Skip to main content

User Management

Control access to your APIs and documentation.


Introduction

In Traefik Hub, Users are granted access to your APIs with Groups. Users can belong to multiple Groups.

The Identity Provider is the source of truth for Users and Groups. It is responsible for authenticating the users and telling Traefik Hub what groups they belong to. You can choose between the Traefik Hub (Internal IdP) embedded Identity Provider, or Keycloak, Okta, or any generic OIDC mechanism to manage authentication.

Traefik Hub uses the embedded IdP as default.

info

Throughout the documentation, the term Users refers to people browsing the Portal, and the term Consumers refers to the machine to machine consumption of APIs.

Users can have many Consumers attached to their accounts.


Consuming APIs & Authorizations

Groups are the entities that carry authorizations to APIs through API Access.

A user may belong to multiple groups and automatically has all the permissions granted to these groups.

Group NameGrants access to
Group ABAPI A & API B
Group CAPI C

If a user belongs to Group AB and Group C, they will have access to API A, API B, and API C.

Consuming APIs & Rate Limit/Quotas

Groups are also the entities that carry the API Plans rules. As for authorization, when a user belongs to multiple groups, they receive the most favorable rate limit and quota on APIs based on the weight or naming of the API plan.

GROUPAPIPLAN
Group A5API Agold (rl: 10/1s, q: 1000/750h)
Group A10API Asilver (rl: 5/1s, q: 500/750h)

If a user belongs to both Group A5 and Group A10, they will receive the rate limit and quota of the Gold Plan (10 rq/s, 1000 rq/750h) on API A, which is the most favorable among their assigned groups.

Consuming APIs - API Keys & JWT

When configuring the authorization system with API keys, users will generate keys from the Portal. Consumers will send that key to authenticate themselves.

When configuring the authorization system with JWT. Consumers won't need API keys but will need to reference the User ID (which is acting on behalf on) in the token.


Users

From the Dashboard, you can see known users. Known users are, depending on your configuration:

  • Users who have connected to the Portal (OIDC use case)
  • Synchronized Users (Keycloak / Okta use case)
  • Every User (Internal IdP use case)
info

Synchronized Users (Keycloak / Okta) will be listed in the Traefik Hub after a first successful login.

https://hub.traefik.io/users

API Management User Overview.

Each User contains the following information:

  • First Name
  • Last Name
  • Email Address
  • Company
  • Group(s)

Add a User

Select Users, here you will see all existing user, and you can validate and adjust their permissions and groups.

Select Add user in the right top corner to add a new user.

https://hub.traefik.io/users

Select user management.

Fill out the form, all fields are required.

  • First name
  • Last name
  • Email
  • Company
  • Groups
https://hub.traefik.io/users/new

User form.

info

Every user has to be part of a user group, it is not possible to assign an individual user to an API or API collection.

You can assign the user to an already existing user group, or you can create a new one.

https://hub.traefik.io/users/new

Choose existing user group.

Choose an existing user group and select Save.

If you want to create a new user group, choose Create new User Group.

https://hub.traefik.io/users/new

Choose create new user group.

Fill out the name of the new user group and select Create.

Create new user group

Now you will see that the new user is part of the user group, select Save to finish the process.

https://hub.traefik.io/users/new

User is part of a user group.

Edit a User

To change user details—such as a user’s email, or contact information—edit the user account.

Select Users, here you will see all existing user, and you can validate and adjust their permissions and groups.

Select the user you want to edit.

https://hub.traefik.io/users

User is part of a user group.

This will show you the overview about the user. Now select Edit in the top right corner.

https://hub.traefik.io/users/12345

User is part of a user group.

Adjust the settings and select Save.

https://hub.traefik.io/users/12345

Adjust settings.

Delete a User

To delete a user.

Select Users, here you will see all existing user, select the user you want to delete.

https://hub.traefik.io/users

Choose the user you want to delete.

Now select Delete User in the left bottom.

https://hub.traefik.io/users/12345

Choose the user you want to delete.

Confirm the removal by selecting Yes, delete it.

Choose the user you want to delete

Reset a User Password

Select Users, here you will see all existing user, select the user where you want to reset the password.

Select Reset password


User Groups

https://hub.traefik.io/users

API Management User Group Overview.

Groups don't carry additional information, they are a means of categorizing users and referencing these categories later in API Access and API Plan.

Create a Group

Select Groups, here you will see an overview about all user groups.

To create a new user group, select Add group on the right top corner.

https://hub.traefik.io/groups

User groups.

Delete a Group

It is only possible to remove empty groups!

Select the trash icon on the right site to remove a group.

https://hub.traefik.io/groups

Delete group.

Delete group