HomeGuidesChangelog
GuidesDiscussionChangelogLog In

User Management

Control access and manage users

Limiting Access

Access to a standard Team Server can be controlled via an email-based allowlist. In this configuration, a user's email must be added to the allowlist by an administrator prior to logging into their Client installation. They will be able to register an account, but they will not be able to use their Gigantum Client until they have been added to the allowlist and will see this when logging in instead:

Blocked login screenBlocked login screen

Blocked login screen

To use the allowlist, it is recommended you configure outbound email sending and set email.require_verification: true. This will ensure that only users truly on the allowlist can log in.

To add a user to the allow list simply run the following on your Team Server:

./gigactl allowlist enable
./gigactl allowlist add [email protected]

The full set of possible allowlist commands are shown below:

$ ./gigactl allowlist enable # enable allowlist enforcement
$ ./gigactl allowlist disable # disable allowlist enforcement
$ ./gigactl allowlist list # list the current emails in the allowlist
$ ./gigactl allowlist add # add new email(s) to the allowlist
$ ./gigactl allowlist remove # remove email(s) from the allowlist
$ ./gigactl allowlist export # export the full allowlist yaml
$ ./gigactl allowlist import # import and apply a new allowlist yaml
$ ./gigactl allowlist edit # launch an external editor to modify the allowlist yaml

Managing Users

In a default Team Server Standard configuration, user management is provided via GitLab acting as an OAuth2 provider. As an administrator, you can login as the root user directly into GitLab. To do this:

  1. Get the root user password via gigactl by running ./gigactl show root-password
  2. Log into gitlab by going to <my server hostname>/admin and use the username root and the password displayed in the previous step