User Management
Control access to your APIs and documentation.
Introduction
In Traefik Hub, Users are granted access to your APIs with Groups. Users can belong to multiple Groups.
The Identity Provider is the source of truth for Users and Groups. It is responsible for authenticating the users and telling Traefik Hub what groups they belong to. You can choose between the Traefik Hub (Internal IdP) embedded Identity Provider, or Keycloak, Okta, or any generic OIDC mechanism to manage authentication.
Traefik Hub uses the embedded IdP as default.
Throughout the documentation, the term Users refers to people browsing the Portal, and the term Consumers refers to the machine to machine consumption of APIs.
Users can have many Consumers attached to their accounts.
Consuming APIs & Authorizations
Groups are the entities that carry authorizations to APIs through API Access.
A user may belong to multiple groups and automatically has all the permissions granted to these groups.
| Group Name | Grants access to |
|---|---|
| Group AB | API A & API B |
| Group C | API C |
If a user belongs to Group AB and Group C, they will have access to API A, API B, and API C.
Consuming APIs & Rate Limit/Quotas
Groups are also the entities that carry the API Plans rules. As for authorization, when a user belongs to multiple groups, they receive the most favorable rate limit and quota on APIs based on the weight or naming of the API plan.
| GROUP | API | PLAN |
|---|---|---|
| Group A5 | API A | gold (rl: 10/1s, q: 1000/750h) |
| Group A10 | API A | silver (rl: 5/1s, q: 500/750h) |
If a user belongs to both Group A5 and Group A10, they will receive the rate limit and quota of the Gold Plan (10 rq/s, 1000 rq/750h) on API A, which is the most favorable among their assigned groups.
Consuming APIs - API Keys & JWT
When configuring the authorization system with API keys, users will generate keys from the Portal. Consumers will send that key to authenticate themselves.
When configuring the authorization system with JWT. Consumers won't need API keys but will need to reference the User ID (which is acting on behalf on) in the token.
Users
From the Dashboard, you can see known users. Known users are, depending on your configuration:
- Users who have connected to the Portal (OIDC use case)
- Synchronized Users (Keycloak / Okta use case)
- Every User (Internal IdP use case)
Synchronized Users (Keycloak / Okta) will be listed in the Traefik Hub after a first successful login.
Each User contains the following information:
- First Name
- Last Name
- Email Address
- Company
- Group(s)
Add a User
Select Users, here you will see all existing user, and you can validate and adjust their permissions and groups.
Select Add user in the right top corner to add a new user.
Fill out the form, all fields are required.
- First name
- Last name
- Company
- Groups
Every user has to be part of a user group, it is not possible to assign an individual user to an API or API collection.
You can assign the user to an already existing user group, or you can create a new one.
Choose an existing user group and select Save.
If you want to create a new user group, choose Create new User Group.
Fill out the name of the new user group and select Create.
Now you will see that the new user is part of the user group, select Save to finish the process.
Edit a User
To change user details—such as a user’s email, or contact information—edit the user account.
Select Users, here you will see all existing user, and you can validate and adjust their permissions and groups.
Select the user you want to edit.
This will show you the overview about the user. Now select Edit in the top right corner.
Adjust the settings and select Save.
Delete a User
To delete a user.
Select Users, here you will see all existing user, select the user you want to delete.
Now select Delete User in the left bottom.
Confirm the removal by selecting Yes, delete it.
Reset a User Password
Select Users, here you will see all existing user, select the user where you want to reset the password.
Select Reset password
User Groups
Groups don't carry additional information, they are a means of categorizing users and referencing these categories later in API Access and API Plan.
Create a Group
Select Groups, here you will see an overview about all user groups.
To create a new user group, select Add group on the right top corner.
Delete a Group
It is only possible to remove empty groups!
Select the trash icon on the right site to remove a group.
