User Management (Pro)
Since v0.25.0, the User Management feature is designed to streamline the administration of user roles, permissions, and access levels within a platform. This robust system allows super admins to create and manage user accounts with varying levels of access, ensuring that each user has the appropriate permissions to perform their tasks effectively. The feature supports multiple user types, including super admins, admins, service users, and platform users, each with distinct capabilities tailored to their roles within the organization.
At its core, the User Management feature enables the creation of user accounts through both invitation and direct addition methods. Super admins can assign Platform Access Levels (PAL) to users, determining their access to various functionalities across the platform. For instance, admins can manage user roles, invite new users, and oversee network configurations, while service users are limited to specific tasks without dashboard access, focusing instead on remote access via the RAC app. This hierarchical structure promotes security and efficiency, allowing organizations to maintain control over their user base while facilitating collaboration.
Additionally, the feature includes functionalities for managing network roles and groups, enhancing the granularity of access control. Admins can create network-specific roles and assign them to users, ensuring that they only have access to the resources necessary for their work. Groups can be formed to bundle roles, simplifying the management of permissions for multiple users at once. This flexibility is crucial for organizations with diverse teams and projects, as it allows for a tailored approach to user management that can adapt to changing needs and workflows.
Here is a breakdown of the different user types and their permissions (platform access levels):
-
Super Admin: Possesses complete control over the platform, including creating and managing all other user types and their permissions.
-
Admin: Has significant privileges to manage user accounts, assign roles, and oversee network configurations, but with limitations compared to the Super Admin (eg: cannot create other admins).
-
Platform User: Has access to the dashboard and can interact with assigned resources based on granted permissions, suitable for team members needing specific functionalities.
-
Service User: Designed for operational tasks without dashboard access, with permissions adjustable by Super Admins or Admins. The classic use case for this user type is remote access via the RAC app.
Adding usersCopied!
There are two ways to create a user:
-
Basic Auth: Fill in the user’s details and click Create User.
-
User Invite: Enter the email addresses of the users you want to invite. They will receive an email with a link to create their account. For Netmaker on-prem deployments, ensure that the SMTP client is configured to send emails.
Basic AuthenticationCopied!
This method is more suited for creating individual users directly. The admin just types a username and password for the user, then assigns them to a group.
Click on "Add a User" then choose "Create User"
User InviteCopied!
This method is more suited for inviting multiple users at once. The admin types in the email addresses of the users they want to invite, then assigns them to a group.
Users will receive an email with a link to create their account and will be assigned the groups set by the admin during the invite process. In the case of Netmaker on-prem deployments, ensure the SMTP client is properly configured to handle email delivery.
Please Note: For Netmaker on-prem deployments, additional server configurations are needed to enable email functionality. Refer to our guide for more details:
Advanced OptionsUser GroupsCopied!
User grouping in Netmaker Professional is a mechanism for organizing users based on shared attributes or roles. By placing users into groups, administrators can efficiently manage permissions and access controls.
In plain terms, a group can be viewed as a collection of network roles.
Here's how it works:
-
Group Creation: Administrators define groups based on criteria such as department, role, or project.
-
User Assignment: Users are added to relevant groups. A user can belong to multiple groups.
-
Permission Management: Instead of assigning permissions to individual users, permissions are assigned to groups in the form of network roles. This simplifies the management process, as changes to permissions only need to be made at the group level.
-
Inheritance: Users inherit permissions from the groups they belong to. If a user is part of multiple groups, the combined permissions from all groups apply.
In summary, a group’s permissions are determined by the different network roles that are assigned to that group. A user can be in multiple groups, and the inherited permissions are additive.
Refer to the “User Interface” reference section of the docs to have a pictorial view on how to create and manage users, roles and groups.
User InterfaceTransferring super admin rightsCopied!
Super admin rights can be transferred only to another admin. To do this, on the users page, go to the superadmin row and hover over the ellipsis. You will see an option to transfer admin rights. On clicking it, a dialog box will open allowing you to select any admin to transfer super admin rights to.
Integrating OAuthCopied!
Users are also allowed to join a Netmaker server via OAuth. They can do this by clicking the “Login with SSO” button on the dashboard’s login page. Check out the integrating oauth docs.
Controlling User SessionsCopied!
To enhance security and ensure optimal system performance, our platform provides robust tools to control user sessions. Admins can define time limits for user sessions, automaticall enforcing session expiration after a set period. This feature helps ensure that sessions are not left open indefinitely, reducing the risk of unauthorized access.
Key Features:
-
Customizable Timeout: Admins can configure the timeout duration based on security needs, such as 2 hours, 5 hours, or longer.
-
Automatic Session Expiration: Sessions automatically expire after a predefined period of time.
-
Seamless User Experience: Once a session expires, users are automatically logged out and redirected to the login page to reauthenticate.
How It Works:
-
Predefined Timeout Configuration: Admins set the session timeout in the
netmaker.env
file by defining theJWT_VALIDITY_DURATION
parameter (in seconds) to specify the duration of the session. And settingRAC_AUTO_DISABLE=true
to automatically enforce RAC session expiration. For example, settingJWT_VALIDITY_DURATION=28800
will define the session duration as 8 hours.