Update user management doc

Signed-off-by: Mariusz Sabath <mrsabath@gmail.com>
spiffe · Jun 7, 2023 · d6fb152 · d6fb152
1 parent c0f41c7
commit d6fb152
Showing 1 changed file with 27 additions and 13 deletions.
diff --git a/docs/user-management.md b/docs/user-management.md
@@ -1,8 +1,8 @@
 # User Management
 
-This document compiles all the information on the user management integration we have experimented with. 
+This document compiles all the information on the integration of user management with Tornjak. 
 
-Currently, this feature is available only for a single instance of a Tornjak agent with a frontend. 
+Currently, user management is available only for a single instance of a Tornjak agent with a Frontend. 
 
 ## Overview
 
@@ -22,21 +22,31 @@ The architecture integrates with a separate Auth server. This Auth server is use
 
 ## General Deployment
 
-In order to deploy, there are several steps:
+User management requires the following:
 
-1. There must be an existing, preconfigured auth server for Tornjak components to integrate with. 
-2. The backend is deployed with a configuration pointing to said auth server. 
-3. The frontend must be deployed configured to obtain access tokens from said auth server before sending calls to the backend. 
+*  There must be an existing, pre-configured Auth Server to integrate with Tornjak (e.g. Keycloak)
+*  The Tornjak Backend is deployed with a configuration pointing to said Auth Server. 
+*  The Tornjak Frontend must be deployed configured to obtain access tokens from said Auth Server before sending calls to the Tornjak Backend. 
 
 ## Examples and Tutorials
 
-We have experimented extensively with the open source Keycloak Auth server. Specifically, it is very easy to set up a Tornjak secured by Keycloak today. 
+We have experimented extensively with the open source Keycloak Auth Server. 
+Specifically, it is very easy to set up a Tornjak secured by Keycloak today, by following these steps: 
 
-To configure the Auth server, please see our [Medium blog](https://medium.com/universal-workload-identity/step-by-step-guide-to-setup-keycloak-configuration-for-tornjak-dbe5c3049034) for a walkthrough on configuring the auth server. For more in-depth documentation on this setup, please see [this document on Keycloak configuration](./keycloak-configuration.md).
+1. Configure Auth Server
+To configure the Auth Server, please see our [Medium blog](https://medium.com/universal-workload-identity/step-by-step-guide-to-setup-keycloak-configuration-for-tornjak-dbe5c3049034) for a walkthrough on configuring the Auth Server. For more in-depth documentation on this setup, please see [this document on Keycloak configuration](./keycloak-configuration.md).
 
-Once the Auth server is set up, we can deploy the backend to require access tokens from our auth server, as detailed in [this followup Medium blog](https://medium.com/universal-workload-identity/guide-to-integrating-tornjak-with-keycloak-for-access-control-to-spire-40a3d5ee5f5a), with more details on the general configuration [here](https://github.com/spiffe/tornjak/blob/main/docs/config-tornjak-agent.md). 
+1. Enable User Management for Tornjak Backend
+Once the Auth Server is set up, we can deploy the Tornjak Backend to require access tokens from our Auth Server, 
+as detailed in 
+[this followup Medium blog](https://medium.com/universal-workload-identity/guide-to-integrating-tornjak-with-keycloak-for-access-control-to-spire-40a3d5ee5f5a), 
+with more details on the general configuration 
+[here](https://github.com/spiffe/tornjak/blob/main/docs/config-tornjak-agent.md). 
 
-Finally, the frontend must be deployed and configured to obtain access tokens from this auth server. This can be done locally with the environment variable `REACT_APP_AUTH_SERVER_URI`:
+1. Configure Tornjak Frontend
+Finally, the Frontend must be deployed and configured to obtain access tokens from this auth server. 
+This can be done locally with the environment variable 
+`REACT_APP_AUTH_SERVER_URI`:
 
 ```
 cd tornjak-frontend
@@ -47,10 +57,14 @@ REACT_APP_AUTH_SERVER_URI=http://localhost:8080/ npm start
 Alternatively, we can do the same on the containerized version:
 
 ```
-docker run -p 3000:3000 -d -e REACT_APP_API_SERVER_URI='http://localhost:10000' -e REACT_APP_AUTH_SERVER_URI='http://localhost:8080' tsidentity/tornjak-frontend:latest
+docker run -p 3000:3000 -d -e REACT_APP_API_SERVER_URI='http://localhost:10000' -e REACT_APP_AUTH_SERVER_URI='http://localhost:8080' tsidentity/tornjak-fe:latest
 ```
 
-This will start a server on `http://localhost:3000`
+This will start a Tornjak server on `http://localhost:3000`
 Please be patient, as it might take a few minutes to compile and start the server.
 
-Given the Auth server configuration above, we have an admin and a viewer user type. An Admin User will have an Admin portal with admin privilages and a viewer user will have restricted access for the Tornjak UI only for viewing.  
+For a cloud deployment change the URLs accordingly using the cloud provider ingress.
+
+Given the Auth Server configuration above, we have `an admin` and `a viewer` user type. 
+An Admin User has an admin level privileges allowing create, configure, and delete operations. 
+The Viewer User has a restricted access for the Tornjak UI, allowing only read and list operations.