Business User Onboarding

FinOps Center Users are onboarded to the application by Admin Users. All users are stored in Amazon Cognito that accepts mass uploads. (contact support for assistance).

The Admin Configuration Screen is accessible to the Admin User that is created during the installation of FinOps Center. Additional Admin Users can be created like any other role

Admin users are responsible for adding users with their roles. Those Roles can be updated. Each users requires an unique email address. (+email are Supported)

Overview

User onboarding establishes each person's identity, role, and data scope within FinOps Center. The process creates a user in AWS Cognito for authentication, assigns one of seven application roles that determine governance capabilities, maps the user to a QuickSight access group for dashboard visibility, and defines their financial element scope (E1-E4) to configure Row Level Security.

1. Create Cognito User - Add the user to the AWS Cognito user pool. This creates their authentication identity, configures email verification, and establishes login credentials for FinOps Center.

2. Assign Application Role - Select one of seven roles: Financial Admin, Cloud Engineer, Portfolio Manager, Product Owner, Vendor Manager, Department Manager, or Business Unit Manager.

3. Map to QuickSight Group - Add the user to the corresponding QuickSight access group. This controls which dashboards, topics, and datasets are visible within Amazon QuickSight.

4. Define Element Scope - Assign the user to their position in the E1-E4 hierarchy. This configures Row Level Security so the user only sees financial data within their assigned scope.

Seven Application Roles: Financial Admin (full scope), Cloud Engineer (admin scope), Portfolio Manager (E3 governance), Product Owner (E4 operational), Vendor Manager (budget add only), Department Manager (E2 view-only), Business Unit Manager (E1 view-only).

Row Level Security: Applied via QuickSight datasets to ensure each user sees only the financial data within their assigned element scope. The user_view supports multi-element access for roles like Financial Admin.

User onboarding connects to User Allocation to Financial Scope (which refines the E1-E4 mapping) and Financial Budget Mapping to User (which links budgets to the onboarded user for role-based budget visibility).