Pivotal Cloud Foundry v1.7

Controlling Apps Manager User Activity with Environment Variables

Page last updated:

This topic describes three environment variables that you can use to manage user interactions with Pivotal Cloud Foundry Apps Manager, and how to set these variables using the cf CLI.

Understanding Apps Manager Environment Variables

The following environment variables control which users can create Orgs and perform user management actions on Apps Manager.


This variable defaults to false, which disables the internal user store. This means that an admin must designate an external LDAP / AD user store as the source of user accounts.

Set this variable to true to let users register for new accounts, manage their account and password, and invite new members into their Orgs by clicking an “Invite New Members” link. This setting enables an internal user store within a Pivotal Cloud Foundry (PCF) installation’s own local User Account and Authentication (UAA) Server. With the internal store enabled, Cloud Foundry admins do not need to configure an external user store, such as an LDAP / AD server, to create user accounts.


This variable defaults to false, which prevents non-admin users from being able to create Orgs.

Note: Pivotal recommends using the feature flag user_org_creation to set this behavior. PCF 1.7 is the final release to support the environment variable ENABLE_NON_ADMIN_ORG_CREATION.

Set this variable to true to allow any user to create an Org. This setting activates two links on the user’s Org Dashboard:

  • The Create a New Org link in the drop-down menu in the left navigation panel
  • The Create Org link in the MY ORGS section of the My Account page, which you access from the user name drop-down menu


This variable defaults to false, which prevents users with the Space Manager role from managing existing users and roles within their Spaces. This allows admins to centrally manage users and roles.

Set this variable to true to allow users with the Space Manager role to manage existing users and roles within their Spaces.

Note: The previous ENABLE_NON_ADMIN_USER_MANAGEMENT environment variable that controlled many of the above features was deprecated in Pivotal Elastic Runtime 1.6.

Changing an Environment Variable Value

Note: To run the commands discussed in this section, you must log in to the cf CLI with your UAA Administrator user credentials. In Pivotal Operations Manager, refer to Elastic Runtime > Credentials for the UAA admin name and password.

To change an environment variable value:

  1. In a terminal window, set your target API to your Apps Manager URL by running cf api API-URL, where API-URL is the URL of the Cloud Controller in your Elastic Runtime instance.

    $ cf api api.YOUR-SYSTEM-DOMAIN

  2. Run cf login to log in as an admin. When prompted, provide your UAA Administrator user credentials. When prompted further, choose system as your org and system as your space.

    Note: If you are already logged in with UAA Administrator user credentials, switch to the correct org and space by running cf target -o system -s system. You do not need to log in again.

  3. Set an environment variable for either apps-manager-blue or apps-manager-green, depending on which is currently live. To learn more about how Apps Manager uses blue-green deployment to reduce downtime, review Using Blue-Green Deployment to Reduce Downtime and Risk. For example, to let users self-manage their org and space roles as described above, run the following command to set an environment variable for your live Apps Manager.

    $ cf set-env apps-manager-blue ENABLE_NON_ADMIN_ROLE_MANAGEMENT true

  4. Reinitialize your live Apps Manager with the new environment variable value.

    $ cf restart apps-manager-blue

Create a pull request or raise an issue on the source for this page in GitHub