Truefoundry makes it easy to add other members of your organization to the platform and provides role-based access control to manage the access to the resources. This guide talks about how to invite and manage users, teams, virtual accounts and manage access tokens. To understand the different roles and permissions to resources in TrueFoundry, you can read here. Truefoundry has three primary user entities:
  1. Users - These are the individuals who have access to the platform. They have a unique email address, and can be deactivated if the employee leaves the organization.
Users can only be deactivated, not deleted. This is to ensure that the user’s activity log is still maintained on the platform. If an employee created a resource and then left, you will be able to see when and who created the resource.
  1. Teams - These are groups of users which can be added together to a resource. For example, you can add a team as a viewer to a cluster, admin to a workspace, etc. Using teams, you can just grant access of resources to the team and then just manage the members within the team.
  2. Virtual Accounts - Virtual accounts are not mapped to any user. They can be created by admins to provide access to resources for applications / code. For e.g., if your code wants to access a Truefoundry API or model in the AI Gateway layer, it will need a valid token to access the API. In this case, we should not provide a user token, since it will be deactivated if the user leaves the organization.

Users

To enable your team members to join the platform, you can either setup SSO with your Identity Provider (IdP) or invite them manually. To setup SSO, you can read here.
We recommend setting up SSO since its more secure and also makes it easier to manage users.
To invite users manually, go to Platform → Access.Click on the Invite User button. Enter the user’s email address in the prompt.
If SSO is enabled for your organization, make sure to uncheck the “Send email to set password” checkbox. This ensures users sign in via SSO instead of setting a password manually.
Invite User After sending the invite:
  • The user will appear under the Users tab.
  • If you see a tag labelled Invite Pending or Registration Pending, it means the user has not yet completed the login process or accessed the platform.
Here are a few common actions you can perform on a user:

Teams

It might get cumbersome to add each individual user to each resource repeatedly. To solve this problem, we have the concept of teams using which you can add a team to a resource and then add or remove members from the team. To create a team in TrueFoundry, follow these steps:

Grant Access of a Resource to Team

Once a team has been created, you can grant it access to resources. To do so, follow these steps:

Virtual Accounts

Create and assign permissions to a Virtual account as shown below: