Skip to content

User Access (SSO)#

By default, users logged in (via OAuth external IDPs) do not have any permissions

Two types of permissions can be granted to a user:

Customer Admin#

Customer Admin is an administrator level role for a user (with restrictive access). A user with this role can:

  • Create/Manage/Delete Tenants
  • Read cluster status (Overview page)
  • Administrate non-managed Projects/Namespaces
  • Install/Modify/Delete operators in non-managed Projects/Namespaces

To grant this permission to a user please open a support ticket with Username/Email of the desired user.

Tenant level Permissions#

These permissions are granted per Tenant and are only restricted to the tenant's Namespaces/Projects. For detailed explanation of these roles see Tenant Member Roles

These roles can be granted by Customer Admin by creating/editing the Tenant CR.

To grant Tenant level permissions see detailed example for Tenant CR

Configure Identity Provider For Your Cluster#

Social Identity Providers#

A social identity provider can delegate authentication to a trusted, respected social media account. Red Hat Single Sign-On includes support for social networks such as Google, Facebook, Twitter, GitHub, LinkedIn, Microsoft, and Stack Overflow.