Create users in the platform
Proper user configuration is important for effective access control and authentication on the platform. Each user account represents an individual who interacts with the platform.
Create a user account​
To create a new user in the platform:
Select the Users field on the left menu bar.
Click the button.
In the drawer that appears from the right, give your new user a name by replacing the 'my-user' placeholder name, or by updating the manifest YAML 'metadata.name' field.
[Optional] Update the user with any additional desired configuration options.
The Details tab contains user settings. The username is used to login and optionally you can also set the default password in this tab. The email address needs to be unique across users and can also be used to login instead of using the username. The subject is used to map a user to a SSO provider.
The Team Memberships tab contains settings that govern which teams the user is part of. The Teams selector allows you to make user part of the selected teams.
Advanced Options allow for configuring cluster roles that apply to this team, as well as Image Pull Secrets, that allow users in this team to automatically receive the provided image pull secrets upon logging into vCluster Platform (via the vCluster CLI).
Access allows you to define which users and teams have access to modify the team you are currently creating.
Click on the button.
User configuration options​
When creating a user, you can configure several important settings organized in tabs:
User details​
The Details tab contains essential user identification information:
- Username: The primary identifier used for login authentication. Choose something memorable but specific to the user.
- Password: Optionally set an initial password. For enhanced security, consider leaving this blank and using the password reset workflow instead.
- Subject: A unique identifier used to map this user to an external SSO provider. This field enables identity federation with authentication systems.
Team memberships​
The Team Memberships tab manages which teams this user belongs to:
- Use the Teams selector to add the user to one or more teams
- Team membership automatically grants the user all permissions associated with those teams
- Changes to team membership take effect immediately across all resources
Advanced options​
The Advanced Options section controls low-level permissions and access:
- Cluster Roles: Define specific Kubernetes cluster roles that apply directly to this user
- Image Pull Secrets: Configure registry credentials that the user automatically receives when logging into vCluster Platform via the CLI
The cluster roles defined here are combined with any roles inherited from team memberships, giving you fine-grained permission control.
Access controls​
The Access section determines who can manage this user account:
- Specify which users and teams have permission to modify this user's settings
- This meta-permission layer is crucial for delegated administration in larger organizations
User management best practices​
For effective management of users in vCluster:
- Use descriptive usernames: Choose usernames that clearly identify the individual user
- Leverage SSO where possible: For organizations with existing identity providers, configure SSO integration rather than managing separate credentials
- Prefer team-based permissions: Assign permissions to teams rather than individual users when possible
- Regularly audit user accounts: Periodically review user accounts to ensure they remain necessary and properly configured
Integration​
User accounts in the platform map to Kubernetes subjects in the underlying RBAC system:
- Each user is represented as a subject in Kubernetes role bindings
- Permissions granted to the user apply across all clusters managed by the platform
- Authentication tokens and credentials are securely managed by the platform