By default, Coder is accessible via password authentication. For productiondeployments, we recommend using an SSO authentication provider with multi-factorauthentication (MFA). It is your responsibility to ensure the auth providerenforces MFA correctly.

Configuring SSO

• OpenID Connect (e.g. Okta, KeyCloak, PingFederate, Azure AD)
• GitHub (or GitHub Enterprise)

Groups

Multiple users can be organized into logical groups to control which templatesthey can use. While groups can be manually created in Coder, we recommendsyncing them from your identity provider.

• Learn more about Groups
• Group & Role Sync

Roles

Roles determine which actions users can take within the platform. Typically,most developers in your organization have theMember role, allowing them tocreate workspaces. Other roles have administrative capabilities such asauditing, managing users, and managing templates.

• Learn more about Roles
• Group & Role Sync

User status

Coder user accounts can have different status types: active, dormant, andsuspended.

Active user

Anactive user account in Coder is the default and desired state for allusers. When a user's account is marked asactive, they have complete access tothe Coder platform and can utilize all of its features and functionalitieswithout any limitations. Active users can access workspaces, templates, andinteract with Coder using CLI.

Dormant user

A user account is set todormant status when they have not yet logged in, orhave not logged into the Coder platform for the past 90 days. Once the user logsin to the platform, the account status will switch toactive.

Dormant accounts do not count towards the total number of licensed seats in aCoder subscription, allowing organizations to optimize their license usage.

Suspended user

When a user's account is marked assuspended in Coder, it means that theaccount has been temporarily deactivated, and the user is unable to access theplatform.

Only user administrators or owners have the necessary permissions to managesuspended accounts and decide whether to lift the suspension and allow the userback into the Coder environment. This level of control ensures thatadministrators can enforce security measures and handle any compliance-relatedissues promptly.

Similar to dormant users, suspended users do not count towards the total numberof licensed seats.

Create a user

To create a user with the web UI:

1. Log in as a user admin.
2. Go toUsers >New user.
3. In the window that opens, provide theusername,email, andpassword for the user (they can opt to change their password after theirinitial login).
4. ClickSubmit to create the user.

The new user will appear in theUsers list. Use the toggle to change theirRoles if desired.

To create a user via the Coder CLI, run:

When prompted, provide theusername andemail for the new user.

You'll receive a response that includes the following; share the instructionswith the user so that they can log into Coder:

Suspend a user

User admins can suspend a user, removing the user's access to Coder.

To suspend a user via the web UI:

1. Go toUsers.
2. Find the user you want to suspend, click the vertical ellipsis to the right,and clickSuspend.
3. In the confirmation dialog, clickSuspend.

To suspend a user via the CLI, run:

Confirm the user suspension by typingyes and pressingenter.

Activate a suspended user

User admins can activate a suspended user, restoring their access to Coder.

To activate a user via the web UI:

1. Go toUsers.
2. Find the user you want to activate, click the vertical ellipsis to the right,and clickActivate.
3. In the confirmation dialog, clickActivate.

To activate a user via the CLI, run:

Confirm the user activation by typingyes and pressingenter.

Reset a password

As of 2.17.0, users can reset their password independently on the login screenby clicking "Forgot Password." This feature requiresemail notifications to beconfigured on the deployment.

To reset a user's password as an administrator via the web UI:

1. Go toUsers.
2. Find the user whose password you want to reset, click the vertical ellipsisto the right, and selectReset password.
3. Coder displays a temporary password that you can send to the user; copy thepassword and clickReset password.

Coder will prompt the user to change their temporary password immediately afterlogging in.

You can also reset a password via the CLI:

Resetting a password on Kubernetes

User filtering

In the Coder UI, you can filter your users using pre-defined filters or byutilizing the Coder's filter query. The examples provided below demonstrate howto use the Coder's filter query:

• To find active users, use the filterstatus:active.
• To find admin users, use the filterrole:admin.
• To find users who have not been active since July 2023:status:active last_seen_before:"2023-07-01T00:00:00Z"
• To find users who were created between January 1 and January 18, 2023:created_before:"2023-01-18T00:00:00Z" created_after:"2023-01-01T23:59:59Z"
• To find users who login using Github:login_type:github

The following filters are supported:

• status - Indicates the status of the user. It can be eitheractive,dormant orsuspended.
• role - Represents the role of the user. You can refer to theTemplateRole documentationfor a list of supported user roles.
• last_seen_before andlast_seen_after - The last time a user has used theplatform (e.g. logging in, any API requests, connecting to workspaces). Usesthe RFC3339Nano format.
• created_before andcreated_after - The time a user was created. Uses theRFC3339Nano format.
• login_type - Represents the login type of the user. Refer to theLoginType documentation for a list of supported values

Retrieve your list of Coder users