This tutorial guides you through generating and managing authentication tokens in the Data Center Designer (DCD).
Note: The API/SDK Authentication Token Manager can be used by any user but is mandatory for 2FA enabled and forced accounts.
In the DCD, you can now generate the authentication token to securely access IONOS Cloud APIs and SDKs by using the API/SDK Authentication Token Manager. Along with improved user security, the Token Manager offers a seamless user experience to generate tokens in a simplified way and use the token several times to access the APIs and SDKs. You can generate up to 100 authentication tokens and use any of these token values for authorizing access to APIs and SDKs.
To create a secure authentication token for authorizing to use APIs and SDKs, follow these steps:
In the DCD, go to Menu > Management > Token Management.
In the API/SDK Authentication Token Manager, select Generate Token.
Copy the Token ID and Close the token-generated window.
Warning: You must save the token value for future uses. You will not be able to see the token value again due to security reasons.
Note: You can download the token value as a text file for future uses by selecting the Download option next to the Token Value.
Result: An authentication token is generated and listed in the API/SDK Authentication Token Manager screen.
Each token has a Time To Live (TTL), which is the duration for which a token is valid before it expires and becomes inactive. Select a TTL value from the drop-down list. The following are the possible values:
1 Hour
4 Hours
1 Day
7 Days
30 Days
60 Days
90 Days
180 Days
365 Days
Each token consists of:
ID: This is the ID of the token which you can use in the Auth API. For example, to delete the token by ID.
Creation Date: The date and time stamp of the token.
Expiration Date: The date and time stamp when the token becomes invalid depending on the defined TTL at the time of token generation.
The generated token is listed in the API/SDK Authentication Token Manager screen.
The Token Value is displayed only once upon generation, and you must save this value for future use.
The token is valid based on the defined TTL field at the time of token generation.
Note: The deletion of a token in the Authentication Token Manager will result in the deactivation of the token even when it has not expired. It becomes invalid immediately.
To delete an authentication token, follow these steps:
In the DCD, go to Menu > Management > Token Management.
In the API/SDK Authentication Token Manager, select the authentication token to delete and select the Delete option.
Select Delete to confirm.
Result: The authentication token is successfully deleted and removed from the tokens list in the API/SDK Authentication Token Manager.
Account Management
Manage general settings, payment, and contract details.
User Management
Set user privileges; limit or extend access to chosen roles.
Token Management
Create, manage, and delete an authentication token using the API/SDK Authentication Token Manager.
Password Policy Management
Create and manage password policy to secure user accounts.
This tutorial guides you through creating and managing Users, User Groups, and Resources in the Virtual Data Center (VDC).
Prerequisites: Make sure you have the appropriate privileges. Only contract administrators and owners can manage users within a VDC.
A new VDC in the Data Center Designer (DCD) is manageable by contract owners. To assign resource management capabilities to other members in VDC, you can add users and groups and grant them appropriate privileges to work with the data center resources.
The User Manager lets you create new users, add them to user groups, and assign privileges to each group. Privileges either limit or increase your access based on the user role. The User Manager lets you control user access to specific areas of your VDC.
In the DCD, go to Menu > Management > Users & Groups.
Select + Create in the Users tab.
Enter the user's First Name, Last Name, Email, and Password.
Note:
— The email address of the new user must be unique.
— The password must adhere to the contract's password policy. For more information, see Manage Password Policy.
Select Create to confirm.
Result: A user is successfully created and listed in the Users list.
The creation of groups is useful when you need to assign specific duties to the members of a group. You can create a group and add members to this group. You can then assign privileges to the entire group.
In the Groups tab, select + Create.
Enter a Group Name.
Select Create to confirm.
Result: The group is now created and visible in the Groups list. You can now assign permissions, users, and resources to your group.
In the Groups tab, select a group from the Groups list.
In the Privileges tab, select checkboxes next to the privilege name.
Note: You do not need to save your selections. This action automatically grants or removes privileges.
Result: The group has the required privileges now.
Note: To remove the privileges for a group, clear the checkbox next to the privilege name.
Users are added to your new group on an individual basis. Once you have created a new member, you must assign them to the group.
In the Groups tab, select the required group.
In the Members tab, add users from the + Add User drop-down list.
Result: The users are now assigned to the group. These users have privileges and access rights to the resources corresponding to their group.
When assigning a user to a group, whether you are a contract owner or an administrator, you can:
Create a new user within DCD.
Note: Administrators do not need to be managed in groups, as they automatically have access to all resources associated with the contract.
In the Resources tab, select a resource from the drop-down list.
In the Visible to Groups tab, click + Add Group.
Select a group from the drop-down list.
Result: This group can now access the allocated resource.
In the Groups tab, select the required group.
Select the Resources of Group tab.
Click + Grant Access and select the resource to be assigned to the group from the drop-down list.
Result: The group now has the newly assigned resources. You have enabled read access for the selected resource.
To enable access, select the Edit or Share checkbox for a resource.
To disable access, select the required resource. Clear either the Edit or Share checkboxes. You can also directly click Revoke Access.
Users can be removed from your group on an individual basis.
Select the Members tab.
Click Remove User.
Result: This user is now removed from the group.
The Password Policy feature in IONOS Cloud helps organizations enforce password security by defining a set of rules that must be followed when creating and updating passwords. This feature is crucial for safeguarding accounts and ensuring adherence to security standards. Always ensure that your policies are in line with industry best practices to safeguard your data effectively.
Note: Only contract owners can define the password policy applicable to the sub-users in the contract.
Customizable Rules: The password rule can be customized to your needs such as recommendations to have complex passwords to improve the security of user accounts. You can define criteria on the length of the password, whether or not to include lowercase and uppercase letters, numbers, and special characters in the password and the minimum quantity of each of these character types.
Ease of Use: Using the DCD or the IAM Identity Password Policies API, contract owners can manage password policies easily.
Flexibility: Create, retrieve, update, or delete a password policy as needed. It is recommended to keep your policies reasonable to promote user compliance. On deleting a password policy, the IONOS standard applies for password management.
Info: The IONOS standard password policy requires a minimum of five characters and recommends including a combination of uppercase and lowercase letters, at least one number, and special characters if needed.
The Password Policy Manager feature is part of the Identity Management API and can be managed using the /{passwordPolicyId}/ endpoint. Further documentation can be found in the respective Password Policy API documentation.
Note: All Create, Read, Update, and Delete (CRUD) operations that can be performed using the Password Policy Manager in the DCD can also be accomplished via the API.
To access this API, you must authenticate requests using your Bearer token, which enables requests to authenticate using a JSON Web Token (JWT). From the DCD, Generate authentication token.
Using the DCD, you can create, update, or delete a password policy as needed.
To create a password policy, follow these steps:
1. In the DCD, go to Menu > Management > Password Policy under Security.
2. Click Create password policy in the Password Policy Manager.
3. Enter the following details to configure a password policy:
Description: Add a detailed description that explains the password policy. The length of the description must not exceed 1024 characters.
Password length: Enter or use arrow keys to select the maximum password length. You cannot set a password policy that is less than 5 characters in length. For example, if the defined length is 9, the password must be a minimum of nine characters in length.
Must contain uppercase letters [A—Z]: Select the checkbox if the password policy must contain any uppercase letters from A—Z.
Minimum quantity: Enter or use arrow keys to specify the allowed count of uppercase characters in the password. For example, if 4 is the quantity chosen, the password must contain a minimum of four uppercase characters.
Must contain lowercase letters [a—z]: Select the checkbox if the password policy must contain any lowercase letters from a—z.
Minimum quantity: Enter or use arrow keys to specify the allowed count of lowercase characters in the password. For example, if 4 is the quantity chosen, the password must contain a minimum of four lowercase characters.
Must contain numerics [0-9]: Select the checkbox if the password policy must contain numbers from 0 to 9.
Minimum quantity: Specify the minimum allowed count of numerics in the password.
Must contain special characters [@, #, $, %, etc.]: Select the checkbox if the password policy must contain special characters. Any character apart from a—z,A—Z, and 0 to 9 is referred to as a special character.
Minimum quantity: Specify the minimum allowed count of special characters in the password.
Note:
— There are no maximum limits defined for the password length, number of lowercase, uppercase, numerics, and special characters. The quantity specified in the password policy refers to the minimum allowed values.
— When the checkbox for a specific character type to be allowed is selected, then their Minimum quantity allowed value cannot be zero.
4. Click Save password policy.
Result: The password policy is successfully created.
Note:
— The created password policy is enforced only on new users setting up the password. Existing user accounts continue to work on the password policy previously used.
— You can create only one password policy for your contract.
To update an existing password policy, follow these steps:
1. In the DCD, go to Menu > Management > Password Policy under Security.
2. Click Edit to update the description or password policy details such as the length of the password or characters allowed in the password policy.
3. Click Save to reflect the changes made to the password policy.
Result: The password policy is successfully updated and these changes apply to new users setting up the password. Existing user accounts continue to work on the password policy previously used.
If you no longer need a password policy, you can delete it permanently. To delete an existing password policy, follow these steps:
1. In the DCD, go to Menu > Management > Password Policy under Security.
2. Click Delete and confirm the deletion again by selecting Delete and use IONOS Standard.
Info: The IONOS standard password policy requires a minimum of five characters and recommends including a combination of uppercase and lowercase letters, at least one number, and special characters if needed.
Result: The password policy is successfully deleted and the IONOS standard applies for password management.
Users need appropriate privileges to create and manage data center. The group privilege called Create Data Center must be enabled for a group so that the members of this group inherit it through group privilege settings and can create and manage Virtual Data Center (VDCs).
Prerequisite: Make sure you have one or more Groups in the User Manager. To create one, see Create a group.
To set user privileges to create and manage VDCs, follow these steps:
In the DCD, go to Menu > Management > Users & Groups under Users.
Select the Groups tab in the User Manager window.
Select the appropriate group to assign relevant privileges.
In the Privileges tab, select Create Data Center.
Note: You can remove the privileges from the group by clearing Create Data Center.
Result: The privilege to create and manage VDCs is granted to all the members in the selected group.
You can revoke a user's Create Data Center privilege by removing the user from all the groups with this privilege enabled.
Warning: You can revoke a user from this privilege by disabling Create Data Center for every group the user belongs to. In this case, all the members in the respective groups would also be revoked from this privilege.
To revoke this privilege from a contract administrator, disable the administrator option on the user account. After performing this action, the contract administrator will become a contract user, and the privileges that were set up for the user before becoming an administrator will then be in effect.
In the Account Settings, you can view and manage your account's personal and payment details, passwords, and security, enable 2-Factor Authentication, and access the resource overview, cost, and usage. The access levels depend on your user role. To manage your account, select your name at the top right side of the DCD menu. You can view your user name, email address, and contract number. In addition to it, the following options will appear in the drop-down menu:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
To view or update your customer data, follow these steps:
In the DCD, go to Menu > Your Profile > My Customer Data.
A My customer data window will open up. You can view the Email Address, a Contract Number, Company name, First name, and Last name.
Info: If you want to make any changes, contact IONOS Cloud Support.
Select Edit to update the Street address, ZIP, and City in the Address section. Select Save to make changes.
Info: If you want to update the Country, contact IONOS Cloud Support.
Select Edit to update the primary Contact email address, Billing email address and Phone number associated with your account in the Contact section. You can also add other billing addresses by selecting Add another billing email address. Select Save to make changes.
Result: Your Customer Data will be saved.
You can view and update your account's billing and payment details. To edit the payment details, follow these steps:
In the DCD, go to Menu > Your Profile > Payment details.
The Payment Details window will open up. You can set up the payment method by selecting Set up payment method. A Change payment method window will open up.
Select either of the following payment methods in Available payment methods to choose from how you would like to pay:
Select this option to enter your Credit card information. Each transaction is encrypted using Secure Socket Layer (SSL), and the information is secure. You need to provide the following information:
Card number: Enter the valid card number for payment processing.
Expires (month): Select the expiration month of your credit card from the drop-down list.
Expires (year): Select the expiration year of your credit card from the drop-down list.
Card verification code: Enter the security code on your credit card to verify the legitimacy during online transactions.
Credit card holder's address: You can provide the billing address associated with the credit card for verification purposes. Select either of the following options:
Same address as customer data: Select this option if you want to input the same address as you used in customer data.
Different address: Select this option to input a different address and provide the name of the Cardholder, Street and number, City, ZIP code, and Country.
Once done, select Until further notice, I agree that IONOS will collect all amounts due from the above credit card.
Select this option to enter the SEPA Direct Debit information. The SEPA Direct Debit processing can take up to 24 hours. You need to provide the following information for Authorisation for SEPA Direct Debit.
Customer Name/Account Holder: Enter the name of the account holder associated with the bank account.
IBAN: Enter the complete International Bank Account Number (IBAN).
(Optional) Once done, select Third-Party Direct Debit Details to authorize a third party, such as a company or service provider, to give your consent to access your bank account.
Select I agree that the amounts due may be debited from the specified account until cancelled.
Select Save to make changes.
Result: Your Payment details will be saved.
You can set the default values for your Virtual Data Centers (VDCs). Each time you open a new VDC, DCD will place your resources in the preset location, assigning them the same number of cores, memory size, storage capacity, and reserved IP addresses. For example, you can specify that all new VDCs must be located in Karlsruhe or that all processors will use the Intel architecture.
To edit the settings, follow these steps:
In the DCD, go to Menu > My Profile > My Settings.
A My Settings window will open up. Set the default values for Session settings, Data Center settings, Server settings, Storage settings, and IP settings from the respective drop-down lists.
Result: Your new settings will be updated right away. You can undo your changes either by selecting Reset or Reset All.
To protect the IONOS Cloud account from unauthorized access, each account comes with the following security features:
You can provide the password for your IONOS account yourself during the registration process. Your password must contain at least five characters and a mixture of upper and lowercase letters and special characters. To change the password, follow these steps:
In the DCD, go to Menu > Your Profile > Password & Security.
In the Change Password view, enter your Current Password, New Password and then Repeat New Password.
Select Change Password.
Result: The password is changed and becomes effective with the next login.
In you forget your password, then you can reset it. For more information, see Resetting Your IONOS Account Password.
You can set up 2-Factor Authentication in addition to your login credentials. This authentication method requires an app-generated security code. Once 2-Factor Authentication has been activated, you can only access your account by entering the authentication code you receive from the Authenticator App. This method can be extended to hide specific data centers and snapshots from users, even if they belong to an authorized group. This feature is only available in DCD.
Prerequisites:
Based on your device, install any Authenticator App of your choice.
The Authenticator App must be able to access your camera, and the time on the mobile device needs to be set automatically.
You can turn on 2-Factor Authentication for your accounts. Make sure that it is not already activated by a contract owner or an administrator.
To activate 2FA for your account, follow these steps:
In the DCD, go to Menu > Your Profile > Password & Security.
In 2-Factor Authentication section, select the Enable 2-Factor Authentication option. The 2-Factor Authentication Setup Assistant will open.
Proceed through each step by selecting Next.
Install the Authenticator app from the Google Play Store or from Apple iTunes based on your device.
Scan the QR code using the Authenticator app on your smartphone.
Enter the Security Token.
Select Done to exit the 2-Factor Authentication window.
Only contract administrators, owners, and users can turn on 2-Factor Authentication for other user accounts to maintain high security.
To activate 2FA for another user account, follow these steps:
In the DCD, go to Menu > Management > Users & Groups.
Select the required user in the User Manager window.
In the Meta Data tab, select the Force 2-Factor Auth option.
Select Save.
The Set Up Assistant will open up. Select the Activate for your own account tab in the documentation to complete these steps. The user cannot avoid this step, nor are they able to deactivate the 2-Factor Authentication.
Result: The 2-Factor Authentication is now enabled. You need to provide a Verification code from the next login.
To ensure that the support calls are made by authorized users, you are asked for the support PIN to verify the account. You can set your support PIN in the DCD and change it at any time.
To set or change your support PIN, follow these steps:
In the DCD, go to Menu > Your Profile > Password & Security.
In the Set Support PIN section, enter your support PIN in the PIN field to confirm your identity.
Select Set Support PIN.
Result: The support PIN is now saved. You can use it to verify your account with IONOS Cloud Support.
You can track the global usage of resources available in your account along with the overview of usage limits per instance.
To view the resource overview, follow these steps:
In the DCD, go to Menu > Your Profile > Resource Overview.
A Resource Overview window will open up with a summary of all resources.
Info If you want to extend these resources, contact IONOS Cloud Support.
You can view the breakdown of estimated costs and usage. The costs displayed in the DCD are a non-binding extrapolation based on your resource allocation since the last invoice. You can refer to your invoice for the actual costs. For more information on pricing, see IONOS Cloud Prices.
To view the cost and usage associated with your account, follow these steps:
In the DCD, go to Menu > Your Profile > Cost and Usage.
Your Snapshot, IP address, and Data Centers usage are listed along with the cost. You can select the downward arrow to expand each section and view individual charges.
Note: The total amount displayed is for the next 30 days, and it excludes VAT.
Info:
As a contract administrator or owner, you can cancel a user account by removing the user from the User Manager. Resources created by the user are not deleted.
To cancel your Enterprise Cloud Infrastructure as a Service (IaaS) contract and completely delete your account, including all VDCs, contact your IONOS account manager.
If you have further questions or concerns, contact IONOS Cloud Support.
If you are a 1&1 IONOS hosting customer, refer to Cancelling an IONOS Contract.
The Cost Alert Notification feature helps you to monitor and manage the cloud infrastructure costs. This feature allows you to set up alerts that notify you when your spending reaches predefined thresholds. Once the set threshold is exceeded, you will receive a notification via email, providing immediate awareness of cost overruns. The Cost Alert Notification feature is available for contract owners and administrators.
This documentation covers how to create, edit, and delete the cost alert notification.
The Cost Alert Notification is a real-time notification. IONOS runs billing calculations periodically due to the data aggregation of billing events. It does not run the invoice calculation permanently. Therefore, an offset to the configured amount may be expected. The first time the invoice amount calculated is above or equal to the threshold value, an e-mail will be sent to the e-mail address defined in the configuration. This notification is sent only once and not repeated with every following invoice calculation.
The Cost Alert Notification will be based on the net amount of the contract invoice (excl. VAT).
Furthermore, the Cost Alert Notification feature does not execute any other operation - especially no changes to any service.
The Cost Alert Notification feature is part of the Billing API. It can be managed using the /{contractId}/ usage-alert endpoints. Further documentation can be found in the respective Billing API documentation.
To access the Billing API, you must authenticate requests using your basic authentication credentials or a Bearer token (required for Multi-Factor Authentication accounts). The Bearer token must be retrieved through the Token Manager in the DCD.
The Cost Alert Notification feature is part of the Account Settings at the top right of the menu bar.
To create a cost alert for your account, follow these steps:
In the DCD, go to Menu > Your Profile > Cost alert.
In the Cost alert window choose Create cost alert.
Enter the amount you need and your email address in the window.
Choose Create cost alert.
Result: The cost alert is successfully created.
You can edit the cost alert after creating it.
In the Menu go to Your Profile > Cost alert.
In the Cost alert window choose Edit.
Edit the amount and the email in the corresponding fields.
Click Save to save changes.
Regularly check your email for updates regarding your spending. Based on the alerts you receive, make adjustments as necessary.
In the Menu go to Your Profile > Cost alert.
In the Cost alert window choose Delete.
Result: You will receive a notification that the cost alert was successfully deleted.
The configuration of a cost alert can be managed by contract owners and users in the role of administrators only. Other contract members with the user role cannot access the feature. Within the IONOS multi-tenant model, access to the feature is also restricted to users in the role of administrators. It is only accessible to the contract owner of the respective multi-tenant contract.
