zmb3
commented
1 month ago I'm not sure I understand what problem you want to be solved here (the issue mentions two seemingly-separate items).
The section describes access as coming from the editor and access roles when it really comes from the --logins=root,ubuntu,ec2-user section of the command.
It's not one or the other. Access comes from both sections of the command:
- the
accessrole allows the{{internal.logins}}trait - the
users addcommand sets a few values for the newly-created user'sloginstrait
That said, this is a getting started guide, and SSH servers are typically the very first resource newcomers try to add. These semantics are not details that someone trying to enroll their first resource really needs to be troubled with.
The same goes for SSO. A getting started guide should demonstrate a concept as quickly as possible, and local users are a much easier way to get started than setting up SSO (there are a plethora of guides on how to configure SSO under the Manage Access section of the docs.
Does that seem fair or am I missing something?
Applies To
https://goteleport.com/docs/enroll-resources/server-access/getting-started/#access-the-web-ui
Details
In the linked section a Teleport local user is used and given permissions to login to the SSH server via the
tctl users add myusercommand. The section describes access as coming from the editor and access roles when it really comes from the--logins=root,ubuntu,ec2-usersection of the command.How will we know this is resolved?
The section to be updated per other Teleport docs to include local, SAML, OIDC, and Github users. It should also clarify that logins is what grants the local OS user access rather than the preset roles.
Related Issues