Onboarding and offboarding a user in Kommander

Before you begin

This procedure requires the following configurations and background:

• A Konvoy cluster with Kommander installed.
• A configured Identity Provider.
• Some familiarity with Kubernetes role-based access control principles.
• A configured group in Kommander.

Give access to a certain group

You can give access for a group to certain objects by creating policies that bind that group to a role. You can use roles available by default such as View Role or create custom fine-grained roles fitting your use-cases.

You can use the Kommander UI or the kubectl CLI to create policies, as explained in the role-based access control configuration tutorial. This tutorial explains you how to offer a certain access to a given group.

Add and remove a member to a group

Everything related to members happens in the Identity Providers section of Kommander.

You can add members in a group while creating a group and edit the members in the group later.

Use the cross at the right of the member name to remove a member from a group. You can list the groups in the Identity Providers section to access and edit list members.

Once a member is part of a group, you can login to the clusters targeted by the group’s roles using the user’s credentials. This requires using the right Identity Provider (GitHub, LDAP, or a configured OIDC provider).

Related information

• Installing and configuring Kommander
• Identity Providers in Kommander
• Configuring a GitHub Identity Provider in Kommander
• Granting access to Kubernetes resources in the CLI
• Access control in Kommander
• Kubernetes RBAC authorization