Skip to content

User management

Tip

It is strongly recommended to configure your tenants and LDAP servers (if you intend to use them) before creating users.

This page allows you to manage the accounts used to access the Avalon application. Users can be of type Local (managed directly in Avalon) or LDAP (authenticated through an external LDAP/Active Directory server).

Update/Create user form
Creating a local user and assigning the 'admin' role to the 'admin' tenant.

Configuration parameters

This section covers the information required to create or update a user account and assign privileges.

  • User Type: Defines the origin of the account:
    • Local (internal to Avalon)
    • LDAP (external authentication)
  • Username: The unique identifier used for login. Must be unique across all user types.
  • Email: The user's email address.
  • Password: The account password. Mandatory for Local users.
  • Confirm password: Confirmation of the password.
  • Tenant selection: Select the target tenant from the dropdown menu (e.g., admin) to define the management scope.
  • Role selection: Select the appropriate role (e.g., admin, user) to determine permissions within that tenant.
  • Tenant validation: Click Add to finalize the assignment. A user can have multiple tenant assignments.

Password Generation

You can use the Generate password button to automatically create a strong, secure password.

Minimum assignment required

A user must be assigned to at least one tenant to be created. The Save button will remain disabled until a tenant assignment is added.

User roles

For each tenant assignment, you must select a role that defines the user's permissions:

  • user: Read-only access. The user can consult data from Avalon but cannot trigger any actions towards the network.
  • admin: Full administrative access. The user can perform any tasks available in Avalon.

Note

The admin tenant only supports the admin role. A user assigned to the admin tenant automatically receives full system access.

Local vs LDAP users

  • Local users:

    • Password is stored hashed in Avalon's database
    • You can reset the password if lost, but cannot retrieve it
    • Email address is managed in Avalon

  • LDAP users:

    • Password is verified by the LDAP server
    • Passwords are not stored in Avalon's database
    • Email address is retrieved from the LDAP server

Note

You cannot create an LDAP user if no LDAP server is configured in the LDAP settings.

Actions

  • Cancel: Discards all changes and returns to the user list.
  • Save: Validates and saves the user account.

Roadmap

  • RBAC with more granular control on each feature will come in Q1 2026.
  • RBAC with LDAP groups integration planned for 2026 (not yet committed).