You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Once you have created a Codefresh account, you can add any number of users to collaborate on repositories, workflows, and pipelines, and teams of users. For Codefresh on-premises, see [On-premises account & user setup]({{site.baseurl}}/docs/installation/on-premises/on-prem-configuration/).
You can then create teams in Codefresh to group users who share a common denominator, such as the same permissions, access to the same functionality, or roles. Teams make it easy for administrators to both define and manage items shared by multiple users in an orgranization.
## Users in Codefresh
Adding a user to an account requires assigning a role to define access to account resources, and optionally, selecting an SSO provider for the user:
* **Role**: Defines the user's access level to the resources in the account.
Expand All
@@ -28,39 +26,38 @@ on clusters, docker registries, git integrations, shared configurations etc.
For guidelines on access control, see [Access control]({{site.baseurl}}/docs/administration/account-user-management/access-control/).
* **SSO**: By default, SSO is not enabled for users. If required, explicitly select the SSO provider. For an overview of SSO, see [Single Sign on]({{site.baseurl}}/docs/administration/single-sign-on/).
### Add a user to a Codefresh account
### Add a user to a Codefresh account
1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **Account Settings**.
1. On the sidebar, from Access & Collaboration select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.
1. On the sidebar, from Access & Collaboration select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.
1. Select **Users**, and then select **+ [Add User]**.
1. Type the **User's email address**, and click **Invite**.
<!---add screenshot-->
The user receives an email invitation, and in the Users list, the username is set to Pending, and status to Resend.
1. From the **Role** dropdown, select either **User** or **Administrator**.
1. Type the **User's email address**, and click **Invite**.
<!---add screenshot-->
The user receives an email invitation, and in the Users list, the username is set to Pending, and status to Resend.
1. From the **Role** dropdown, select either **User** or **Administrator**.
1. If SSO is configured for the account, **Select SSO provider**.
### Manage users in a Codefresh account
Once you add a user to your Codefresh account, you can do the following to manage that user:
Once you add a user to your Codefresh account, you can do the following to manage that user:
* Resend invitations that are pending acceptance: Select **Resend**.
* Edit the user's email address: Select **Edit**.
* Change the role: From the **Role** dropdown, select the new role.
* Change SSO provider: From the **SSO** dropdown, select the new SSO provider.
* Remove the user account: Select **Delete**.
## Teams in Codefresh
Teams are users who share the same permissions, roles, or requirements defined according to company processes. Teams allow you to enforce access control through ABAC (Attribute Based Access Control).
By default, there are two teams:
* Users
* Admins with users [invited as collaborators](#assign-a-user-to-a-team)
>**NOTE**
Only Enterprise customers can add new teams. Other Codefresh plans can only use the predefined *Users* and *Admin* teams. [Contact us](https://codefresh.io/contact-us/){:target="\_blank"} to upgrade to an Enterprise plan.
>**NOTE**
> Only Enterprise customers can add new teams. Other Codefresh plans can only use the predefined *Users* and *Admin* teams. [Contact us](https://codefresh.io/contact-us/){:target="\_blank"} to upgrade to an Enterprise plan.
### Automatically creating projects for teams
Expand All
@@ -69,13 +66,13 @@ As part of the global pipeline settings for an account, when creating a team, yo
### Create a team in Codefresh
Create a team in Codefresh and then assign users to the team. You can assign the same user to multiple teams, as in most companies, users have overlapping roles.
1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **User Management**.
1. From the sidebar, from Access & Collaboration, select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.
1. From the sidebar, from Access & Collaboration, select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.
1. Select **Teams**, and then select **Create a Team**.
1. Enter the **Team Name**.
> **NOTE**
The team name can include only lower-case alphanumeric characters and hyphens, without spaces.
> **NOTE**
> The team name can include only lower-case alphanumeric characters and hyphens, without spaces.
See the screenshot below for some sample team names.
Expand All
@@ -89,19 +86,21 @@ Create a team in Codefresh and then assign users to the team. You can assign the
%}
### Assign a user to a team
1. To assign users to the team, do the following:
1. Hover over the team name and click the **Settings** icon.
1. Hover over the team name and click the **Settings** icon.
1. Click **Invite to team**, type the email address of the user to invite, and then click **Add**.
1. To change the name of the team, click **Edit** and type the new name.
1. To change the name of the team, click **Edit** and type the new name.
## Define session timeouts and domain restrictions for user accounts
As an administrator, you can optionally define session timeouts to automatically log out users who have been inactive for the specified duration, and restrict invitations to specific email domains.
>**NOTE**
The maximum duration for inactivity is 30 days. Inactive users are warned 15 minutes before they are logged out.
>**NOTE**
> The maximum duration for inactivity is 30 days. Inactive users are warned 15 minutes before they are logged out.
1. In the Codefresh UI, on the toolbar, click the **Settings** icon, and then select **Account Settings**.
1. On the sidebar, from Access & Collaboration, select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.
1. On the sidebar, from Access & Collaboration, select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.
1. Select **Security**.
1. For **User Session**, add the timeout duration in minutes/hours/days.
1. To restrict invitations to specific email domains, below User Invitations, turn on **Restrict inviting additional users..** and then in the **Email domains**, type in the domains to allow, one per line.
Expand All
@@ -115,12 +114,18 @@ As an administrator, you can optionally define session timeouts to automatically
max-width="90%"
%}
## Troubleshootadd users
## Troubleshootuser invites
* [Account invitation not permitting login]({{site.baseurl}}/docs/kb/articles/account-invite-not-permitting-login/){:target="\_blank"}
<!--this is already mentioned as inline refs; add other topics-->
1. For your security and to ensure a smooth process, it's crucial that the email account you're logging in with is the same as the email address used for the invite.
1. Log out of any previous sessions with the relevant identity provider and, if necessary, try a different browser or a private/incognito window.
1. If you can log in but need help finding the inviting account, your user may be under multiple accounts. If this is the case, you can switch between available accounts via the user menu drop-down in the upper right-hand corner.
1. If you are prompted to create an organization, you either logged in before you were invited to the account or logged in with a different email address than the invite.
* Finish the account setup by entering a unique organization name (this creates a personal account).
* Once logged in, click your username on the top right and see if you have access to the invited account.
1. If this issue persists, please know that our support team is here for you. [Contact](https://support.codefresh.io/hc/en-us/requests/new) them with as many details as you have, and they will assist you promptly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
@@ -17,7 +17,9 @@ When running the CLI to use Codefresh, it returns error 403: Permission Denied.
## Details
The API key does not have the correct access permissions, or your user doesnot have access. If the user does have correct access permissions, you may need to refresh the API key.
The API key does not have the correct access permissions, or your user does not have access. If the user does have correct access permissions, you may need to refresh the API key.
If thishappen within a build, builds are ran with the user context of the user who started it. So if any Codefresh CLI commands within a build fails with a 403 error, that means the user who started the build does not have the permissions to run this command.
### Updating API Key
Expand All
@@ -31,8 +33,6 @@ The API key does not have the correct access permissions, or your user doesnot h
>
>If you have multiple contexts, specify this in your command above. `codefreshcauth create-context [name] --api-key <KEY>`
Contact one of your administrators if your user lacks access.
Contact one of your administrators if your user lacks access. As an account admin, make modifications to the user's team assignment and/or your account's permissions rules to grant the user access on relevant objects and actions.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.