# Business User Onboarding

FinOps Center Users are onboarded to the application by  Admin Users. All users are stored in Amazon Cognito that accepts mass uploads. (contact support for assistance). 

The Admin Configuration Screen is accessible to the Admin User that is created during the installation of FinOps Center. Additional Admin Users can be created like any other role

Admin users are responsible for adding users with their roles. Those Roles can be updated. Each users requires an unique email address. (+email are Supported)

### Overview

User onboarding establishes each person's identity, role, and data scope within FinOps Center. The process creates a user in AWS Cognito for authentication, assigns one of seven application roles that determine governance capabilities, maps the user to a QuickSight access group for dashboard visibility, and defines their financial element scope (E1-E4) to configure Row Level Security.

1. Create Cognito User - Add the user to the AWS Cognito user pool. This creates their authentication identity, configures email verification, and establishes login credentials for FinOps Center.
2. Assign Application Role - Select one of seven roles: Financial Admin, Cloud Engineer, Portfolio Manager, Product Owner, Vendor Manager, Department Manager, or Business Unit Manager.
3. Map to QuickSight Group - Add the user to the corresponding QuickSight access group. This controls which dashboards, topics, and datasets are visible within Amazon QuickSight.
4. Define Element Scope - Assign the user to their position in the E1-E4 hierarchy. This configures Row Level Security so the user only sees financial data within their assigned scope.

Seven Application Roles: Financial Admin (full scope), Cloud Engineer (admin scope), Portfolio Manager (E3 governance), Product Owner (E4 operational), Vendor Manager (budget add only), Department Manager (E2 view-only), Business Unit Manager (E1 view-only).

Row Level Security: Applied via QuickSight datasets to ensure each user sees only the financial data within their assigned element scope. The user\_view supports multi-element access for roles like Financial Admin.

User onboarding connects to User Allocation to Financial Scope (which refines the E1-E4 mapping) and Financial Budget Mapping to User (which links budgets to the onboarded user for role-based budget visibility).

<figure><img src="/files/eIJr575OvLFSR76afjb6" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.finopscenter.com/cfm-processes/business-user-onboarding.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.