diff --git a/public/docs-static/img/selfhosted/identity-providers/local/accept-invite.png b/public/docs-static/img/selfhosted/identity-providers/local/accept-invite.png new file mode 100644 index 00000000..41a9b3fe Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/local/accept-invite.png differ diff --git a/public/docs-static/img/selfhosted/identity-providers/local/invite-link.png b/public/docs-static/img/selfhosted/identity-providers/local/invite-link.png new file mode 100644 index 00000000..1a17b14d Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/local/invite-link.png differ diff --git a/public/docs-static/img/selfhosted/identity-providers/local/invite-user.png b/public/docs-static/img/selfhosted/identity-providers/local/invite-user.png new file mode 100644 index 00000000..fbcbe7d2 Binary files /dev/null and b/public/docs-static/img/selfhosted/identity-providers/local/invite-user.png differ diff --git a/src/pages/selfhosted/identity-providers/local.mdx b/src/pages/selfhosted/identity-providers/local.mdx index e9afa762..10c146d8 100644 --- a/src/pages/selfhosted/identity-providers/local.mdx +++ b/src/pages/selfhosted/identity-providers/local.mdx @@ -86,17 +86,70 @@ Store your encryption key securely. If lost, encrypted user data (emails, names) ## User Management +### Inviting Users via Dashboard + +You can invite users via a secure invite link, allowing them to set their own password. + +

+Invite User +

+ +1. Navigate to **Team** → **Users** +2. Click **Add User** +3. Select the **Invite User** tab +4. Fill in the user details: + - **Name** (required) - Display name + - **Email** (required) - User's email address + - **Role** - User role (User, Admin, etc.) + - **Expires in** - Number of days until the invite link expires (default: 3 days) + - **Auto-assigned groups** (optional) - Groups to assign when the user joins +5. Click **Create Invite Link** + +After creation, a modal displays: +- The **invite link** that you can share with the user +- The **expiration date** of the invite +- **Copy & Close** button to copy the link + +

+ Invite Link +

+ +The invited user can then: +1. Open the invite link in their browser +2. Set their own password +3. Log in to NetBird with their new credentials + +

+ Accept User Invite +

+ +#### Managing Pending Invites + +To view and manage pending invites: + +1. Navigate to **Team** → **Users** +2. Click **Show Invites** to switch to the invites view + +From the invites view, you can: +- **Regenerate** an invite link if it has expired or needs to be resent +- **Delete** an invite to revoke access before it's accepted + + +When an invite link is regenerated, the previous link becomes invalid. Only the new link can be used to complete registration. + + ### Creating Users via Dashboard -When embedded IdP is enabled, the Dashboard shows a **"Create User"** button (instead of "Invite User" shown for cloud-hosted NetBird): +As an alternative to inviting users, you can create users with a generated password: 1. Navigate to **Team** → **Users** -2. Click **Create User** -3. Fill in the user details: +2. Click **Add User** +3. Select the **Create User** tab +4. Fill in the user details: - **Email** (required) - User's email address for login - **Name** (required) - Display name - **Groups** (optional) - Auto-assign to groups -4. Click **Create** +5. Click **Create** After creation, a modal displays with: - The **generated password** with a copy button @@ -107,6 +160,42 @@ After creation, a modal displays with: The generated password is only shown once at creation time. It cannot be retrieved later. Make sure to copy it and share it securely with the user. +### Inviting Users via API + +```bash +curl -X POST "https://netbird.example.com/api/users/invites" \ + -H "Authorization: Bearer ${TOKEN}" \ + -H "Content-Type: application/json" \ + -d '{ + "email": "user@example.com", + "name": "New User", + "role": "user", + "auto_groups": ["group-id-1"], + "expires_in": 259200 + }' +``` + +The `expires_in` field specifies the invite validity period in seconds (e.g., 259200 = 3 days). + +Response: + +```json +{ + "id": "invite-abc123", + "email": "user@example.com", + "name": "New User", + "role": "user", + "invite_link": "abc123-token-xyz", + "invite_expires_at": "2024-01-10T12:00:00Z", + "auto_groups": ["group-id-1"] +} +``` + +Construct the full invite URL by appending the token to your dashboard URL: +``` +https://netbird.example.com/invite?token=abc123-token-xyz +``` + ### Changing User Passwords The Change Password feature allows local users on self-hosted NetBird deployments to update their account password directly from the dashboard.