Skip to main content
Users can be added manually to a tenant or in an automated way by setting up Single Sign-On (SSO) with your Identity Provider (IdP).
We recommend setting up SSO since its more secure and also makes it easier to manage users. You can setup SSO with your Identity Provider (IdP) by reading here.

Add users

If you have setup SSO, users will automatically be added to the platform the first time they log in. They will see a button like Login wih Google|Azure|Okta|Keycloak depending on the IdP you have setup. Login with IdP In case you have not setup SSO or you want to invite users who are not a part of your IdP, you can use the Invite User button in Access -> Users page. You will need to enter the email of the user you want to add. Invite User
While inviting users manually, there is a checkbox for Send email to set password. If you check this checkbox, the user will receive an email with a link to set their password. You should not check this box if you want the user to sign in via SSO - since no password needs to be set in that case.

Assign or modify user role

Users can be assigned to different roles in the platform. The roles are:
  • Admin - Admin has the highest level of access and is responsible for managing the overall TrueFoundry platform. They have full control over all resources, including users, clusters, and workspaces. Usually there should be only a few admins in an organization.
  • Member - These are general users of the platform. Members, by default, don’t have access to any resources and need to be explicitly granted access to resources.
You can assign or modify user roles in the Access -> Users page.
In case you want the role to be assigned via a SSO group, you can set that in the SSO settings via the Role Mapping section. In the image below, if the user belongs to the tenant-admin-group in your IdP, they will be assigned the Admin role in Truefoundry when they join. Assign Role via SSO group
If once a user’s role is updated manually to tenant admin, it will take the precedence and will not be converted to tenant member even in absence of the SSO groups.

Deactivate user

Admins can deactivate a user’s account. This will prevent the user from logging in to the platform. This can be useful if you do not want to delete the user’s account, but just want to deactivate them temporarily.

Delete user

Admins can delete a user’s account that are no longer part of your organization. This will remove the user account from the list of users and will not effect any resources created by the user.
Before deleting the user, you MUST remove the user explicitily from all resources and teams, otherwise System will not allow to delete

Reset Password for a user

This is needed only if you are managing users manually and have not setup SSO. Admins can initiate a password reset process for a user. This will send an email to the user with a link to reset their password.

Personal Access Tokens (PATs)

Personal access tokens are long lived tokens that can assume all the permissions of the user and be used to access the platform programmatically.

Management of PATs

Users can create and manage their own personal access tokens under Access > Personal Access Token

Configuring limits

Admins can limit the age of these tokens and number of these tokens that user can create under Security settings.

Revoking PATs

Admins can also revoke all the active personal access tokens of a particular user account.

Manage Users programmatically

Admins can manage users programmatically using APIs. Please find the complete API reference here.
I