Onboarding and offboarding a user in Kommander

Authorize a group and add or remove users in it.

Before you begin

This procedure requires the following configurations and background:

Give access to a certain group

You can give access for a group to certain objects by creating policies that bind that group to a role. You can use roles available by default such as View Role or create custom fine-grained roles fitting your use-cases.

You can use the Kommander UI or the kubectl CLI to create policies, as explained in the role-based access control configuration tutorial. This tutorial explains you how to offer a certain access to a given group.

Add and remove a member to a group

Everything related to members happens in the Identity Providers section of Kommander.

You can add members in a group while creating a group and edit the members in the group later.

Create Group Add Members

Use the cross at the right of the member name to remove a member from a group. You can list the groups in the Identity Providers section to access and edit list members.

Once a member is part of a group, you can login to the clusters targeted by the group’s roles using the user’s credentials. This requires using the right Identity Provider (GitHub, LDAP, or a configured OIDC provider).