From: Markus Frank <m.frank@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH pmg-docs v5 5/5] OIDC: add 'Autocreate Users with Assigned Role' description
Date: Wed, 26 Mar 2025 16:24:42 +0100 [thread overview]
Message-ID: <20250326152442.26822-6-m.frank@proxmox.com> (raw)
In-Reply-To: <20250326152442.26822-1-m.frank@proxmox.com>
Signed-off-by: Markus Frank <m.frank@proxmox.com>
---
new to v5
pmgconfig.adoc | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/pmgconfig.adoc b/pmgconfig.adoc
index 59a8f52..b39961a 100644
--- a/pmgconfig.adoc
+++ b/pmgconfig.adoc
@@ -1214,6 +1214,13 @@ exist. While authentication is done at the OpenID server, all users still need
an entry in the {pmg} user configuration. You can either add them manually, or
use the `autocreate` option to automatically add new users.
+* `Autocreate Users with Assigned Role` (`autocreate-role-assignment`): By
+default, all autocreated users will be assigned the Audit role. You can either
+assign a fixed xref:pmgconfig_localuser[role] to all autocreated users (for
+example, `source=fixed,fixed-role=helpdesk`), or set a custom claim that is used
+to assign users to different roles (for example,
+`source=from-claim,role-claim=custom_role_claim`).
+
* `Username Claim` (`username-claim`): OpenID claim used to generate the unique
username (`sub` or `preferred_username`).
--
2.39.5
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
next prev parent reply other threads:[~2025-03-26 15:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-26 15:24 [pmg-devel] [PATCH pmg-api/pmg-gui/pmg-docs v5 0/5] add default realm option and OIDC configuration panel Markus Frank
2025-03-26 15:24 ` [pmg-devel] [PATCH pmg-api v5 1/5] Auth Plugin: stop forcing the default realm to be the pmg realm Markus Frank
2025-03-26 15:24 ` [pmg-devel] [PATCH pmg-gui v5 2/5] realms: enable default realm support Markus Frank
2025-03-26 15:24 ` [pmg-devel] [PATCH pmg-gui v5 3/5] add OIDC configuration panel for PMG Markus Frank
2025-03-26 15:24 ` [pmg-devel] [PATCH pmg-docs v5 4/5] OIDC: rename subject to sub and username to preferred_username Markus Frank
2025-03-26 15:24 ` Markus Frank [this message]
2025-05-19 15:05 ` [pmg-devel] [PATCH pmg-api/pmg-gui/pmg-docs v5 0/5] add default realm option and OIDC configuration panel Markus Frank
2025-06-26 10:50 ` [pmg-devel] applied-series: " Stoiko Ivanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250326152442.26822-6-m.frank@proxmox.com \
--to=m.frank@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.