Skip to main content
Version: 1.1

User Management

This topic contains information on adding local users to Wayfinder, adding users to workspaces, and managing users using a CI pipeline.

We strongly recommend that you configure a single-sign-on (SSO) IDP so that you can avoid having to manage local user authentication in Wayfinder. See User Authentication Providers for instructions.

For information on types of Wayfinder users and their privileges, see Users and privileges.

Add a local user

If you are using an SSO IDP, users in your organisation will be able to log in to Wayfinder directly. Existing workspace users can invite other users directly to those workspaces, even if they have not logged in to Wayfinder before, using an invite link.

If you are not using an SSO IDP, or want to add an additional non-SSO user, you can do this from the CLI, as shown below.

To add a local user:

  1. Run the following command to create the user:

    wf create user USER-EMAIL -E

  2. Add a basicauth identity to the user:

    wf create identity basicauth -u USER-EMAIL

    You are prompted for a password. To accept a password on stdin, add --password -:

    wf create identity basicauth -u USER-EMAIL --password -

For more information, see wf create user and wf create identity basicauth.

Add an existing user to a workspace

You can add existing users, SSO or local, to a workspace using the wf create member CLI command or via the workspace's Members page in the UI.

To add an existing user to a workspace:

  1. Run this command:

    wf create member -u USER-EMAIL -w WORKSPACEID

If the user does not already exist, the CLI can generate an invite link or you can find the invite link on the workspace Members page.

Manage users within a CI Pipeline

Like everything in Wayfinder, users are resources and can be managed within a traditional pipeline.

Here's an example of how you might define a user and its membership to one or more workspaces from YAML files:

wf apply -f - <<EOF
---
apiVersion: org.appvia.io/v1alpha1
kind: User
metadata:
name: wayfinder@appvia.io
spec:
disabled: false
email: wayfinder@appvia.io
username: wayfinder@appvia.io
EOF

# Adding the user to one or more workspaces
wf apply -f - <<EOF
---
apiVersion: org.appvia.io/v1alpha1
kind: WorkspaceMember
metadata:
name: wayfinder@appvia.io
namespace: devs
spec:
username: wayfinder@appvia.io
---
apiVersion: org.appvia.io/v1alpha1
kind: WorkspaceMember
metadata:
name: wayfinder@appvia.io
namespace: prod
spec:
username: wayfinder@appvia.io
EOF

# View the membership of the user
$ wf whoami

# Or from context of the workspace
$ wf get members -w dev
$ wf get members -w prod

Make a user a Wayfinder admin

You can make any user a Wayfinder admin or revoke that user role.

To grant or revoke the Wayfinder admin user role:

  1. In the UI, click Wayfinder settings, and then navigate to the Users page.
  2. Search for the username, and then click Make admin.
  3. To revoke a user's Wayfinder admin role, click Revoke admin for that user.