Archivematica @ Wellcome Collection
  • Introduction
  • High-level design
  • Storing born-digital files
    • Creating a transfer package
    • Upload a transfer package to S3
    • Check a package was stored successfully
    • Downloading a package from the storage service
    • Following a package in the dashboard
  • Service architecture
    • How does Archivematica work?
      • The Archivematica apps
      • Microservices, tasks and jobs
      • Gearman, ElastiCache, and the MCP server/client
    • How is our deployment unusual?
      • What are our extra services?
      • ECS containers on EC2, not Fargate
      • Why we forked Archivematica
    • How it fits into the wider platform
  • About our deployment
    • Using Wellcome catalogue identifiers
    • Different environments
    • Working storage: MySQL, Redis, and EBS
  • Administering Archivematica
    • Bootstrapping a new Archivematica stack
    • User management
      • How to add or remove users
      • Authentication with Azure AD
    • Upgrading to a new version of Archivematica
    • Running an end-to-end test
    • Clearing old transfers from the dashboard
  • Debugging Archivematica
    • Where to find application logs
    • Troubleshooting known errors
      • Timeout waiting for network interface provisioning to complete
      • 401 Unauthorized when the s3_start_transfer Lambda tries to run
      • "pull access denied" when running containers (and other ECS agent issues)
      • "Unauthorized for url" when logging in
      • "gearman.errors.ExceededConnectionAttempts: Exceeded 1 connection attempt(s)" in MCP server
      • NotADirectoryError in the Extract zipped transfer stage
    • Restarting services if a task is stuck
    • SSH into the Archivematica container hosts
Powered by GitBook
On this page
  1. Administering Archivematica
  2. User management

How to add or remove users

PreviousUser managementNextAuthentication with Azure AD

Last updated 2 years ago

We use Azure Active Directory (OpenID Connect) for authentication. When somebody tries to log in to Archivematica, they are sent to an Active Directory login page first. Once you're logged in with AD, you have access to Archivematica if and only if you have been authorised by an Archivematica admin.

If you want to give somebody access to Archivematica:

  1. Log in to the dashboard as an admin

  2. Select Administration from the top menu bar.

  3. In the sidebar, click Users.

  4. Click Add New.

  5. Fill in the new user form. The two interesting fields:

    • Email address must match their Wellcome email address, e.g. a.chan@wellcome.ac.uk

    • The password can be anything, and they won't be using it in practice -- pick a suitably long random string and use that. If you want to generate passwords and you're comfortable on the command line, try running:

      python3 -c 'import secrets; print(secrets.token_hex())'

    Click Create when you're done.

To remove somebody's access, delete the user with their email address.

Screenshot of the Archivematica user management screen, with green arrows highlighting key areas