Skip to main content

User Management

Control access to your APIs and documentation.

Introduction

In Traefik Hub, Users are granted access to your APIs with Groups.
Users can belong to multiple Groups.

The Identity Provider is the source of truth for Users and Groups. It is responsible for authenticating the users and telling Traefik Hub what groups they belong to.
You can choose between the Traefik Hub (Internal IdP) embedded Identity Provider, or Keycloak, Okta, or any generic OIDC mechanism to manage authentication.

Traefik Hub uses the embedded IdP as default.

info

Throughout the documentation, the term Users refers to people browsing the Portal, and the term Consumers refers to the machine to machine consumption of APIs.

Users can have many Consumers attached to their accounts.

Consuming APIs & Authorizations

Groups are the entities that carry authorizations to APIs through API Access.

A user may belong to multiple groups and automatically has all the permissions granted to these groups.

Group NameGrants access to
Group ABAPI A & API B
Group CAPI C

If a user belongs to Group AB and Group C, they will have access to API A, API B, and API C.

Consuming APIs & Rate Limit

Groups are also the entities that carry the Rate Limit rules.
As for authorizations, a user that belongs to multiple group will get the most favorable rate limit on APIs.

Group NameAPI NameRate limit
Group A5API A5rq/s
Group A10API A10rq/s

If a user belongs to Group A5 and Group A10, they will get 10rq/s on API A, which is the most favorable one from their groups.

Consuming APIs - API Keys & JWT

When configuring the authorization system with API keys, users will generate keys from the Portal.
Consumers will send that key to authenticate themselves.

When configuring the authorization system with JWT.
Consumers won't need API keys but will need to reference the User ID (which is acting on behalf on) in the token.

Users

From the Dashboard, you can see known users. Known users are, depending on your configuration:

  • Users who have connected to the Portal (OIDC use case)
  • Synchronized Users (Keycloak / Okta use case)
  • Every User (Internal IdP use case)
info

Synchronized Users (Keycloak / Okta) will be listed in the Traefik Hub after a first successful login.

Please refer to the FAQ for more information.

https://hub.traefik.io/users

API Management User Overview.

Each User contains the following information:

  • First Name
  • Last Name
  • Email Address
  • Company
  • Group(s)

Add a User

Select Users, here you will see all existing user, and you can validate and adjust their permissions and groups.

Select Add user in the right top corner to add a new user.

https://hub.traefik.io/users

Select user management

Fill out the form, all fields are required.

  • First name
  • Last name
  • Email
  • Company
  • Groups
https://hub.traefik.io/users/new

User form

info

Every user has to be part of a user group, it is not possible to assign an individual user to an API or API collection.

You can assign the user to an already existing user group, or you can create a new one.

https://hub.traefik.io/users/new

Choose existing user group

Choose an existing user group and select Save.

If you want to create a new user group, choose Create new User Group.

https://hub.traefik.io/users/new

Choose create new user group

Fill out the name of the new user group and select Create.

Create new user group

Now you will see that the new user is part of the user group, select Save to finish the process.

https://hub.traefik.io/users/new

User is part of a user group

Edit a User

To change user details—such as a user’s email, or contact information—edit the user account.

Select Users, here you will see all existing user, and you can validate and adjust their permissions and groups.

Select the user you want to edit.

https://hub.traefik.io/users

User is part of a user group

This will show you the overview about the user. Now select Edit in the top right corner.

https://hub.traefik.io/users/12345

User is part of a user group

Adjust the settings and select Save.

https://hub.traefik.io/users/12345

Adjust settings

Delete a User

To delete a user.

Select Users, here you will see all existing user, select the user you want to delete.

https://hub.traefik.io/users

Choose the user you want to delete

Now select Delete User in the left bottom.

https://hub.traefik.io/users/12345

Choose the user you want to delete

Confirm the removal by selecting Yes, delete it.

Choose the user you want to delete

Reset a User Password

Select Users, here you will see all existing user, select the user where you want to reset the password.

Select Reset password

User Groups

https://hub.traefik.io/users

API Management User Group Overview.

Groups don't carry additional information, they are a means of categorizing users and referencing these categories later in API Access and API Rate Limit.

Create a Group

Select Groups, here you will see an overview about all user groups.

To create a new user group, select Add group on the right top corner.

https://hub.traefik.io/groups

User groups

Delete a Group

It is only possible to remove empty groups!

Select the trash icon on the right site to remove a group.

https://hub.traefik.io/groups

Delete group

Delete group