mirror of https://github.com/coder/coder.git
updates from meetings
This commit is contained in:
parent
561aefc70b
commit
ce82e45d45
|
@ -31,9 +31,9 @@ Examples:
|
|||
- The `@quality-assurance` group has a Windows workspace they use share for testing
|
||||
- The `@data-science` group has a provisioner in their own Kubernetes cluster but use a standard template
|
||||
|
||||
## Service Accounts
|
||||
## Headless Users
|
||||
|
||||
Service accounts can be used for CI jobs, third-party integrations, and other automation. Unlike other accounts in Coder, service accounts do not consume a license seat or have an OIDC/password login method, so they cannot be used to log in to the Coder UI.
|
||||
Headless user accounts can be used for CI jobs, third-party integrations, and other automation. Unlike other accounts in Coder, headless user accounts do not consume a license seat or have an OIDC/password login method, so they cannot be used to log in to the Coder UI.
|
||||
|
||||
## Custom Roles
|
||||
|
||||
|
@ -45,7 +45,7 @@ Examples:
|
|||
- The `Organization Lead` role can access user workspaces for troubleshooting purposes, but cannot edit templates
|
||||
- The `Platform Member` role cannot edit or create workspaces as they are created via a third-party system
|
||||
|
||||
Custom roles can also be applied to service accounts:
|
||||
Custom roles can also be applied to headless user accounts:
|
||||
|
||||
- A `Health Check` role can view deployment status but cannot create workspaces, manage templates, or view users
|
||||
- A `CI` role can update manage templates but cannot create workspaces or view users
|
||||
|
|
|
@ -49,14 +49,15 @@ The best way to give users access to this group is via claims identity provider
|
|||
|
||||
<div class="tabs">
|
||||
|
||||
## coder server
|
||||
> Note: Managing group and role sync via server config is deprecated and does not support multiple organizations.
|
||||
|
||||
The following server config maps people with the `ds` group claim to the `Everyone` group in the `data-science` organization:
|
||||
## CLI
|
||||
|
||||
```text
|
||||
CODER_OIDC_GROUP_MAPPING '{"ds-user": "data-science::Member:Everyone"}'
|
||||
CODER_OIDC_ROLE_MAPPING '{"ds-admin": "data-science:Administrator:Everyone"}'
|
||||
```
|
||||
<!-- TODO -->
|
||||
|
||||
## UI
|
||||
|
||||
<!-- TODO -->
|
||||
|
||||
## HCL
|
||||
|
||||
|
@ -81,7 +82,7 @@ resource "coderd_idp_mapping" "data_science_members" {
|
|||
# Add admins to the data science group
|
||||
resource "coderd_idp_mapping" "data_science_admins" {
|
||||
claim_name = "groups"
|
||||
claim_value_includes = "ds-user"
|
||||
claim_value_includes = "ds-admin"
|
||||
organization_id = data.coder_organization.data_science.id
|
||||
group_id = data.coder_organization.data_science.default_group_id
|
||||
role_id = data.coder_organization.data_science.admin_role_id
|
||||
|
|
Loading…
Reference in New Issue