Configuring user authentication can be accessed in the navigation pane, then Administration -> Configuration -> Authentication tab.
Once you created your account as a system admin, you can choose between four methods of user authentication that will also specify how you add and manage users in your instance.
The difference between the four methods is how identity management, user authentication, and authorization are performed: locally, using an external server, or an external provider.
Considering these differences, you can configure one of the following authentication modes:
When you sign up for the first time as a system admin, the database mode is activated by default. Before you start adding new users in this mode, you can switch to a different one.
As you may know, generally, you can always migrate your user accounts from an LDAP/Active directory server to a OpenID provider. The steps depend on the latter. Most OIDC providers, such as Google, Azure, etc, provide tools for migrating user accounts with functionalities for matching user records. Once you’ve done the migration, you can switch the user authentication mode in the Container Registry administration console.
Switching the authentication mode between the internal database (database mode) and LDAP/OIDC is only possible without users in the system.
Before you can switch to a different authentication method, the system admin (admin
) needs to delete all users manually in the UI or via API.
It is also not possible to export or migrate user accounts from the Container Registry GUI.