Getting started with Tehama Administration

Have you completed the Getting Started with Tehama Installation Guide? If not, please go back and do so before proceeding.

Tehama provides you, through the Tehama Web UI, with an intuitive user interface for Organization/Room/Desktop administration tasks. Use this interface now to perform the tasks that are necessary for getting started with Tehama.

Purpose

So far you have joined Tehama, creating your own Tehama organization, and created and/or connected to or joined a Room.

Now this guide shows you the steps to carry out the following basic and necessary organization and Room set up.

There are different tasks to perform, depending on whether your organization owns or connects the Room. In Rooms of, type Standard Room and Domain Join Room, one organization both owns and connects the Room.

This guide also provides the steps for some additional organization and Room administration tasks that are commonly performed by organization Org Admin users and Org/Room Managers:

  • Addendum: Additional Admin
    ...
    • resend an invitation to become an organization member (organization administration);
    • delete an organization member (organization administration);
    • edit a Desktop (Desktop management); and
    • delete a Desktop (Desktop management).

When you have completed all the steps and tasks outlined in this guide, Tehama will be operational, and Desktop users and service providers will have configured accounts.

Authorized Service Providers will be able to manage resources and customers will have full control over access to their data and their Room in Tehama, including Tehama Desktop session recordings (see Desktop Session Auditing/Recordings User Guide).

For more information on:


1. Organization Member Admin

After the installation and connection of a Tehama Room is completed, the first task is to create teams and invite new members to your Tehama organization.

 • Create teams

Only the Org Admin user and Org/Room Managers of an organization can create teams in the organization.

Create a new team as follows:

  1. Log in to the Tehama Web UI.
  2. Click on the MEMBERS tab.
  3. Click the NEW dropdown menu to open it.
  4. Select New Team.
  5. Type in a name for the team (e.g., DB Admins).
  6. Select the members you want to be in the team.
  7. Click CREATE.

Repeat these steps for each team needed.

See the Create a Team section in the Organization User Guide for more details.

 • Invite members

Only the Org Admin user and Org/Room Managers of an organization can invite members to the organization.

After creating one or more new teams, the next task is to invite new members to the organization.

  1. Log in to the Tehama Web UI.
  2. Click on the MEMBERS tab.
  3. Click the NEW dropdown menu to open it.
  4. Select Add New Member.
  5. Enter the member information:
    • Name
    • Email Address
    • Role (Org Admin and Org Manager users can create Staff, Org Manager or Room Manager users. Room Manager users can create Staff or Room Manager users.)
    • Room (Optional - select one or more Rooms from the list of Rooms. This list of Rooms consists of all the Rooms the Organization owns and/or is connected-to (determined when a Room is created), or has been invited to join as a third-party organization in the Room.)

      Note: You can, from here in the MEMBERS tab, assign additional rooms from this list after the member is created, or you can add/propose Room members directly from the interface for a Room (first ensuring the organization has access to the Room, of course.)

    • Team (Select one of the teams created in the previous step or leave this blank)
  6. Click INVITE.

Repeat these steps for each member you need to invite.

Once invited, new members will receive an invitation email to the address specified. The invitation email contains a link which each new team member must action to gain access to Tehama. The user will also be added/proposed as a member in the selected Room(s) (if you selected one or more Rooms in the dialog).

Note: Org Managers have elevated privileges in Tehama. In addition to using the services available to 'Staff', Org Managers are also able to create policies, create and delete team member accounts and create additional Desktops. Room Managers have similar privileges to Org Managers, but for Room Managers these privileges are restricted to Rooms of which they are members.

See the Add Members section in the Organization User Guide for more details.


2. Room Membership Admin

To begin using a Room, the next task will be to grant members and/or organizations access to the Room.

 • Invite 3rd-party org to Room

Only the Org Admin user and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization can invite a third-party organization to the Room.

The Room's connected organization must handle this task.

  1. Log in to the Tehama Web UI.
  2. Click on the ROOMS tab.
  3. Click the name of the Room where organization access will be granted.
  4. In the resulting screen (the Room interface), click MEMBERS.
    From the 'members' screen, you will see a list of organizations that have access to the Room. (The initial setup will show only one organization.)
  5. Click the ADD ORGANIZATION button at the bottom of the list or select Organization from the ADD dropdown menu in the top right corner of the page. You will see the ADD ORGANIZATION dialog.
  6. Select the desired Organization from the list in the dialog to invite to the Room.
  7. Select the desired Policy for the Organization.
  8. Click INVITE. The organization will receive an invitation email to join the Room.
  9. OPTIONAL STEP:
    You may want to set things up so that you auto approve members in the Room that have been proposed by the organization you have added. This is tied to the policy you have assigned to the other organization. Click on the Room's MEMBERS tab, then click on the policy for the other organization. You will see the ASSIGN POLICY dialog. Toggle the "Auto approve proposed members" switch to "On". If you don't do this, every member added to the Room by the other organization will result in an approval request. If you do, you are trusting the other organization to add/remove members to the Room.

The organization you invited will be a user organization in the Room (user-only). See the Roles User Guide for more information on organization roles in Rooms.

Note:
The list of organizations you see in the ADD ORGANIZATION dialog is a subset of existing Tehama organizations. This subset is composed of organizations that already have access to other Rooms in your organization. These organizations are considered to be 'authorized' by your organization.

If you wish to grant access to an existing organization that is not already authorized by your organization, select the option in the dialog to invite a new organization. The contact that you specify can choose to connect to your Room using their existing organization, or create a new one.

If you wish to grant access to a company that does not have a Tehama organization yet, select the option in the dialog to invite a new organization. The contact that you specify will create a new Tehama organization for their company.

See the Invite organizations to join a Room section in the Room Membership User Guide for more details.

 • Add/propose member to Room

Only the Org Admin user and Org Manager and Room Managers (who are members of the Room) of the connected organization in the Room can add members to the Room.

Only the Org Admin user and Org Manager and Room Managers (who are members of the Room) of an organization in the Room that is not the connected organization can propose members join the Room.

With members (and teams) now created, the next task is to grant member access to your Room.

If your organization is your Room's connected organization, then you can directly add members.

If your organization is not your Room's connected organization, then you can only propose members, and the connected organization will approve (or reject) your proposals.

Choose one method below to add members or teams to the Room.

Add/Propose Individual Members

  1. Log in to the Tehama Web UI.
  2. Click on the ROOMS tab.
  3. Click the name of the Room for which member access is to be granted.
  4. In the resulting screen (the Room interface), click MEMBERS.
    From the 'members' screen, you will see a list of organizations that have access to the Room. (The initial setup will show only one organization.)
  5. To the left of the Organization name, Click the drop-down arrow dropdown-down-arrow-icon icon to show the list of members for the organization.
  6. At the top of the drop-down, click the + MEMBER button.
    (or the + PROPOSE button if you are not part of the connected organization).
  7. From the ADD dialog, choose Members.
    (This dialog is the PROPOSE TEAM MEMBER dialog if you are not part of the connected organization.)
    (You may also opt to choose Invite New Member instead of Members, which will allow you, following the steps to 'Invite New Members', to invite a member to join the organization and add them to the Room.)
  8. Select the member (or multiple members) from the list to add to the Room.
  9. Click the ADD button.
  10. Close the list of members by clicking on the drop-down arrow. dropdown-up-arrow-icon icon.

Note, If you see that your new Room already has a member, note that if the Room was created by a user with the Room Manager role, then that user will have been automatically added to the Room as a member.

Add/Propose an Entire Team of Members

  1. Log in to the Tehama Web UI.
  2. Click on the ROOMS tab.
  3. Click the name of the Room for which member access is to be granted.
  4. In the resulting screen (the Room interface), click MEMBERS.
    From the 'members' screen, you will see a list of organizations that have access to the Room. (The initial setup will show only one organization.)
  5. To the left of the Organization name, click the drop-down arrow dropdown-arrow-icon icon to show the list of members for the organization.
  6. At the top of the drop-down, click the + MEMBER button
    (or the + PROPOSE button if you are not a part of the connected organization).
  7. From the ADD dialog, choose Teams.
    (this dialog is the PROPOSE TEAM MEMBER dialog if you are not part of the connected organization).
  8. Select the Team (or multiple teams) from the list to add to the Room.
  9. Click the ADD button.
  10. Close the list of members by clicking on the drop-down arrow dropdown-up-arrow-icon icon

See the Propose Room members section and the Add Room members section in the Room Membership User Guide for more details.

Also, see the Assign members to one or more Rooms section in the Organization User Guide for details on how to assign a member to one or more rooms from the MEMBERS tab.

 • Approve/Reject proposed member in Room

Only the Org Admin user and Org Manager and Room Managers (who are members of the Room) of the connected organization in the Room can approve or reject proposed members in the Room.

If your organization is your Room's connected organization and your Room has other organizations in it, they may have proposed members join the Room. You will receive notification when a proposal is made. You can approve or reject these proposals.

Note: You may have set things up so that you auto approve members in the Room that have been proposed by the other, non-connected, organizations in the Room. In this case, you will not need to approve proposed members - they will be automatically approved. To set this up, click on the Room's MEMBERS tab, then click on the policy for the organization. You will see the ASSIGN POLICY dialog. Toggle the "Auto approve proposed members" switch to "On".

  1. Log in to the Tehama Web UI.
  2. Click on the ROOMS tab.
  3. Click the name of the Room for which member access is to be granted.
  4. In the resulting screen (the Room interface), click MEMBERS.
    From the 'members' screen, you will see a list of organizations that have access to the Room. (The initial setup will show only one organization.)
  5. Locate the organization name (for the organization making the request).
  6. Expand that organization (click on the down arrow beside the organization name).
  7. Click on the three vertical dots under the Actions column in the row for the proposed member:
    • To approve:  select 'Approve Room access'.
    • To reject:   select 'Reject room access'. You will see a REJECT dialog.
      • Click to place a checkmark beside "I acknowledge" after reading the following text:
        "The selected member(s), once rejected, will have restricted access to the Room. They will no longer be able access certain resources such as their Desktop(s) or the file vault."
      • Click the REJECT button to proceed.

3. Room Administration

After assigning members (or whole teams) to the Room, the next task is to enable connectivity (through the creation of firewall rules) and add secrets/passwords for assets/resources in the connected network.

 • Create firewall rules

Only the Org Admin user and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization can create firewall rules in the Room.

The Room's connected organization must handle this task.

Before the Room's Desktops (workspaces) can communicate with network resources, you need to configure firewall rules. By default, all outbound traffic is restricted. (Note, configuring a secret (below) also allows the creation of a firewall exception.)

  1. Log in to the Tehama Web UI.
  2. Click on the ROOMS tab.
  3. Click the name of the Room for which you want to add firewall rules.
  4. In the resulting screen (the Room interface), click CONNECTION.
  5. Click on the FIREWALL RULES sidebar item.
  6. Click ADD RULE.
  7. In the resulting screen, enter the following information:
    • Rule Name (a friendly name for the firewall exception)
    • IPv4 CIDR block (IP addresses to expose with Subnet Prefix). E.g.: 127.0.0.1/32)
    • Protocol - the protocol supported by the rule (TCP or UDP).
    • Port Single port, Port range or All ports (choose one).
    • Port (enter the port number or port range required for the application).
  8. Click CREATE.

Note: Using the CIDR block of 0.0.0.0/0 will disable the firewall and expose the Room's Desktops to the internet. While this may be desirable to install software packages, it is not recommended to operate normally with this configuration.

See the Add custom firewall rule section in the Firewall Rules User Guide for more details.

 • Add secrets/passwords

Only the Org Admin user and Org Managers and Room Managers (who are members of the Room) of a Room's connected organization can add secrets to the Room.

The Room's connected organization must handle this task.

To avoid sharing network resource credentials insecurely, Tehama provides access to an encrypted Secret Password store used to securely store, encrypt, and grant authorized members access to credentials and other sensitive information.

  1. Log in to the Tehama Web UI.
  2. Click on the ROOMS tab.
  3. Click the name of the Room for which you want to configure secrets.
  4. In the resulting screen (the Room interface), click CONFIGURE.
  5. Click on the SECRETS sidebar item.
    You will see a list of secret types, (Cassandra, Generic, MongoDB, etc.)
  6. Click the type of secret you wish to add.
    The secret view is organized by:
    • asset (secret, e.g. Database credentials)
    • folder (for logical storage of assets)
  7. Create a Folder to organize the secrets.
    • (a) Click the ADD secret type FOLDER button.
    • (b) In the resulting screen, enter the desired Folder name and fill in the required fields. e.g: a firewall exception may need to be specified. (See the Secrets Vault User Guide for more guidance.)
    • (c) Click CREATE.
  8. Create an Asset.
    • (a) Double-click the folder name where the Asset is to be filed.
      If no folder is specified, the root folder will be used.
    • (b) Click the ADD ASSET button.
      In the resulting screen, enter the following:
      • Asset Name (friendly name for your asset/secret) and fill in any required fields. (See the Secrets Vault User Guide for more guidance.)
    • (c) Click CREATE.

Authorized members can click the asset name to access the asset under the SECRETS sidebar item within the Room's WORK tab. They may also access the asset from the 'Workspace Agent' application's SECRETS tab with one of the Room's Desktops.

See the Secrets Vault User Guide for more details.


4. Desktop Admin/Mgmt

Now that the configuration of your Room is completed, you need to you need to create your Desktop templates, from which your virtual Desktop instances are built. Once it is built, you will need to find its interface in the Tehama Web UI.

Now that you have (at least one) Desktop template in your Room along with its associated Desktop instances, you, and other members in your Room that are assigned to a Desktop template, are almost ready to use your new Desktops. First you and your members need to configure your devices to connect to your Desktops.

The last step is for you and your members to learn how to connect to their Desktops.

 • Create desktop templates

Only the Org Admin user and Org Managers and Room Managers (who are members of the Room) of a Room's owner organization (owner+connected or user+owner) can add a new Desktop template to the Room directly and then assign Room members to it.

The Room's owner organization must handle this task.

Members require a Desktop instance to perform their functions. Create a Desktop template and assign members to it. Desktop instances will be built for the assigned members from the template.

  1. Log in to the Tehama Web UI.
  2. Click on the ROOMS tab.
  3. Click the name of the Room for which you want to create a Desktop template.
  4. In the resulting screen (the Room interface), click on the CONFIGURE tab.
    From the 'configure' screen you can see your Room's configuration details, add/remove secrets and, of interest to us here, add/edit/remove Desktop templates.
  5. Click on the WINDOWS DESKTOPS or LINUX DESKTOPS sidebar item, depending on what type of Desktop template you wish to add (Windows-based Desktops or Linux-based Desktops, respectively). A list of previously configured Desktop templates will appear. On initial configuration, there will be no Desktop templates displayed.
  6. Initiate the creation of a Desktop template as follows:
    • For Windows-based Desktops:
      Click the ADD WINDOWS DESKTOP TEMPLATE button in the top right corner of the page.
    • For Linux-based Desktop templates:
      Click ADD LINUX DESKTOP TEMPLATE in the top right corner of the page.
    The Desktop template creation dialog relevant to the type of Desktop will appear.
  7. Proceed as follows:
    • For Windows-based Desktops:
      • Tehama Windows Desktops:
        1. If your Room has enabled desktops of type 'Tehama Windows Desktop', then the first dialog you see will show you two choices:
          Tehama Windows Desktop
          Workspace
          Select 'Tehama Windows Desktop' and then click CHOOSE TEMPLATE. You will see the ADD WINDOWS DESKTOP TEMPLATE dialog with the fields required for desktops of type 'Tehama Windows Desktops'.
          • Note: If the first dialog you see is ADD WINDOWS DESKTOP TEMPLATE, then your Room only supports the 'Workspaces' type of Windows-based desktop. Desktops of the type 'Tehama Windows Desktops' are not enabled for your Room.
        2. First enter the requested information:
          • Name of Desktop (friendly name used to identify the Desktop template function or owner)
          • Specification (hardware specifications)
        3. Click on the CREATE DESKTOPS FOR MEMBERS button. The CREATE DESKTOP(S) dialog will appear. (Click on the arrow to the left of the dialog title to return to the previous dialog.)
        4. Click on the Users field to open the list of Room members that you can assign to this Desktop template. (These are the users who will have access to the Virtual Desktop instance built from this template.)
        5. Select the name(s) of the Room members that you wish to assign to this Desktop template. A separate Desktop instance will be created for each user. (Tehama can create up to five Desktop instances at one time. You can edit the Desktop template after creation in order to add more. There must be at least one name specified. At this time, a template cannot be created without at least one Room member assigned to it.)
        6. Click CHOOSE DESKTOP OPTIONS. The ENABLE DESKTOP ADMIN RIGHTS dialog will appear. (Note, if your Room is a domain joined Room, then this dialog is skipped - your Tehama Windows Desktop will inherit its privileges from the domain.)
        7. Place a checkmark in the checkbox beside the sentence "Give desktop admin rights to desktop(s)" if you wish to allow the members the ability to install apps and modify system settings. Leave it unchecked otherwise.
        8. Click REVIEW. The REVIEW dialog will appear.
        9. Read the disclaimer (if any) and review the specification details. (Note, you may be required to accept terms and conditions.)
        10. Click CREATE. The SUCCESS dialog will appear.
        11. Click CLOSE to dismiss the SUCCESS dialog.
      • Workspaces:
        1. If your Room has enabled desktops of type 'Tehama Windows Desktop', then the first dialog you see will show you two choices:
          Tehama Windows Desktop
          Workspace
          Select 'Workspace' and then click CHOOSE TEMPLATE. You will see the ADD WINDOWS DESKTOP TEMPLATE dialog with the fields required for desktops of type 'Workspace'.
          • Note: If the first dialog you see is ADD WINDOWS DESKTOP TEMPLATE, then your Room only supports the 'Workspaces' type of Windows-based desktop. In that case, the dialog will have the fields required for desktops of type 'Workspace'. Continue to the next step.
        2. First enter the requested information:
          • Name of Desktop (friendly name used to identify the Desktop template function or owner)
          • Mode (choose if individual or multiple (Shared) login functionality is enabled)
            (field is not available for every Room - default is individual)
          • Number of Desktops (choose how many Desktops are to be instantiated)
            (field is only visible if 'Shared' chosen for Mode)
          • Specification (hardware specifications)
          • Power Management (choose if the Desktop instance needs to remain powered on when idle)
        3. Click on the CREATE DESKTOPS FOR MEMBERS button. The CREATE DESKTOP(S) dialog will appear. (Click on the arrow to the left of the dialog title to return to the previous dialog.)
        4. Click on the Users field to open the list of Room members that you can assign to this Desktop template. (These are the users who will have access to the Virtual Desktop instance built from this template.)
        5. Select the name(s) of the Room members that you wish to assign to this Desktop template. (There must be at least one name specified. At this time, a template cannot be created without at least one Room member assigned to it.) A separate Desktop instance will be created for each user unless you have opted to create 'Shared' desktop instances.
          • Note that the user(s) assigned to this Workspace Desktop template will be given desktop admin rights on the Desktop instance built for them from the template only if the Room was created with "Desktop Administrator privileges" for Workspaces enabled.
        6. Click REVIEW. The REVIEW dialog will appear.
        7. Read the disclaimer (if any) and review the specification details.
        8. Click CREATE. The SUCCESS dialog will appear.
        9. Click CLOSE to dismiss the SUCCESS dialog.
    • For Linux-based Desktops:
      • Tehama Linux Desktops:
        1. Enter the requested information:
          • Name of Desktop (friendly name used to identify the Desktop function or owner)
          • Operating System
          • Specification (Hardware specifications)
        2. Click on the CREATE DESKTOPS FOR MEMBERS button. The CREATE DESKTOP(S) dialog will appear. (Click on the arrow to the left of the dialog title to return to the previous dialog.)
        3. Click on the Users field to open the list of Room members that you can assign to this Desktop template.
        4. Select the name(s) of the Room members that you wish to assign to this Desktop template. A separate Desktop instance will be created for each user. (Tehama can create up to five Desktop instances at one time. You can edit the Desktop template after creation in order to add more. There must be at least one name specified. At this time, a template cannot be created without at least one Room member assigned to it.)
        5. Click CHOOSE DESKTOP OPTIONS. The ENABLE DESKTOP ADMIN RIGHTS dialog will appear.
        6. Place a checkmark in the checkbox beside the sentence "Give desktop admin rights to desktop(s)" if you wish to allow the members the ability to install apps and modify system settings. Leave it unchecked otherwise.
        7. Click REVIEW. The REVIEW dialog will appear.
        8. Review the specification details.
        9. Click CREATE. The SUCCESS dialog will appear.
        10. Click CLOSE.

See the Add a Desktop Template section in the Desktops User Guide for more details.

 • Find your desktop

All members of a Room that have been assigned to a Desktop template in the Room will be able to view the Desktop instance generated for them from the template in the Tehama Web UI.

The Tehama Web UI provides lists of Desktop instances. Find your Desktop's list entry, so you can begin working with it.

Desktops are identifiable by the combination of their names and the name of the Room they belong to.

Find your Desktop in the Tehama Web UI:

  1. Choose A or B.
    A: find the Desktop in the list of all your Desktops in the organization
    1. Log in to the Tehama Web UI.
    2. Click on the DESKTOPS tab.
    3. Click the My Desktops radio button at the top of the page. (NOTE: If you are a Staff member in the organization, you will not see this radio button. The list will be restricted to only your assigned Desktops by default.)
    4. Look for the entry in the list with your Desktop's name and your Desktop's Room's name.
    B: find the Desktop in the list of your Desktops in the Room it belongs to
    1. Log in to the Tehama Web UI.
    2. Click on the ROOMS tab.
    3. Click on the name of the Room to which your Desktop belongs. You will see the Room's interface.
    4. Click the Room's WORK tab.
    5. Click on the MY DESKTOPS sidebar item.
    6. Look for the entry in the list with your Desktop's name.

Once you have located the entry for your Desktop, in either the DESKTOPS page or the MY DESKTOPS page, you can begin working with it.

 • Download Tehama Client

All members of a Room that have been assigned to a Desktop template in the Room will have access to the Tehama Desktop Client and the Teradici PCoIP Desktop Client downloads required to configure their devices through the Tehama Web UI.

The Tehama Client is required for launching a Desktop with a single-click. The Teradici PCoIP Client is used to launch a Desktop manually with credentials. (The Tehama Client uses Teradici PCoIP technology.)

Download and install the Tehama Client and the Teradici PCoIP Client on to your device before attempting to launch a Desktop from it.

This is a one time action per device.

Perform the download as follows:

  1. Log in to the Tehama Web UI.
  2. Click on the DESKTOPS tab.
  3. Click on the INSTALL CLIENT button in the top right of the page. This will display the TEHAMA CLIENT page. This page provides you with information about the Tehama Client and ways to download it.
  4. Locate the icon for your device's operating system (Linux, Windows, MacOS, Android/Chromebook or IGEL) and follow the instructions next to it to download the appropriate desktop client onto your device, if necessary.
  5. Follow any installation/configuration instructions that are provided in the downloaded artifact(s).
  6. Click on the X CLOSE button in the top right of the page to return to the DESKTOPS page.
  7. Ensure that your browser does not block the Tehama Client pop-up.

    When connecting to a Desktop, the Tehama Client is launched through a pop-up in your browser. Go into the settings for your chosen browser and make sure that the browser from which you intend to connect to your Desktop allows this pop-up from https://<your-org-subdomain>.tehama.io:443.

    Each browser configures pop-up controls differently. Query your browser's help to determine the correct procedure.

    If you attempt to connect to your Desktop using a browser that does not allow the Tehama Client pop-up, then the browser will block the Tehama Client pop-up, and it will not be able to launch.

    In some browsers, it is obvious when a pop-up is being blocked. In others, it is less obvious. For example:
    • In Firefox, a banner will appear at the top of the page stating that Firefox prevented the site from opening the pop-up. Click on the "Options" button on the banner to view your pop-up options.

    • In Google Chrome, the indication that a pop-up is being blocked is a small icon with a red X that appears in the browser's address bar. Click on that icon to allow pop-ups.

  8. You can test the single-click connect capability by clicking on the CONNECT button for any of your Desktops in the DESKTOPS page. This will launch your Desktop instance as a standalone application.

See the Download the Tehama Client onto Your Device section in the Desktops User Guide for more details.


 • Connect - single click

All members of a Room that have been assigned to a Desktop template in the Room can connect to their instance of the Desktop template (possibly a shared instance).

Connect (launch and log in to), with a single click, to your Desktop instance. While you are connected to your Desktop, it is considered to be 'in use'.

To connect to your Desktop:

  1. Locate the entry for the Desktop to which you want to connect in the Tehama Web UI.

  2. Look for the CONNECT button in the entry.
    • Note: If you see the word UNAVAILABLE next to the template's name instead of the CONNECT button, it means there are too many Desktop instances currently in use within the Room the template belongs to, and you will not be able to connect. A maximum of 75 Desktops can be in use within a Room concurrently when the Room has the Recordings Room feature enabled and a maximum of 200 Desktops when the Room has the Recordings Room feature disabled. (See the Desktop Session Auditing/Recordings User Guide for more details.)

  3. Click on the CONNECT button in the entry.

    This will launch your Desktop instance as a standalone application.

    IMPORTANT Your Desktop will fail to launch unless you have downloaded the Tehama Client and the Teradici PCoIP Client to your device.

    Follow the steps in section Download the Tehama Client onto Your Device. This is a one time action per device.
    A sequence of dialogs will let you know the stage of your connection request.

    • Stage 1 - Desktop Preparation: The PREPARING YOUR DESKTOP... dialog will appear while your Desktop is preparing for launch (for example, your desktop may be starting or it may be coming out of hibernation). This dialog will remain visible until the Desktop is ready to launch.

      Note, if for some reason, your Desktop failed to prepare itself for the launch stage successfully, the PREPARATION FAILED dialog will appear. You can retry the connection through the "Retry" link found on this dialog.

    • Stage 2 - Desktop Launch: The LAUNCHING YOUR DESKTOP... dialog will appear. This dialog will remain visible for a number of minutes while your Desktop launches.

      If you attempt to connect to your Desktop using a browser that does not allow the Tehama Client pop-up, then the browser will block the Tehama Client pop-up, and it will not be able to launch.

      In some browsers, it is obvious when a pop-up is being blocked. In others, it is less obvious. For example:
      • In Firefox, a banner will appear at the top of the page stating that Firefox prevented the site from opening the pop-up. Click on the "Options" button on the banner to view your pop-up options, then allow the pop-up.

      • In Google Chrome, the indication that a pop-up is being blocked is a small icon with a red X that appears in the browser's address bar. Click on that icon to allow pop-ups.

    • Stage 3 - Desktop Ready-for-use: The LAUNCH COMPLETE dialog will appear. At this point, your Desktop should be launched and ready for you to use.

      Note, if for some reason your Desktop failed to launch, you can retry the connection from the for your desktop in the table entry or through the "Retry" link on the LAUNCH COMPLETE dialog. Alternately, you can try to connect to your Desktop by entering the login credentials for your Desktop into the Teradici PCoIP Client. You can copy the necessary credentials from the CONNECT WITH CREDENTIALS dialog that appears when you click on the "connect with credentials" link on the LAUNCH COMPLETE dialog. you can manually connect to your desktop from the Teradici desktop client's user interface with See section 'Connect to a Desktop (with credentials) via Teradici PCoIP Client'._

See the Connect to a Desktop (single click) section in the Desktops User Guide for more details.

Important Notes about possible issues connecting your 'Workspace' type Desktop session:

  • Your Desktop may be restarting or rebooting. If so, wait a few minutes and try again.
  • For Windows users, if prompted to allow firewall access, click Allow Access.
    The connection can take a minute to be fully established.
  • Upon launch, your Desktop will begin initializing/starting. The Workspace Agent application (also known as the Desktop Agent) will start up in the background, but will not be shown. You can show the Workspace Agent by clicking on its icon in the tray or on the desktop. If the Workspace Agent detects an update, the update will be downloaded automatically but the Workspace Agent will not restart. Restart your Desktop session to run the new version of the agent.

Note: When logging off your 'Workspace' type Desktop, use the Start menu's "Log off" instead of X'ing out of the Desktop. This ensures that the virtual Desktop is properly logged out of and is available in a timely manner for re-login. This is particularly important in shared Workspaces.


 • Connect - creds via PCoIP

All members of a Room that have been assigned to a Desktop template in the Room can connect to their instance of the Desktop template (possibly a shared instance).

If for some reason you have trouble connecting to your Desktop through the single-click CONNECT button for your desktop in the table entry or through the "Retry" link on the LAUNCH COMPLETE dialog, you can manually connect to your Desktop from the Teradici PCoIP Client's user interface with credentials.

IMPORTANT Your Desktop will fail to launch unless you have downloaded the Tehama Client and the Teradici PCoIP Client to your device.

Follow the steps in section Download the Tehama Client onto Your Device. This is a one time action per device.

  1. Attempt to Connect to a Desktop (single-click).
  2. When the LAUNCH COMPLETE dialog appears at the end of hte launch sequence, click on the "connect with credentials" link. The CONNECT WITH CREDENTIALS dialog will appear. This dialog provides the credentials needed for manual connection.
  3. Launch the Teradici PCoIP Client in your device. You should see its user interface appear.
  4. Copy the Host Address/Registration Code field value from the CONNECT WITH CREDENTIALS dialog into the "Host Address or Code" field in the Teradici PCoIP Client.
    Note: For convenience, in Tehama, copy buttons are available that automatically place the Host Address/Registration Code, User Name or Password into the clipboard.
    Note: Desktop credentials are dynamic. The password is automatically rotated every five minutes.
  5. Enter a name for this connection in the Teradici PCoIP Client's "Connection Name" field.
  6. Click NEXT in the Teradici PCoIP Client.
  7. Copy the User Name field value from the CONNECT WITH CREDENTIALS dialog into the "Username" field in the Teradici PCoIP Client.
  8. Copy the Password field value from the CONNECT WITH CREDENTIALS dialog into the "Password" field in the Teradici PCoIP Client. (To view the Password value as plaintext, click on the 'eye' symbol in the field.)
  9. Click LOGIN in the Teradici PCoIP Client. This will launch your Desktop instance as a standalone application.

See the Connect to a Desktop (with credentials) section in the Desktops User Guide for more details.


 • Connect - creds via AWSweb

All members of a Room that have been assigned to a Desktop template in the Room can connect to their instance of the Desktop template (possibly a shared instance).

Another option for connecting to 'Workspace' type Desktops is through the Amazon Workspaces® Web Client with manually entered credentials.

(Note, this is ONLY available for Desktops of type 'Workspaces'.)

  1. Locate the entry for the Desktop (of type Workspace) to which you want to connect in the Tehama Web UI.
  2. Select the "Connect via AWS web client" menu item in the Actions menu for the entry. The Amazon WorkSpaces® Web Access interface will appear in a new browser tab.
  3. The CONNECT WITH CREDENTIALS dialog with credentials for your desktop will appear in the Tehama Web UI. Note the Host Address/Registration Code, the User Name and the Password values. (To view the Password value as plaintext, click on the 'eye' symbol in the field.)
    Note: Desktop credentials are dynamic. The password is automatically rotated every five minutes.
    Note: For convenience, in Tehama, copy buttons are available that automatically place the Host Address/Registration Code, User Name or Password into the clipboard.
  4. Copy the host address/registration code and paste it into the Amazon WorkSpaces® Web Access interface as indicated.
  5. Click Register.
  6. Copy the User Name and Password and paste them into the Amazon WorkSpaces® Web Access interface as indicated.
  7. Click Sign In. (If you are prompted with a Remember Me option, click No.) Your Workspace Desktop session will begin.

See the Connect to a Workspace (with credentials) via AWS Web Client section in the Desktops User Guide for more details.


 • Connect - creds via AWS

All members of a Room that have been assigned to a Desktop template in the Room can connect to their instance of the Desktop template (possibly a shared instance).

Another option for connecting to Workspace Desktops is through the Amazon Workspaces® Client with manually entered credentials.

(Note, this is ONLY available for Desktops of type 'Workspaces'.)

  1. Locate the entry for the Desktop (of type Workspace) to which you want to connect in the Tehama Web UI.
  2. Select the "Connect via AWS client" menu item in the Actions menu for the entry.
  3. The CONNECT WITH CREDENTIALS dialog with credentials for your desktop will appear in the Tehama Web UI. Note the Host Address/Registration Code, the User Name and the Password values. (To view the Password value as plaintext, click on the 'eye' symbol in the field.)
    Note: Desktop credentials are dynamic. The password is automatically rotated every five minutes.
    Note: For convenience, in Tehama, copy buttons are available that automatically place the Host Address/Registration Code, User Name or Password into the clipboard.
  4. Launch the Amazon WorkSpaces® Client in your device. You should see its user interface appear.
  5. Copy the host address/registration code and paste it into the Amazon WorkSpaces® Client's Registration Code field, then click Register. (If there is no field visible for this value, you may need to click the "Change Registration Code" link in order to enter/update this value.)
  6. Copy the User Name and Password and paste them into the Amazon WorkSpaces® Client's Username and Password fields, respectively.
  7. Click Sign In. (If you are prompted with a Remember Me option, click No.) Your Workspace Desktop session will begin.

See the Connect to a Workspace (with credentials) via AWS Client section in the Desktops User Guide for more details.


⁍ (Addendum) Additional Admin

This section details additional administrative functions that are performed only as needed, and are not necessary to begin using Tehama.

They are included here in this getting started guide since they are commonly performed tasks.

 • Resend org invite

Only the Org Admin user and Org/Room Managers of an organization can resend an invite email.

In the event the original email invitation link has expired, a new invite may be generated and sent. Follow these steps to resend an invite:

  1. Log in to the Tehama Web UI.
  2. Click on the MEMBERS tab.
  3. Click name of the invited, but still pending, member you wish to resend an invite to.
  4. In the resulting screen, Click the blue RESEND INVITE button.
    • If there is a need to send the link manually, you can use the invitation link presented.

See the 'Resend member invite' section in the Organization User Guide for more details.

 • Delete org members

Only the Org Admin user and Org/Room Managers of an organization can delete a member of the organization.

Note: If the organization has enabled Single Sign On (SSO) and SCIM user provisioning as its authentication method, delete or un-assign members from Tehama in the identity provider used. (See Single Sign On (SSO) and SSO User Provisioning in the Authentication User Guide for more information.)

Should you need to delete existing members, follow these steps:

  1. Log in to the Tehama Web UI.
  2. Click on the MEMBERS tab.

    • Option 1 (allows for bulk deletions):
      1. (a) Select the member you wish to delete by clicking in the checkbox to the left of the member's name. Select multiple members for bulk deletions.
        selected member row in team page
      2. (b) At the bottom of the page, click the Trash Can icon. You will see the DELETE MEMBER(S) dialog.
      3. (c) Confirm that you want to continue with the deletion and click DELETE.

    • Option 2:
      1. (a) In the row for the member you wish to delete, click on the three vertical dots menu under the Actions column.
        member row in team page actions menu open
      2. (b) Select the Delete Member item. You will see the DELETE MEMBER(S) dialog.
      3. (c) Confirm that you want to continue with the deletion and click DELETE.

See the Delete a member section in the Organization User Guide for more details.

 • Edit a Desktop

Only the Org Admin user and Org Managers and Room Managers (who are members of the Room) of a Room's owner organization (owner+connected or user+owner) can edit an existing Desktop template in the Room.

The Room's owner organization must handle this task.

If you need to modify the Virtual Desktop (Desktop Name or Member permissions only) follow these steps:

  1. Log in to the Tehama Web UI.
  2. Click on the ROOMS tab.
  3. Click the name of the Room that contains the Desktop you wish to edit.
  4. In the resulting screen (the Room interface), click CONFIGURE.
  5. Click on the WINDOWS DESKTOPS or LINUX DESKTOPS sidebar item, depending on what type of Desktop template you wish to edit.
    • A list of previously configured Desktops will appear.
  6. Locate the Desktop template you wish to edit.
  7. Click on the three vertical dots under the Actions column in the entry you wish to edit, then select 'Edit'. In the resulting dialog:
    • (a) Modify the name of the Desktop.
    • (b) Add or remove members as necessary by clicking in the drop-down list for the Users field.
    • (c) Click SAVE.

Note: Tehama can create up to five Desktop instances at one time, so restrict the number of new members added to the Users field during each edit session to five.

See the Edit a Desktop section in the Desktops User Guide for more details.

 • Delete a Desktop

The Org Admin users and Org Managers and Room Managers (who are members of the Room) of a Room's owner organizations (owner+connected or user+owner) can delete Desktop templates in the Room.

If you need to delete a Desktop template completely, follow these steps:

  1. Log in to the Tehama Web UI.
  2. Click on the ROOMS tab.
  3. Click the name of the Room that contains the Desktop template you wish to delete.
  4. In the resulting screen (the Room interface), click CONFIGURE.
  5. Click on the WINDOWS DESKTOPS or LINUX DESKTOPS sidebar item, depending on what type of Desktop template you wish to delete.
    • A list of previously configured Desktops templates will appear.
  6. Locate the Desktop template you wish to delete.
  7. Click on the three vertical dots under the Actions column in the entry you wish to delete, then select 'Delete'. The DELETE DESKTOPS dialog will appear.
  8. Type the name of the Virtual Desktop to confirm deletion (case sensitive).
  9. Click DELETE.

See the Delete a Desktop section in the Desktops User Guide for more details.