3b1dd98f52
This commit introduces a comprehensive Role-Based Access Control (RBAC) system for TenantAtlas. - Implements authentication via Microsoft Entra ID (OIDC). - Manages authorization on a per-Suite-Tenant basis using a table. - Follows a capabilities-first approach, using Gates and Policies. - Includes a break-glass mechanism for platform superadmins. - Adds policies for bootstrapping tenants and managing admin responsibilities.
16 lines
759 B
Markdown
16 lines
759 B
Markdown
# Quickstart for Tenant RBAC v1
|
|
|
|
This document provides a brief overview of how to get started with the new RBAC feature.
|
|
|
|
## 1. Login
|
|
- Users can now log in to TenantAtlas using their Microsoft Entra ID credentials.
|
|
|
|
## 2. Managing Tenant Members
|
|
- Users with the `owner` or `manager` role can manage tenant members from the "Settings" -> "Tenants" -> "Members" page.
|
|
- From here, you can add, edit, or remove members from the tenant.
|
|
|
|
## 3. Role Mappings
|
|
- Optional role mappings can be configured from the tenant detail page to automatically provision memberships based on Entra groups or app roles.
|
|
|
|
## 4. Break-glass
|
|
- A local superadmin account exists for emergency access. When logged in as the break-glass admin, a persistent banner will be displayed. |