Home / BeaverDeck / Docs / User Guide / User management

User Management and Integrations

Admin users can manage BeaverDeck local users, roles, auth providers, group mappings, and configuration backup from User Management.

Permissions: User Management, provider configuration, group mappings, password reset, and configuration import/export require mode: admin. The users and roles permission keys do not independently unlock these APIs for non-admin roles.

Local Users and Roles

Create local users and assign them a role.
Reset local user passwords.
Create roles with mode admin or viewer.
admin mode grants all BeaverDeck permissions. Non-admin roles use explicit resource permission levels.
Scope non-admin roles to all namespaces or a configured namespace list.

Google OAuth

Google OAuth supports browser sign-in and Google Workspace group-to-role mapping. The sign-in button is shown only when the Google client ID, client secret, service account JSON, and delegated admin email are configured.

OpenID Connect and Azure Entra ID

Generic OpenID Connect uses provider discovery and group claim mapping. Azure Entra ID uses the same OIDC flow and can resolve groups through Microsoft Graph when scopes include User.Read and GroupMember.Read.All.

Configuration Backup

Use Export Configuration to download beaverdeck-config.yaml. Use Import Configuration to replace the runtime auth config and Secret after the import validates successfully. Passwords are exported as BeaverDeck bdk1$... hashes, not raw passwords.