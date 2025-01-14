TeleportUser
This guide is a comprehensive reference to the fields in the
resource, which you can apply after installing the Teleport Kubernetes operator.
resources.teleport.dev/v2
apiVersion: resources.teleport.dev/v2
|Field
|Type
|Description
|apiVersion
|string
|APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|kind
|string
|Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|metadata
|object
|spec
|object
|User resource definition v2 from Teleport
spec
|Field
|Type
|Description
|github_identities
|[]object
|GithubIdentities list associated Github OAuth2 identities that let user log in using externally verified identity
|oidc_identities
|[]object
|OIDCIdentities lists associated OpenID Connect identities that let user log in using externally verified identity
|roles
|[]string
|Roles is a list of roles assigned to user
|saml_identities
|[]object
|SAMLIdentities lists associated SAML identities that let user log in using externally verified identity
|traits
|object
|Traits are key/value pairs received from an identity provider (through OIDC claims or SAML assertions) or from a system administrator for local accounts. Traits are used to populate role variables.
|trusted_device_ids
|[]string
|TrustedDeviceIDs contains the IDs of trusted devices enrolled by the user. Note that SSO users are transient and thus may contain an empty TrustedDeviceIDs field, even though the user->device association exists under the Device Trust subsystem. Do not rely on this field to determine device associations or ownership, it exists for legacy/informative purposes only. Managed by the Device Trust subsystem, avoid manual edits.
spec.github_identities items
|Field
|Type
|Description
|connector_id
|string
|ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
|samlSingleLogoutUrl
|string
|SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
|user_id
|string
|UserID is the ID of the identity. Some connectors like GitHub have an unique ID apart from the username.
|username
|string
|Username is username supplied by external identity provider
spec.oidc_identities items
|Field
|Type
|Description
|connector_id
|string
|ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
|samlSingleLogoutUrl
|string
|SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
|user_id
|string
|UserID is the ID of the identity. Some connectors like GitHub have an unique ID apart from the username.
|username
|string
|Username is username supplied by external identity provider
spec.saml_identities items
|Field
|Type
|Description
|connector_id
|string
|ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
|samlSingleLogoutUrl
|string
|SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
|user_id
|string
|UserID is the ID of the identity. Some connectors like GitHub have an unique ID apart from the username.
|username
|string
|Username is username supplied by external identity provider