML, OIDC) | Enterprise environments with existing identity infrastructure |
Onboarding Flow¶
flowchart TD
Start(["New user"]) --> Path{"Onboarding path"}
Path -->|"Self-registration"| Apply["Submits registration"]
Apply --> Verify["Verifies email"]
Verify --> Terms["Accepts terms of use"]
Terms --> Review["Manager reviews"]
Review --> Process["Process registration"]
Path -->|"Manager form / batch"| MgrCreate["Manager creates user"]
Path -->|"SSO / Active Directory"| SSO["User authenticates via SSO"]
SSO --> AutoProvision["Automatically onboarded"]
Process --> Account["User created -- cloud account assigned -- initial budget transferred"]
MgrCreate --> Account
AutoProvision --> Account
style Start fill:#f5f5f5,stroke:#616161,color:#000
style Path fill:#fff9c4,stroke:#f9a825,color:#000
style Account fill:#e8f5e9,stroke:#2e7d32,color:#000Self-Registration¶
- Apply -- Applicant submits registration via the organization's website
- Verify Email -- Applicant verifies their email address
- Accept Terms -- Applicant accepts terms of use
- Manager Review -- Manager reviews and validates the application
- Process -- Registration is processed, user receives credentials via email
Processing Requirements
Only registrations that have verified their email address and accepted the terms of use can be processed.
Manager Registration¶
When managers register users via form or batch import, email verification is skipped. The user is created immediately and managers can send credentials using the Send Credentials action.
SSO / Active Directory¶
Organizations with existing identity infrastructure can enable SSO-based onboarding. When a user authenticates through the configured SSO provider (Active Directory, SAML, OIDC), they are automatically onboarded into the platform with a cloud account and initial budget -- no manual registration or approval required.
Automatic Processing¶
Whitelisted Domains¶
Organizations can configure automatic processing for trusted email domains:
- Go to your root organization
- Click Set Whitelisted Domains
- Add trusted email domains (e.g.,
@company.com) - Future registrations from these domains auto-process after email verification
Use Cases for Whitelisting
- Corporate domains for employee self-service
- University domains for student registration
- Partner organization domains
What Happens After Onboarding¶
Once onboarded, every user receives:
- A user account with role-appropriate permissions
- A cloud account (AWS sub-account, Azure resource group, or GCP project) pre-configured with sandbox guardrails
- An initial budget transferred from the organization's root account
- Access to the platform via the RosettaHub Console, API, CLI, or SDKs
Budget model
A user's cloud account budget equals the sum of budget transfers received from colleagues or managers plus any cloud credits redeemed on the account via RosettaHub vouchers.
Registration Types¶
| Type | Description | Use Case |
|---|---|---|
| User | Standard access | General users |
| Manager | Administrative access | Team leads, admins |
| Researcher | Research-focused profile | Academic researchers |
| Educator | Teaching capabilities | Instructors, professors |
| IT | Technical access | IT staff, DevOps |
| Student | Time-limited access | Students with graduation date |
Related Topics¶
- Registrations -- Manage pending registrations and process applications
- Managing Users -- User lifecycle after onboarding
- Managing Organizations -- Organization-level governance
- Managing Cloud Accounts -- Cloud account lifecycle
Onboarding Tutorials¶
- Register Your Organization -- Set up AWS, Azure, or GCP integration
- User Self-Registration -- End-user self-registration flow
- Register Users via Form -- Manager form-based registration
- Register Users in Batch -- Bulk onboarding via Excel