Add Users to your Foreman Org
Add someone to your Organization
Foreman uses the Wolftech Active Directory for authentication (ensuring you are who you say you are) but it’s own database for authorization (controlling what access you have).
Any account on campus can technically login to Foreman, but only those IDs that you identify in Foreman can see or change your “stuff.”
To add someone to your organization, follow these steps:
- Click Administer -> Users
- Click the Create User button
- On the User tab:
- Set the Login field to the user’s Unity ID
- Set the Authorized By field to LDAP-Wolftech
- On the Organizations tab:
- Click on the Organization you’re assigning. The selected value will move to the right.
You do not need to fill out any of the other information, like name or e-mail address. These will be read from WolfTech when the person logs in.
This will associate an ID with your organization, but not grant rights.
OIT is working on automation that will update an organization with all the members of a user-group. Until this is tested, be sure to add new people to your Organization. This is especially important if your groups are managed in AD, and not in Foreman.
Grant permissions by adding someone to your User groups
As an organiztion member, a user can see other things in the organization, but by default has no permissions over them.
Permission to manipulate things in Foreman is controlled by Roles associated with User groups.
Use Wolftech groups in Foreman
If your group maintains group of users in the Wolftech Active Directory, you can use those groups in Foreman. You just need to know the name of your AD group.
- Click Administer -> User Groups
- Click Create User Group
- On the User Group tab: enter the Foreman group name, for example “YourADGroupName from Wolftech”
- On the External Groups” tab: Click +Add external user group and enter the name of your AD group.
- Click Submit to link the group.
It is important to understand that if you are using an external/Wolftech group to manage Foreman group members, you cannot also add and remove members with Foreman! Wolftech is read from, but never written to. If you want to use a set of base users from Wolftech, but also be able to add additional users with Foreman, see [Use both Wolftech and Foreman native groups] below.
Use seperate Foreman groups
If you don’t manage users with Wolftech, or if you just need some additional quick and dirty user groups, you can use the Foreman GUI.
- Click Administer -> User Groups
- Click on the User Group (same name as your Org)
- On the User Group tab:
- Click on the User you’re assigning. The selected value will move to the right.
You also can add an entire existing group to another group (nested groups)
Use both Wolftech and Foreman native groups
The nested group feature can be quite powerful.
As an example, consider the “College of Hypotheticals”
- with an Wolftech group
CHyp-Labadmins
containing their Lab system administrators - and a Wolftech group
CHyp-Part-timers
containing their part time (student) admins - and they also need to have a group of semi-random faculty build systems with Foreman
They could create three Foreman groups
CHyp-Labadmins from Wolftech
an External (to Foreman) groupCHyp-Part-timers from Wolftech
an External (to Foreman) groupCHyp-Additional-System-Builders
a native Foreman group.
They can then have their CHyp-Admins group
(see the next section) contain those three groups, and all would get the necessary Foreman access.
YourOrganization-Admins controls Foreman Access
When you organization was created, a user group named YourOrganization-Admins was made, and assigned the proper roles to manange your organization.
You must add any accounts you want to do work in your organization, either directly, through an intermediate group (read above) or delegate all management to Active Directory by setting an external (to Foreman) group.
Edit me