User Access (SSO)#
By default, users logged in (via OAuth external IDPs) do not have any permissions
Two types of permissions can be granted to a user:
Customer Admin#
Customer Admin is an administrator level role for a user (with restrictive access). A user with this role can:
- Create/Manage/Delete Tenants
- Read cluster status (Overview page)
- Administrate non-managed Projects/Namespaces
- Install/Modify/Delete operators in non-managed Projects/Namespaces
To grant this permission to a user please open a support ticket with Username/Email of the desired user.
Tenant level Permissions#
These permissions are granted per Tenant and are only restricted to the tenant's Namespaces/Projects. For detailed explanation of these roles see Tenant Member Roles
These roles can be granted by Customer Admin by creating/editing the Tenant CR.
To grant Tenant level permissions see detailed example for Tenant CR
Configure Identity Provider For Your Cluster#
Social Identity Providers#
A social identity provider can delegate authentication to a trusted, respected social media account. Red Hat Single Sign-On includes support for social networks such as Google, Facebook, Twitter, GitHub, LinkedIn, Microsoft, and Stack Overflow.