Every person who uses Truke KF has a user record in the KF database. This page covers managing those records. For how people prove who they are — passwords, single sign-on, reverse-proxy SSO, and API tokens — see authentication.
Each user has:
Add, change, or remove users through the administration interface at /admin/users.
The default configuration stores credentials in the KF database — no external service is required. A local user has a username and a password and signs in through the password form. This is enough for small teams; larger organisations usually add single sign-on.
To pre-provision a user for single sign-on, add them in /admin/users and leave the
password empty: they sign in through their identity provider, and KF fills in the
rest on first login.
KF supports four ways to authenticate, all configured in the [auth] section of
kf.ini and all resolving to the same user record and ACL:
See authentication for configuration and step-by-step setup.