Loft provides different authentication mechanisms including password-based authentication and several single sign-on (SSO) options.


Add Users


Create User

Loft UI - Create User

Send Invite Link To User (optional)

If you did not specify a password for the user in step 1, Loft will automatically generate an invite link with a one-time access token for this user. If you send these invite links to your users, they will be logged in and asked to change their password.

Reset Passwords

Loft UI - Reset Password

Delete Users

Loft UI - Delete User

Delete a user using kubectl:

# IMPORTANT: Make sure to switch to the context of the Loft management cluster!
kubectl delete user [USER_NAME]
Data Loss

Deleting a user will also delete all cluster accounts that are owned solely by this user. Deleting these accounts in turn will also delete other related objects such as account quotas and spaces.

Cluster Roles

Loft provides an ClusterRole named loft-management-admin that can be assigned to users. This role will allow users to manage all Loft-related ressources within the Loft cluster, i.e. user, cluster, team etc.

Loft UI - Loft ClusterRoles