Adding studio users - Amazon Nimble Studio

Adding studio users

In this admin tutorial, you'll learn how to add studio users to your Amazon Nimble Studio cloud studio. Add studio users before others can log in and use your studio. Adding studio users involves launching a virtual workstation (or instance) and then using tools on that instance to add new users to your AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD). The following steps show you how.

Estimated time: 30 minutes

Prerequisites

  • To complete this tutorial, you need an active Nimble Studio cloud studio deployed in your AWS account. If you don’t have a cloud studio already deployed, see the Deploying a new studio with StudioBuilder tutorial.

  • You need the admin password for your studio’s AWS Managed Microsoft AD.

  • You also need admin access to the AWS Management Console for your account.

Step 1: Change IAM Identity Center email setting

Before adding users to your studio, update a setting in AWS IAM Identity Center (successor to AWS Single Sign-On) (IAM Identity Center) so that you can access user email addresses in the Nimble Studio portal.

  1. Sign in to the AWS Management Console and open the IAM Identity Center console.

  2. Choose Settings from the left navigation pane.

  3. In the Identity source section, select Actions, choose Manage attribute settings.

    
                  AWS IAM Identity Center (successor to AWS Single Sign-On) console settings page.
  4. At the bottom of the list of attribute mappings, find the email attribute.

  5. Replace ${dir:windowsUpn} with ${dir:email}.

    
                  AWS IAM Identity Center (successor to AWS Single Sign-On) attribute mappings email.
  6. Choose Save changes.

Note

Your users’ email addresses might not appear correctly in the Nimble Studio portal until after they log in for the first time.

Step 2: Log in to Nimble Studio portal as Admin

Next, log in to the Nimble Studio portal as Admin and launch a Windows virtual workstation (an instance).

To connect to the Nimble Studio portal

  1. Sign in to the AWS Management Console and open the Nimble Studio console.

  2. In the AWS Region selector (top-right navigation bar), make sure that the Region for your studio is selected.

    
                  The AWS Region selector in the menu bar of an AWS service console.
  3. Choose Studio manager in the left navigation pane.

  4. On the Studio manager page, choose Go to Nimble Studio portal.

  5. Log in to the Nimble Studio portal using your AWS Managed Microsoft AD administrator credentials.

    1. Enter Admin as the user name. Use the password that you set up during StudioBuilder deployment.

      
                        Nimble Studio portal sign in screen.
    2. If you forgot your password, do the following:

      1. Sign in to the AWS Management Console and open the AWS Directory Service console.

      2. In the AWS Region selector (top-right navigation bar), make sure that the Region for your studio is selected.

        
                  The AWS Region selector in the menu bar of an AWS service console.
      3. Choose the Directory ID for your studio’s Active Directory.

      4. Choose Reset user password.

        
                              A screenshot of the Directory Service console. Directories is
                                 chosen in the left navigation pane
  6. Bookmark your portal’s URL so that you can get to your studio directly, later.

Step 3: Accept the EULA

Before using Nimble Studio, accept the End User License Agreements. You can access these agreements on the settings page in the Nimble Studio portal.

  1. Log in to the Nimble Studio portal and choose the Launch tab.

    
                  Nimble Studio portal launch tab.
  2. In the upper-right corner of the Nimble Studio portal, choose your user name.

  3. Choose Settings from the dropdown menu.

    
                  Nimble Studio portal settings menu item.
  4. Choose EULA from the left navigation pane.

    
                  Nimble Studio portal EULA not accepted
  5. Choose and read each agreement in the list.

    Note

    Our list of agreements might differ from what is shown in the example screenshot.

  6. After you have read all of the agreements, select the check box next to I have read and agree to the terms of the End User License Agreements above.

  7. Choose Confirm.

    1. The status of each of the agreements will change to “Accepted”.

      
                        Nimble Studio portal EULA accepted.

Step 4: Launch a virtual workstation

Now that you’ve accepted the EULA, you can continue on to launching a virtual workstation. Before you can launch a virtual workstation, first install the latest DCV client.

To launch a virtual workstation

  1. Choose the Launch tab from the left navigation pane.

    
                  Nimble Studio portal launch tab
  2. Select the vertical ellipsis ( 
                     The vertical ellipsis icon
                  ) on the Workstation-Default card to open a dropdown menu.

    
                  Nimble Studio portal showing the Workstation-Default launch profile chosen and the
                     Launch with…​ item selected in its dropdown.
  3. Choose Launch with…​

  4. For Instance Type, leave it at the default setting.

  5. For Amazon Machine Image, make sure that NimbleStudioWindowsStreamImage is selected.

  6. For Streaming Preference, choose your streaming preference.

    1. For the best performance, we recommend choosing Launch native client.

    2. You will have to download the NICE DCV client before connecting to your workstation. For more information about the DCV client, as well as links to download, see NICE DCV Clients NICE DCV Clients.

      
                        Nimble Studio portal launch profile options
  7. Choose Launch.

  8. A status bar will appear that shows you the progress of launching your virtual workstation. This might take up to 10 minutes.

To connect to the virtual workstation

  1. When your virtual workstation is ready, a new window appears reminding you that the client must be installed.

  2. Choose Start streaming now.

    1. If you haven’t installed the DCV desktop client, choose Download here and install the client first.

      
                        Nimble Studio portal start streaming screen.
  3. When your browser pops up a window prompting you to open DCV, choose Open to continue. The exact wording of this might vary depending on what browser you're using.

    Note

    The NICE DCV web browser client runs inside a web browser. You don't need to install the web client. We recommend using the Google Chrome browser to avoid latency. For more information, go to the Web browser client page in the NICE DCV User Guide.

  4. After DCV Client application opens in a new window, you will see the Windows login screen.

    
                  DCV Windows log in screen.
  5. Open the instance menu near the top right of the screen and choose Ctrl + Alt + Del. For an OS X DCV Client, open the Connection dropdown menu and select Send Ctrl + Alt + Del.

    Important

    Don’t enter Ctrl+Alt+Delete on your keyboard. Doing so sends the command to your local computer, not to your workstation.

    
                  DCV Windows menu Ctrl + Alt + Del.
  6. For User name, enter Admin.

  7. For Password, enter the password that you created during your studio deploy. Then press the enter (or return) key.

Step 5: Add users to AWS Managed Microsoft AD

After you're logged in to your virtual workstation, the next step is to add users to your studio’s AWS Managed Microsoft AD. You will use custom Windows PowerShell commands provided by Nimble Studio to add and manage your users. These custom commands configure AWS Managed Microsoft AD so that your users are able to work on both Windows and Linux virtual workstations.

Add new users

Important

Use the New-NimbleUser command described in the following instructions to add your users. If you attempt to use the built-in AWS Managed Microsoft AD commands or UI, your users might not be set up correctly to work with both Windows and Linux virtual workstations.

To add new users

  1. Choose the Start menu in the lower left-hand corner of your desktop.

  2. Enter PowerShell to search for Windows PowerShell and then choose it from the top of the search results.

    Note

    There might be multiple search results with similar names. Make sure to choose the result that is named just Windows PowerShell.

    
                     Windows PowerShell in the Start menu.
  3. Enter New-NimbleUser into PowerShell and press the enter (or return) key.

    
                     Windows PowerShell New-NimbleUser command.
  4. Enter a user name for the user and press Enter.

  5. Enter a temporary password for the user and press Enter. The user will change this password on their first login.

  6. Enter the user’s email address and press Enter.

    Note

    If you don’t input an email for the user, they won't be able to change or reset their password. In addition, each user must have a unique email address or they won't be able to log in to Nimble Studio portal.

    1. After the user has been created, a confirmation message will appear with information about the user’s groups, UID and GID.

      
                           User confirmation created by Windows PowerShell.
  7. (Optional) If you would like to specify a first name or last name when creating your users, add the -DisplayFirstName and -DisplayLastName flags to your New-NimbleUser command. For example:

    New-NimbleUser -DisplayFirstName "Martha" -DisplayLastName "Rivera"

    1. The command will prompt you to enter their user name, password and email address.

    2. You can also specify the user name and email address in your New-NimbleUser command, as well:

      New-NimbleUser -DisplayFirstName "Martha" -DisplayLastName "Rivera" -UserName "martha" -EmailAddress <your email address>

    3. For more information on how to use the New-NimbleUser command, enter get-help New-NimbleUser -detailed and press the enter (or return) key.

  8. Repeat this process for each artist or user on your team.

    Other user commands

    In addition to New-NimbleUser, there are other custom commands available that you can use to manage your users.

    Security group inbound rules
    Command Description

    New-NimbleUser

    Creates a new user in the AWS Managed Microsoft AD that is also usable in Linux.

    Remove-NimbleUser

    Deletes a user that was created by New-NimbleUser.

    Set-NimbleUser

    Updates an existing AWS Managed Microsoft AD user so it can be usable in Linux.

    Repair-NimbleStudioAD

    Iterates through all users and groups in the AWS Managed Microsoft AD to ensure they have proper IDs, GIDs, and other requirements, making them usable in Linux.

    Test-NimbleStudioAD

    Tests the state of the AWS Managed Microsoft AD configuration.

    New-NimbleGroup

    Creates a new group in the AWS Managed Microsoft AD that can be used in Linux

    Set-NimbleGroup

    Updates a group with a group ID.

  9. The commands you will use most frequently are New-NimbleUser and Remove-NimbleUser.

  10. If you accidentally add a user with the AWS Managed Microsoft AD commands or UI, you can use Set-NimbleUser to update that user so that it will be usable on Linux virtual workstation or use Repair-NimbleStudioAD to update all users and groups to be usable on Linux.

  11. Test-NimbleStudioAD will test the state of your AWS Managed Microsoft AD and list any problems that are detected.

  12. New-NimbleGroup and Set-NimbleGroup are used to manage groups and group IDs to be used for Linux. The management of those groups is beyond the scope of this tutorial.

View current users

To view a list of your users, you will need to use the AWS Managed Microsoft AD tools that are built in to Windows.

To view a list of your current users

  1. Choose the Start Menu.

  2. Enter Admin to search for Administrative Tools and then choose Administrative Tools from the top of the search results.

    
                     Administrative Tools control panel in Windows Start menu.
  3. In the window that appears, open (double-click) Active Directory Users and Computers.

    Note

    It might take several minutes for your virtual workstation to connect to the AWS Managed Microsoft AD and for the Active Directory Users and Computers window to appear.

    
                     Active Directory Users and Computers in Administrative Tools.
  4. Open your domain (example: <name>.nimble.<region>.aws) by choosing the arrow to the left of your domain name.

    1. You might notice a delay when interacting with some parts of the Active Directory Users and Computers UI. The UI might appear to freeze, but after a minute or two, it will become responsive again.

  5. Open your NetBIOS name (<your-studio-name>) by choosing the arrow to the left of it.

  6. Under your NetBIOS name, choose Users.

    1. You will see a list of your created users and groups.

  7. Open (double-click) a user to open the Properties window for the user.

    
                     Active Directory user properties.
    1. You can make simple changes to the user, such as changing their name or email address, or user group assignment within this window. However, don’t attempt to use the built-in Windows Active tools or this UI to add new users or groups. Use New-NimbleUser and the other custom commands described previously or your users and groups might not have the proper IDs to work with Linux.

Step 6: Sync Active Directory and users in IAM Identity Center

Users from the AWS Managed Microsoft AD must be manually synced to the IAM Identity Center user pool before they can be used in other AWS applications that use IAM Identity Center and AWS Managed Microsoft AD. Follow these steps to add members to Nimble Studio when using the IAM Identity Center and Active Directory Sync feature.

  1. Sign in to the AWS Management Console and open the IAM Identity Center console.

  2. Choose Users from the left navigation pane.

    1. If you successfully enabled sync, you will see a green banner with Start guided setup.

  3. Select Manage sync.

  4. Select Add users and groups.

  5. Choose the Users tab. Under User, enter the exact user name and choose Add.

  6. When all of the users have been added, select Submit.

  7. Wait for the users to appear in the IAM Identity Center user pool.

    1. It can take 10–20 minutes for users to appear.

Note

You only need to go through steps 1 through 14 to add an admin. If you add non-admin users to the AWS Managed Microsoft AD in a Windows streaming instance, repeat steps 1, and also steps 9-14 (9 through 14).

Step 7: Add users to Nimble Studio

Next, you will add the AWS Managed Microsoft AD users to Nimble Studio as studio users.

To add users

  1. Sign in to the AWS Management Console and open the Nimble Studio console.

  2. Choose Studio manager in the left navigation pane.

  3. Choose User access from the left navigation menu.

  4. Choose Next.

  5. You aren't adding any administrators at this time, so skip this page and choose Next.

  6. In the Search text field, enter the name of one of the users that you just added and choose Search.

  7. Select the user from the search results. This will add them to a Selected users and groups list.

  8. Repeat the searching and selecting steps for all the users that you created.

  9. When all of your users are listed in Selected users and groups, choose Next.

  10. Scroll to the bottom of the page and confirm that your users are listed in the Selected users list, and then choose Save.

  11. Send users their user name and the URL to your studio, and direct them to follow the instructions in the Logging in to the Nimble Studio portal tutorial.

    1. Users will be instructed to reset their password, so they won't need the temporary password that you set for them.

    2. To give users access to resources after login, complete step 12.

  12. After AWS Managed Microsoft AD has synced with IAM Identity Center, Step 3: Share launch profiles with studio users so they can access resources.

    1. Generally, syncing IAM Identity Center with AWS Managed Microsoft AD can take up to four hours. To share launch profiles immediately, you can tell users to log in to the Nimble Studio portal. That will force AWS Managed Microsoft AD to sync with IAM Identity Center.

Troubleshooting

I got disconnected from my remote machine and can’t reconnect.

If your streaming session is left idle for more than one hour, it will automatically disconnect. It’s still available and all of your open applications are running. You just need to reconnect.

  1. Go back to the browser window where the Nimble Studio portal is open.

  2. Hover over the streaming icon and choose the vertical ellipsis menu.

  3. Choose Reconnect stream.

  4. Choose Proceed to native client.

  5. Choose Open DCV Client.