Users and Groups¶
In Kanboard there are two types of users:
|Local User||User that stores his password in Kanboard’s database|
|Remote User||User credentials are managed by another system (Example: LDAP server)|
Examples of remote users:
- LDAP user
- Users authenticated by a reverse-proxy
- OAuth2 users
Each Kanboard user has one of these roles:
|Administrator||Access to everything|
|Manager||Can create team projects but cannot change application settings|
|User||Can create private projects only|
Each individual team project can assign a different role to each user and group:
|Project Manager||Can change project settings, access to the Gantt chart and reports|
|Project Member||Can create tasks and use the board|
|Project Viewer||Read-only access to the board and tasks|
Custom project roles can be created to apply a set of restrictions to the users.
In Kanboard, each user can be a member of one or many groups. A group is like a team or an organization.
Only administrators can create new groups and assign users.
Groups can be managed from User management > View All Groups. From there, you can create groups and assign users.
Each project manager can authorize the access to a set of groups from the project permissions page.
The external id is mainly used for external group providers. Kanboard provides a LDAP group provider to sync automatically groups from LDAP servers.
Add a New User¶
To add a new user, you must be an administrator.
- From the dropdown menu in the top right corner, go to the menu Users Management
- On the top, you have a link New local user or New remote user
- Fill the form and save
When you create a local user, you have to specify at least those values:
- username: This is the unique identifier of your user (login)
- password: The password of your user must have at least 6 characters
For remote users, only the username is mandatory.
When you go to the users menu, you have the list of users, to modify a user click on the edit link.
- If you are a regular user, you can change only your own profile
- You have to be an administrator to be able to edit any users
From the users menu, click on the link remove. This link is visible only if you are administrators.
If you remove a specific user, tasks assigned to this person will be unassigned after the operation.
Each user can enable the two-factor authentication. After a successful login, a one-time code (6 characters) is asked to the user to allow access to Kanboard.
This code has to be provided by a compatible software usually installed on your smartphone or a different device.
There are many software compatible with the standard TOTP system. For example, you can use these applications:
- Google Authenticator (Android, iOS, Blackberry)
- FreeOTP (Android, iOS)
- OATH Toolkit (Command line utility on Unix/Linux)
This system can work offline and you don’t necessarily need to have a mobile phone.
- Go to your user profile
- On the left, click on Two Factor Authentication and click on the button
- A secret key is generated for you
- You have to save the secret key in your TOTP software. If you use a smartphone, the easiest solution is to scan the QR code with FreeOTP or Google Authenticator.
- Each time you will open a new session, a new code will be asked
- Don’t forget to test your device before closing your session
A new secret key is generated each time you enable/disable this feature.
Since Kanboard v1.2.8, people with two-factor authentication enabled must use API keys.