diff --git a/docs/.custom_wordlist.txt b/docs/.custom_wordlist.txt index ed5b2fbb8..7c41df964 100644 --- a/docs/.custom_wordlist.txt +++ b/docs/.custom_wordlist.txt @@ -22,6 +22,7 @@ Kerberos keytab Keytab Keytabs +linux mountpoint msentraid NFS diff --git a/docs/assets/gdm-groups.png b/docs/assets/entraid-groups.png similarity index 100% rename from docs/assets/gdm-groups.png rename to docs/assets/entraid-groups.png diff --git a/docs/howto/login-gdm.md b/docs/howto/login-gdm.md index 6fa4f022f..0f84fa805 100644 --- a/docs/howto/login-gdm.md +++ b/docs/howto/login-gdm.md @@ -25,24 +25,6 @@ Upon successful authentication, the user is prompted to enter a local password. ![Prompt to create local password on successful authentication.](../assets/gdm-pass.png) -## Group management - -In our example the user `authd test` is a member of the Azure groups `Azure_OIDC_Test` and `linux-sudo`: - -![Azure portal interface showing the Azure groups.](../assets/gdm-groups.png) - -This translates to the following unix groups on the local machine: - -```shell -~$ groups -aadtest-testauthd@uaadtest.onmicrosoft.com sudo azure_oidc_test -``` - -There are three types of groups: -1. **Primary group**: Created automatically based on the user name -1. **Local group**: Group local to the machine prefixed with `linux-`. For instance if the user is a member of the Azure group `linux-sudo`, they will be a member of the `sudo` group locally. -1. **Remote group**: All the other Azure groups the user is a member of. - ## Commands ### authd diff --git a/docs/reference/group-management.md b/docs/reference/group-management.md new file mode 100644 index 000000000..12a7fdb3d --- /dev/null +++ b/docs/reference/group-management.md @@ -0,0 +1,30 @@ +# Group management + +Groups are used to manage users that all need the same access and permissions to resources. +Groups from the remote provider can be mapped into local Linux groups for the user. + +```{note} + Groups are currently supported for the `msentraid` broker. +``` + +## MS Entra ID + +MS Entra ID supports creating groups and adding users to them. + +> See [Manage Microsoft Entra groups and group membership](https://learn.microsoft.com/en-us/entra/fundamentals/how-to-manage-groups) + +For example the user `authd test`, is a member of the Entra ID groups `Azure_OIDC_Test` and `linux-sudo`: + +![Azure portal interface showing the Azure groups.](../assets/entraid-groups.png) + +This translates to the following unix groups on the local machine: + +```shell +~$ groups +aadtest-testauthd@uaadtest.onmicrosoft.com sudo azure_oidc_test +``` + +There are three types of groups: +1. **Primary group**: Created automatically based on the user name +1. **Local group**: Group local to the machine prefixed with `linux-`. For instance if the user is a member of the Azure group `linux-sudo`, they will be a member of the `sudo` group locally. +1. **Remote group**: All the other Azure groups the user is a member of. diff --git a/docs/reference/index.md b/docs/reference/index.md index 98b27c878..a8bf58880 100644 --- a/docs/reference/index.md +++ b/docs/reference/index.md @@ -6,4 +6,5 @@ :titlesonly: Troubleshooting +Group Management ```