zrok/assets/js/7f5ec875.bb718edf.js

"use strict";(self.webpackChunkwebsite=self.webpackChunkwebsite||[]).push([[1939],{7433:(n,e,i)=>{i.r(e),i.d(e,{assets:()=>d,contentTitle:()=>s,default:()=>m,frontMatter:()=>t,metadata:()=>a,toc:()=>c});const a=JSON.parse('{"id":"guides/self-hosting/organizations","title":"Organizations","description":"zrok (starting with v0.4.45) includes support for \\"organizations\\". Organizations are groups of related accounts that are typically centrally managed in some capacity. A zrok account can be a member of multiple organizations. Organization membership can also include an \\"admin\\" permission. As of v0.4.45 organization admins are able to retrieve an \\"overview\\" (zrok overview) from any other account in the organization, allowing the admin to see the details of the environments, shares, and accesses created within that account.","source":"@site/../docs/guides/self-hosting/organizations.md","sourceDirName":"guides/self-hosting","slug":"/guides/self-hosting/organizations","permalink":"/docs/guides/self-hosting/organizations","draft":false,"unlisted":false,"editUrl":"https://github.com/openziti/zrok/blob/main/docs/../docs/guides/self-hosting/organizations.md","tags":[],"version":"current","sidebarPosition":21,"frontMatter":{"sidebar_position":21,"sidebar_label":"Organizations"},"sidebar":"tutorialSidebar","previous":{"title":"Interstitial Pages","permalink":"/docs/guides/self-hosting/interstitial-page"},"next":{"title":"Personalized Frontend","permalink":"/docs/guides/self-hosting/personalized-frontend"}}');var o=i(4848),r=i(8453);const t={sidebar_position:21,sidebar_label:"Organizations"},s="Organizations",d={},c=[{value:"Configuring an Organization",id:"configuring-an-organization",level:2},{value:"Create an Organization",id:"create-an-organization",level:3},{value:"List Organizations",id:"list-organizations",level:3},{value:"Add a Member to an Organization",id:"add-a-member-to-an-organization",level:3},{value:"List Members of an Organization",id:"list-members-of-an-organization",level:3},{value:"Removing Organizations and Members",id:"removing-organizations-and-members",level:3},{value:"End-user Organization Administrator Commands",id:"end-user-organization-administrator-commands",level:2},{value:"End-user Organization Commands",id:"end-user-organization-commands",level:2}];function l(n){const e={a:"a",code:"code",h1:"h1",h2:"h2",h3:"h3",header:"header",p:"p",pre:"pre",...(0,r.R)(),...n.components};return(0,o.jsxs)(o.Fragment,{children:[(0,o.jsx)(e.header,{children:(0,o.jsx)(e.h1,{id:"organizations",children:"Organizations"})}),"\n",(0,o.jsxs)(e.p,{children:["zrok (starting with ",(0,o.jsx)(e.code,{children:"v0.4.45"}),') includes support for "organizations". Organizations are groups of related accounts that are typically centrally managed in some capacity. A zrok account can be a member of multiple organizations. Organization membership can also include an "admin" permission. As of ',(0,o.jsx)(e.code,{children:"v0.4.45"}),' organization admins are able to retrieve an "overview" (',(0,o.jsx)(e.code,{children:"zrok overview"}),") from any other account in the organization, allowing the admin to see the details of the environments, shares, and accesses created within that account."]}),"\n",(0,o.jsxs)(e.p,{children:["Future zrok releases will include additional organization features, including ",(0,o.jsx)(e.code,{children:"--closed"})," permission sharing functions."]}),"\n",(0,o.jsx)(e.h2,{id:"configuring-an-organization",children:"Configuring an Organization"}),"\n",(0,o.jsxs)(e.p,{children:["The API endpoints used to manage organizations and their members require a site-level ",(0,o.jsx)(e.code,{children:"ZROK_ADMIN_TOKEN"})," to access. See the ",(0,o.jsx)(e.a,{href:"/docs/guides/self-hosting/linux/#configure-the-controller",children:"self-hosting guide"})," for details on configuring admin tokens."]}),"\n",(0,o.jsx)(e.h3,{id:"create-an-organization",children:"Create an Organization"}),"\n",(0,o.jsxs)(e.p,{children:["The ",(0,o.jsx)(e.code,{children:"zrok admin create organization"})," command is used to create organizations:"]}),"\n",(0,o.jsx)(e.pre,{children:(0,o.jsx)(e.code,{children:"$ zrok admin create organization --help\nCreate a new organization\n\nUsage:\n  zrok admin create organization [flags]\n\nAliases:\n  organization, org\n\nFlags:\n  -d, --description string   Organization description\n  -h, --help                 help for organization\n\nGlobal Flags:\n  -p, --panic     Panic instead of showing pretty errors\n  -v, --verbose   Enable verbose logging\n"})}),"\n",(0,o.jsxs)(e.p,{children:["Use the ",(0,o.jsx)(e.code,{children:"-d"})," flag to add a description that shows up in end-user membership listings."]}),"\n",(0,o.jsx)(e.p,{children:"We'll create an example organization:"}),"\n",(0,o.jsx)(e.pre,{children:(0,o.jsx)(e.code,{children:"$ zrok admin create organization -d \"documentation\"\n[   0.006]    INFO main.(*adminCreateOrganizationCommand).run: created new organization with token 'gK1XRvthq7ci'\n"})}),"\n",(0,o.jsx)(e.h3,{id:"list-organizations",children:"List Organizations"}),"\n",(0,o.jsxs)(e.p,{children:["We use the ",(0,o.jsx)(e.code,{children:"zrok admin list organizations"})," command to list our organizations:"]}),"\n",(0,o.jsx)(e.pre,{children:(0,o.jsx)(e.code,{children:"$ zrok admin list organizations\n\n ORGANIZATION TOKEN  DESCRIPTION   \n gK1XRvthq7ci        documentation \n"})}),"\n",(0,o.jsx)(e.h3,{id:"add-a-member-to-an-organization",children:"Add a Member to an Organization"}),"\n",(0,o.jsxs)(e.p,{children:["We use the ",(0,o.jsx)(e.code,{children:"zrok admin create org-member"})," command to add members to organizations:"]}),"\n",(0,o.jsx)(e.pre,{children:(0,o.jsx)(e.code,{children:"$ zrok admin create org-member \nError: accepts 2 arg(s), received 0\nUsage:\n  zrok admin create org-member <organizationToken> <accountEmail> [flags]\n\nAliases:\n  org-member, member\n\nFlags:\n      --admin   Make the new account an admin of the organization\n  -h, --help    help for org-member\n\nGlobal Flags:\n  -p, --panic     Panic instead of showing pretty errors\n  -v, --verbose   Enable verbose logging\n"})}),"\n",(0,o.jsx)(e.p,{children:"Like this:"}),"\n",(0,o.jsx)(e.pre,{children:(0,o.jsx)(e.code,{children:"$ zrok admin create org-member gK1XRvthq7ci michael.quigley@netfoundry.io\n[   0.006]    INFO main.(*adminCreateOrgMemberCommand).run: added 'michael.quigley@netfoundry.io' to organization 'gK1XRvthq7ci\n"})}),"\n",(0,o.jsxs)(e.p,{children:["The ",(0,o.jsx)(e.code,{children:"--admin"})," flag can be added to the ",(0,o.jsx)(e.code,{children:"zrok admin create org-member"})," command to mark the member as an administrator of the organization."]}),"\n",(0,o.jsx)(e.h3,{id:"list-members-of-an-organization",children:"List Members of an Organization"}),"\n",(0,o.jsx)(e.pre,{children:(0,o.jsx)(e.code,{children:"$ zrok admin list org-members gK1XRvthq7ci\n\n ACCOUNT EMAIL                  ADMIN? \n michael.quigley@netfoundry.io  false \n"})}),"\n",(0,o.jsx)(e.h3,{id:"removing-organizations-and-members",children:"Removing Organizations and Members"}),"\n",(0,o.jsxs)(e.p,{children:["The ",(0,o.jsx)(e.code,{children:"zrok admin delete org-member"})," and ",(0,o.jsx)(e.code,{children:"zrok admin delete organization"})," commands are available to clean up organizations and their membership lists."]}),"\n",(0,o.jsx)(e.h2,{id:"end-user-organization-administrator-commands",children:"End-user Organization Administrator Commands"}),"\n",(0,o.jsxs)(e.p,{children:["When a zrok account is added to an organization as an administrator it allows them to use the ",(0,o.jsx)(e.code,{children:"zrok organization admin"})," commands, which include:"]}),"\n",(0,o.jsx)(e.pre,{children:(0,o.jsx)(e.code,{children:'$ zrok organization admin\nOrganization admin commands\n\nUsage:\n  zrok organization admin [command]\n\nAvailable Commands:\n  list        List the members of an organization\n  overview    Retrieve account overview for organization member account\n\nFlags:\n  -h, --help   help for admin\n\nGlobal Flags:\n  -p, --panic     Panic instead of showing pretty errors\n  -v, --verbose   Enable verbose logging\n\nUse "zrok organization admin [command] --help" for more information about a command.\n'})}),"\n",(0,o.jsxs)(e.p,{children:["The ",(0,o.jsx)(e.code,{children:"zrok organization admin list"})," command is used to list the members of an organization."]}),"\n",(0,o.jsxs)(e.p,{children:["The ",(0,o.jsx)(e.code,{children:"zrok organization admin overview"})," command is used to retrieve an overview of an organization member account. This is functionally equivalent to what the ",(0,o.jsx)(e.code,{children:"zrok overview"})," command does, but it allows an organization admin to retrieve the overview for another zrok account."]}),"\n",(0,o.jsx)(e.h2,{id:"end-user-organization-commands",children:"End-user Organization Commands"}),"\n",(0,o.jsxs)(e.p,{children:["All zrok accounts can use the ",(0,o.jsx)(e.code,{children:"zrok organization memberships"})," command to list the organizations they're a member of:"]}),"\n",(0,o.jsx)(e.pre,{children:(0,o.jsx)(e.code,{children:"$ zrok organization memberships\n\n ORGANIZATION TOKEN  DESCRIPTION    ADMIN? \n gK1XRvthq7ci        documentation  false  \n\n"})})]})}function m(n={}){const{wrapper:e}={...(0,r.R)(),...n.components};return e?(0,o.jsx)(e,{...n,children:(0,o.jsx)(l,{...n})}):l(n)}},8453:(n,e,i)=>{i.d(e,{R:()=>t,x:()=>s});var a=i(6540);const o={},r=a.createContext(o);function t(n){const e=a.useContext(r);return a.useMemo((function(){return"function"==typeof n?n(e):{...e,...n}}),[e,n])}function s(n){let e;return e=n.disableParentContext?"function"==typeof n.components?n.components(o):n.components||o:t(n.components),a.createElement(r.Provider,{value:e},n.children)}}}]);