Skip to main content

Workspaces

Definition

A workspace is an area that holds sensitive data. Such as simulation inputs (topologies, baseboxes, attack scenarios) and outputs (datasets).

Within this organization, users are granted permissions to oversee and handle these resources, ensuring that data is securely managed and utilized in accordance with the organization's policies and objectives.

Prerequisites

The backoffice API is responsible of managing the full lifecycle of a workspace. The backoffice CLI mantis-admin lets you manage workspaces with ease. You have to be logged in with an account bound to the admin client role of io-mantis-platform-<organization-id>.

Keycloak user belonging to an organization admin role
Keycloak user belonging to an organization admin role

Create workspace

Use the backoffice CLI to create a workspace with mantis-admin workspace create.

$ mantis-admin workspace create organization=an-organization-name
Name: A Workspace Name
Workspace 'a-workspace-name' (421ae7bc-3a77-4b01-b49c-29dec3b46e7d) has been created.

A new workspace has been created with id a-workspace-name and uuid 421ae7bc-3a77-4b01-b49c-29dec3b46e7d. Both fields can be used to reference this workspace in other actions.

Note: the workspace name is automatically converted to kebab case (lowercase words separated with daconsolees).

Delete workspace

Use the backoffice CLI to delete a workspace with mantis-admin workspace delete.

$ mantis-admin workspace delete a-workspace-name
Data belonging to this workspace will be permanently deleted. This action is irreversible !!!
Confirm action by typing yes uppercase: YES
Workspace 'a-workspace-name' (421ae7bc-3a77-4b01-b49c-29dec3b46e7d) has been permanently deleted.

Update workspace

Use the backoffice CLI to update a workspace with mantis-admin workspace update.

$ mantis-admin workspace update a-workspace-name name='Another Workspace Name'
Workspace 'another-workspace-name' (421ae7bc-3a77-4b01-b49c-29dec3b46e7d) has been updated.

Enroll user

There is a two ways to enroll a user to a workspace. It depends wether the user already exist or not. This case applies to a user that already exist in the tenant.

The user's email will be used to identify user's identity. Here is an example of how to enroll the user foo@bar.tld to the workspace a-workspace-name.

$ mantis-admin enroll a-workspace-name foo@bar.tld
User 'foo@bar.tld' found (e9998eaf-ed5b-49f3-aa19-8fc0a50399e7).
Added to workspace 'a-workspace-name' (421ae7bc-3a77-4b01-b49c-29dec3b46e7d) with no privilege.

Invite user

In case the user does not exist yet, the administrator or workspace can create it manually (see Users section) then enroll it (see section above), or create an invitation to one (or more) email address.

$ mantis-admin invite a-workspace-name foo@bar.tld
User 'foo@bar.tld' created (71578ec7-c50c-4086-8303-27c3169469fa)
An invitation has been sent by email to him.

Note: until the user does not complete the invitation process, he does not belong to any workspace and cannot log in.

From the user side, he has to complete a process similar to the self sign in process.

Last update:
Copyright © 2025 AMOSSYS