This documentation is for an older version (1.4.7) of Dagster. You can view the version of this page from our latest release below.
This guide is applicable to Dagster Cloud.
In this guide, we'll cover how to add and remove users in your Dagster Cloud organization.
Note: If utilizing SCIM provisioning, you'll need to manage users through your Identity Provider (IdP) instead of Dagster Cloud.
Organization Admin or Admin permissions are required to add users in Dagster Cloud.
Before you start, note that:
If SCIM provisioning is enabled, you'll need to add new users in your IdP. Adding users will be disabled in Dagster Cloud.
If using Google for SSO, users must be added in Dagster Cloud before they can log in.
If using an Identity Provider (IdP) like Okta for SSO, users must be assigned to the Dagster app in the IdP to be able to log in to Dagster Cloud. Refer to the SSO setup guides for setup instructions for each of our supported IdP solutions.
By default, users will be granted Viewer permissions on each deployment. The default role can be adjusted by modifying the sso_default_role
deployment setting.
After the user is created, you can add the user to teams and assign user roles for each deployment.
Organization Admin permissions are required to manage users in Dagster Cloud.
After a user is created, the Manage user permissions window will automatically display. You can also access this window by clicking Edit next to a user in the users table.
Teams are a Dagster Cloud Enterprise feature.
Using the Teams field, you can add users to one or more teams. This is useful for centralizing permission sets for different types of users. Refer to the Managing teams guide for more info about creating and managing teams.
Note: When determining a user's level of access, Dagster Cloud will use the most permissive role assigned to the user between all of their team memberships and any individual role grants. Refer to the Managing user roles and permissions guide for more info.
In the Roles section, you can assign the select the appropriate user role for each deployment.
Organization Admin permissions are required to remove users in Dagster Cloud.
Removing a user removes them from the organization. Note: If using a SAML-based SSO solution like Okta, you'll also need to remove the user from the IdP. Removing the user in Dagster Cloud doesn't remove them from the IdP.