Managing users, groups, and permissions
Manage user accounts including creation, modification, deletion, and lifecycle operations. IPA users are POSIX-compliant and support Kerberos authentication, certificate mapping, passkey authentication, SSH public keys, and organizational attributes. Features include account enable/disable, password reset, principal aliases, manager relationships, and account lockout management across replicated servers.
Manage user groups including POSIX and non-POSIX groups with support for nested membership. Groups can contain users, other groups, and Kerberos services. Features include external group membership for Active Directory trust integration, group membership managers for delegated administration, automatic GID assignment, and flexible membership management for organizing users and services.
Manage users in the staging area prior to activation. Staged users allow for provisioning workflows where user accounts are prepared and reviewed before being activated into production. Supports moving users between staged, active, preserved, and deleted states with full attribute management and bulk operations for user lifecycle management.