Merge pull request #291 from gravitl/kwesi-net-1064-adding-o-auth-users

docs(NET-1064): add docs for oauth users gatekeeping
gravitl · Mar 28, 2024 · 9a99a1a · 9a99a1a
2 parents 7cdded8 + 3f60b37
commit 9a99a1a
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 6 deletions.
diff --git a/images/user-mgmt-pending.png b/images/user-mgmt-pending.png
diff --git a/images/user-mgmt.png b/images/user-mgmt.png
diff --git a/oauth.rst b/oauth.rst
@@ -63,20 +63,39 @@ Once successful, users can click the key symbol on the login page to sign-in wit
    :alt: Login Oauth
    :align: center
 
+
 Configuring User Permissions
 ===============================
 
-All users logging in will have zero permissions on first sign-in. An admin must configure all user permissions.
+User management is done through the Netmaker dashboard, under the Users (or Manage Account, for SaaS) section from the left navigation bar.
+Only server admins have access to this section and can promote users to admin status. The superadmin/tenant owner can both promote and demote users to admin status.
+
+.. image:: images/user-mgmt.png
+   :width: 80%
+   :alt: Users
+   :align: center
+
+Normal users do not have access to the dashboard and are recommended to use our Remote Access Client to connect to the network.
+An admin must aforehand grant such users permission to certain networks by assigning them to remote access gateways however. View the "Remote Access" section for more information on this.
 
-Admins must navigate to the "Users" screen to configure permissions.
+User creation
+-------------
 
-For each user, an admin must specify which networks that user has access to configure. Additionally, an Admin can elevate a user to Admin permissions.
+To create a new user, click the "Add a User" button on the Users page. Fill in the user's details and click "Create User".
 
 .. image:: images/oauth3.jpg
    :alt: Edit User 2
    :align: center
 
-.. image:: images/oauth2.jpg
+Oauth Users
+-----------
+
+Users are also allowed to join a Netmaker server via OAuth. They can do this by clicking the "Login with SSO" button on the dashboard's login page.
+
+.. image:: images/user-mgmt-pending.png
    :width: 80%
-   :alt: Edit User
+   :alt: Pending Users
    :align: center
+
+From v0.23.1, new accounts would be added to a pending list and would require approval from an admin before they can access any resource. This version also allows whielisting of email domains for OAuth users.
+Server admins can do that by adding a comma-separated list of domains to the `ALLOWED_EMAIL_DOMAINS` environment variable. eg: `ALLOWED_EMAIL_DOMAINS=example.net,example.com`
diff --git a/ui-reference.rst b/ui-reference.rst
@@ -20,7 +20,7 @@ When you start Netmaker for the first time, you will be prompted to create an ad
 (1) **Username:** Enter a unique username for the admin user.
 (2) **Password:** Enter a secure password for your new user.
 (3) **Password Confirmation:** Repeat the password for verification.
-(4) **Signup with OAuth:** Button to signup with OAuth.
+(4) **Signup with OAuth:** Button to signup with OAuth. From v0.23.1, OAuth users will need further approval from a server admin to gain access.
 
 Login
 --------