Colrows | User Management

Overview

Managing users is fundamental for enforcing data access controls and streamlining the user onboarding procedure. Hence, Colrows includes native user management as well as a comprehensive support for most of the popular authentication methods including LDAP, OAuth, SAML, and others. Additionally, Colrows can manage users across multiple realms concurrently; for example Colrows can be configured to authenticate users from both its native realm and Active Directory simultaneously. During authentication process, Colrows always prioritizes the native user realm; however, if user not found, it seamlessly transitions to the secondary authentication mechanism in line.

Native Authentication

The native user management in Colrows is designed as a lightweight component, functioning with a minimal set of user attributes. It allows teams to operate Colrows without a hard dependency on standard user management systems; and it is also the easiest path to spin Colrows process and explore it.

When Colrows is setup first-time, it creates a native user ‘admin’ with password ‘colrows’. ‘admin’ is always the first user which lives in 'native’ realm.

The ‘admin’ user can onboard other users by adding them from Colrows UI. Please note, all users with system role 'admin' are equal in rights and are allowed to mutate the system state i.e. add/delete/modify entities including users.

To onboard a new user-

Login to Colrows as Admin user
Go to the Users menu from the left Navigation Menu
Select the Add User option
Provide user details and click Save

Colrows User Onboarding

User Attributes

Attribute	Mandatory	Description
Name	Yes	Name of the user; can be edited later.
Username	Yes	Unique username across system. Can be email id or any alphanumeric string.
Email	Yes	User email id. This email will be used for send emails etc.
Password	Yes	Passphrase to login to account

OAuth/OIDC Authentication

Edit conf/colrows.yaml and update the below configuration to configure OAuth/OIDC athentication in Colrows-


security:
  auth:
    realms:
      oidc:
        client-id: <string>
        #client ID of application as configured in OAuth provider
        client-secret: <string>
        #client secret of application as provided in OAuth provider
        token-url: <string>
        #End-point URL of OAUTH server             
        order: <int>
        #order to consider in case multiple authentication mechanisms are configured. default : 999

SAML Authentication

Update conf/colrows.yaml as below to configure SAML authentication in Colrows-

Colrows


security:
  auth:
    realms:
    saml:
      idp-url: <string>
        #End-point URL of IDP server 
      issue-base-url: <string> 
        #Issuer base URL ex:http://localhost 
      soft-redirect-url: <string> 
        #Frontend base URL ex:cloud.colrows.com  
      certificate-alias: <string>
        #certificate alias name by which name certificate is imported in keystore

Use the Colrows utility to import certificates into Colrows.

When an user from a realm other than 'Native' logs-in to system first-time, Colrows creates a user reference with appropriate realm. This reference is used to seamlessly create user groups in Colrows and reference the user in other places such as access policy mapping.