# How to Add Users {% embed url="" %} ### Purpose Adding and Managing Users in the Netmaker Platform ### Identity Provider (IDP) Integration Integrating an external Identity Provider (IDP) is the most efficient method for managing access at scale within Netmaker. By synchronizing with a provider like Google Workspace, you automate user onboarding and group management, ensuring that users have appropriate access levels based on their organizational roles. #### Configuring Google Workspace Synchronization To begin the integration, navigate to the **Settings** gear icon in the bottom-left corner of the sidebar and select the **Security & Authentication** tab. In the **Identity Providers Integration** section, locate the Google option. Netmaker offers two levels of integration: a basic **Setup OAuth only** option for external login and a full **Integrate** option for automated synchronization. To enable full synchronization, click the **Integrate** button.

A configuration wizard will guide you through the connection process. Review the **Required Permissions** listed in the modal and click **Get Started**. You will be prompted to follow on-screen instructions for the Google Cloud Console, including creating a project and configuring the OAuth consent screen. Once the Google Cloud project is ready, enter the **OAuth client ID** and **OAuth client secret** into the provided fields in Netmaker to finalize the connection.

#### Authentication Security Policies Beyond IDP integration, you can manage global platform security via the **Authentication Security** panel. Here, you can toggle **Basic Authentication** to enable or disable manual credential-based logins. For organizations requiring high security, you can toggle the **Enforce Multi-factor Authentication** switch to require MFA for every user on the platform.

Additionally, you can manage the **JWT Validity Duration**, which determines how long a user session remains active before a re-authentication is required. The default is set to 720 minutes but can be adjusted to meet your organization's security posture. ### Authentication Security Settings Beyond external identity provider integration, Netmaker provides a dedicated panel for managing core security protocols, including manual login permissions and session persistence. These settings are critical for defining the baseline security posture of your network management platform. #### Access and MFA Controls

Within the **Authentication Security** panel, administrators can govern how users access the platform. This includes a toggle for **Basic Authentication**, which allows or restricts the use of manual username and password credentials. For environments requiring higher security standards, you can toggle **Enforce Multi-factor Authentication**. When enabled, this requires all platform users to provide a second form of verification before they are granted access.

#### Session Management Session persistence is managed via JSON Web Tokens (JWT). The **JWT Validity Duration** setting determines how long a user remains logged into the dashboard or application before their session expires and they are required to re-authenticate.

The default session length is set to **720 minutes** (12 hours). To adjust this duration to better suit your organizational security policies, click the **Edit** button next to the value and enter the desired time in minutes. This ensures a balance between user convenience and the risk of unauthorized access via stale sessions. #### Reviewing Integration Status Once your security settings are configured, you can verify your active integrations by returning to the **Security & Authentication** tab. This view allows you to see the details of configured providers, such as Google Workspace, including the Client ID and admin contact information, ensuring all security layers are correctly aligned.

### Manual User Creation and Access Levels While automated Identity Provider (IDP) synchronization is efficient for large organizations, Netmaker provides a robust manual user management system for creating local accounts and defining granular access controls. #### Creating a New User To manually add a user, navigate to the **User Management** page from the left-hand sidebar and click the **+ Create User** button in the top-right corner. This opens a modal where you must define the user's primary credentials and permission scope.

1. **Identify the User:** Enter a unique identifier in the **Username** field and set a secure password. 2. **Assign Access Level:** Select the appropriate radio button to define the user's global platform permissions. 3. **Finalize:** Once details are entered and roles are assigned, click **Create User**. A confirmation toast will appear in the top-right corner. #### Understanding Platform Access Levels Netmaker utilizes three distinct access levels to ensure the principle of least privilege is maintained across the network infrastructure.

**1. Admin** Admins hold full system-wide permissions. They can manage all users, add or remove devices, configure global settings, and oversee every network within the platform. This level is intended for primary infrastructure maintainers.

**2. Platform User** Platform Users are granted dashboard access but are restricted to specific network administration duties. Their access is dictated by group membership. For example, assigning a Platform User to a 'cloud-overlay Admin Group' allows them to act as an administrator only for that specific network environment.

**3. Service User** Service Users are restricted accounts designed for standard end-users who do not require dashboard access. These users cannot log into the web UI; instead, they use the Netmaker Desktop application to connect to their assigned networks. Access is managed by adding them to specific user groups, such as an 'Office User Group'.

**4. Auditor** The Auditor role will gain full **read-only** access to the platform on the specified networks. #### Post-Creation Management Once created, users appear in the User Management table. From here, you can monitor their **Status** (Enabled/Disabled) and **Auth Type**. If you need to manage network-specific roles more granularly, you can navigate to the **Groups** tab to create custom groups and assign roles like 'admin' or 'user' to specific networks.

### Group and Role Management Netmaker utilizes a group-based system to manage granular access permissions across various networks. This allows administrators to define whether a user acts as an administrator or a standard user for specific network segments, ensuring the principle of least privilege.

#### Configuring Default and Custom Groups While the platform automatically generates default groups for basic administrative and user roles, you can create custom groups for more specific use cases. To create a new group, navigate to the **Groups** dashboard and click the **+ Create Group** button. In the resulting modal, provide a unique **Group Name** and a description to identify the group's purpose. The core of group management lies in the **Associated Network Roles**. Within this section, you can use a dropdown menu for each specific network to assign roles. Currently, these roles include: * **Admin:** Grants full management rights over the specific network. * **User:** Grants standard access to the network without administrative privileges.

#### User Onboarding via Invitations Beyond manual user creation, Netmaker supports an invitation workflow that streamlines onboarding. By clicking the **Invite User** button from the main dashboard, you can enter multiple email addresses to invite users in bulk. This system requires a configured SMTP server to send automated email invites.

When sending invitations, you must define the **Platform Access Level** (Admin, Platform User, or Service User). This sets the global permission for the invited user before they are assigned to specific network groups. Once configured, clicking **Create User Invite(s)** initiates the delivery of the invitation tokens. You can monitor the status of sent invitations and manage pending enrollment sign-ups by navigating to the **Invites & Requests** tab at the top of the interface. ### Email Invites and Pending Requests Netmaker provides streamlined methods for onboarding users through automated email invitations and a self-service sign-up queue. These features allow administrators to manage growth without manually creating every individual account.

#### Sending Email Invitations To invite new members to the platform via email, navigate to the **User Management** section and select the **+ Invite User(s)** button. This workflow leverages your configured SMTP server to send automated onboarding emails.

* **Recipient Entry:** In the invitation modal, enter one or more email addresses. Multiple addresses should be separated by commas. * **Set Access Level:** Choose the initial **Platform Access Level** (Admin, Platform User, or Service User) that the invitees will receive upon joining. * **Finalize:** Click **Create User Invite(s)** to dispatch the emails. #### Managing Pending Sign-Up Requests Users who have initiated a sign-up through the Netmaker Web UI or the Netmaker Desktop application without an invitation will appear in the **Requests** section. This acts as an approval queue to ensure only authorized individuals gain access to the network.

To manage these users, navigate to the **Invites & Requests** tab and scroll to the **Requests** table at the bottom of the interface. Here, you can review the pending list and approve users individually. Once approved, you can assign them to specific network groups and define their platform permissions.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://learn.netmaker.io/getting-started/walkthrough/how-to-add-users.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.