Skip to content

support an "approval" workflow

Flow:

  • user triggers deployment
  • an admin is informed of the request to create an account for this user
  • the user is informed that the account creation is pending approval
  • required action from admin -> approve (& deploy) / reject

Notes:

  • should be independent of backend
  • might define additional user states

Questions:

  • how do we store the pending state for a user?
  • (how) do we keep track of reserved names and uids?
  • is the user informed when the account is deployed?

Idea:

  • feudal stores only the oidc unique id for accounts pending approval
  • an email is sent to the admin the first time a deployment is triggered
  • subsequent times, the user gets a message saying that their account is still in pending state
  • content of email to admin: command to deploy user, different for each backend
    • local_unix -> easy
    • LDAP -> LDIF format
  • pull: users are not informed, they need to check if their account has been deployed
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

A HIFIS Service | Privacy | Imprint | Support | Documentation | Changelog