Teleport Operator - Users and Roles #23098
-
|
Teleport Operator is currently in preview mode, we have installed and tested it, roles and users do get added into teleport .. no prob However, when we add a user,m we can not find a way to extract the initial setup link for each user .. we have checked operator sidecar logs, CRD status's etc .. but it remains hidden. The only way we can find is to create another user, then use that to login to the UI and Reset the Authentication are we missing something here .. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Looking at this CRD, it seems it is indented for SAML, Github and oIDC users only, I can see no provision for local users |
Beta Was this translation helpful? Give feedback.
-
|
The operator reconciles users but not reset tokens. Tokens are short-lived and it would not be safe to keep always valid user reset tokens hanging around as they would allow account takeover. Once the user has been created with the operator, you must issue a password reset token and securely deliver the token/link to the user. This is documented in the "User and Role IaC guide" doc. |
Beta Was this translation helpful? Give feedback.
The operator reconciles users but not reset tokens. Tokens are short-lived and it would not be safe to keep always valid user reset tokens hanging around as they would allow account takeover.
Once the user has been created with the operator, you must issue a password reset token and securely deliver the token/link to the user. This is documented in the "User and Role IaC guide" doc.