Let Oomnitza be your single source of truth!
You'll get visibility of your users as data from Fleet is automatically transformed into consumable information and actionable insights.
Connect Oomnitza and Fleet in minutes
Get the information and insights that you need by creating configurable workflows for:
- Onboarding and offboarding users
- Getting a SaaS user role
- Creating and adjusting users as part of a user change or user onboarding workflow
Navigation
Creating a SaaS user role workflow
Before you start
Before you can create workflows with Oomnitza, you need to have added your Fleet credentials to Oomnitza and set your domain as a global variable. We recommend that you also create an extended integration for Fleet users. You can use the information retrieved in this integration to trigger workflows.
Related Links
Adding your Fleet domain as a global variable
Adding your Fleet credentials to Oomnitza
Creating an extended integration for Fleet users
Create user workflows
To create a user workflow, you must complete these steps:
- Click Configuration > Workflows
- Click Add (+) and select People from the list.
- Drag and drop the API block onto the Sandbox.
- Click Edit on the API block and enter FleetDM in the search field.
- Select a preset:
- To choose a preset, click the forward arrow (>).
- Select the credentials that you created earlier.
- Enter any mandatory information when prompted.
- Select Advanced Mode.
-
Select the Response tab. You can map the entire response by placing
{{response}}in the Response field and mapping it to a custom long text Oomnitza field, such as API Response. Once you have the entire response, you can then parse the JSON response values to custom Oomnitza fields, as per the example below. - Connect the Blocks.
- Save, validate, and activate your workflow.
Using the Reset User Password preset
The Reset User preset reset a user's password.
The selected user is logged out of Fleet and will be prompted to reset their password during their next login attempt. Additionally, as a security measure, all active Fleet API tokens associated with this user will be revoked.
The user to be reset is referenced in the Advanced Mode > Information tab in the property{{fleetdm_user_id}}.
Fleet API Documentation: Require password reset.
Using the Delete User preset
The Delete User preset deletes a specified user from Fleet.
The user to be deleted is referenced in the Advanced Mode > Information tab in the property{{fleetdm_user_id}}.
Fleet API Documentation: Delete user.
Using the Modify User Information preset
The Modify User Information preset modifies a specified user.
The user to be modified is referenced in the Advanced Mode > Information tab in the property{{fleetdm_user_id}}.
| Name | Description |
|---|---|
| name | The user's name. |
| position | The user's position. |
|
The user's email. Important |
|
| sso_enabled | Determines whether SSO is enabled for the user. |
| api_only | If enabled, the user is an "API-only" user and cannot use the web UI. |
| password |
To change their own email or password, the user is required to provide their current password. However, an administrator can modify another user's information without requiring the user's current password. |
| new_password | The user's new password. |
| global_role |
The role assigned to the user. In Fleet 4.0.0, 3 user roles were introduced (admin, maintainer, and observer). In Fleet 4.30.0 and 4.31.0, the observer_plus and gitops roles were introduced respectively.
|
Fleet API Documentation: Modify user
Using the Get User Information preset
The Get User Information preset returns all information about a specific user.
The user to be retrieved is referenced in the Advanced Mode > Information tab in the property{{fleetdm_user_id}}.
Fleet API Documentation: Get user information
Using the Create User without an Invitation preset
The Create User without an Invitation preset creates a user account without requiring an invitation. The user is enabled immediately. By default, the user is forced to reset their password upon the first login.
| Name | Description |
|---|---|
| name | Required. The user's full name or nickname. |
| Required. The user's email address. | |
| password | The user's password (required for non-SSO users). |
| admin_forced_password_reset | Determines whether the user will be forced to reset their password upon their first login |
| sso_enabled | Determines whether SSO is enabled for the user. |
| api_only | If enabled, the user is an "API-only" user and cannot use the web UI. |
| global_role |
The role assigned to the user. In Fleet 4.0.0, 3 user roles were introduced (admin, maintainer, and observer). In Fleet 4.30.0 and 4.31.0, the observer_plus and gitops roles were introduced respectively.
|
Fleet API Documentation: Create a user account without an invitation
Using the Create User with an Invitation preset
The Create User with an Invitation preset creates a user account after an invited user submits a registration form.
| Name | Description |
|---|---|
| name | Required. The name of the user. |
| Required. The email address of the user. | |
| password | The user's password (required for non-SSO users). |
| invite_token | Required. Token provided to the user in the invitation email. |
| global_role |
The role assigned to the user. In Fleet 4.0.0, 3 user roles were introduced (admin, maintainer, and observer). In Fleet 4.30.0 and 4.31.0, the observer_plus and gitops roles were introduced respectively.
|
Fleet API Documentation: Create a user account with an invitation
Reference articles for workflows
Creating a SaaS User Role workflow
This workflow block enables you to read a user’s global role from Fleet. The workflow uses the Fleet Get user information API to return a list of global roles. These global roles include the following:
- admin
- maintainer
- observer
Prerequisites
Before you create a SaaS user workflow, you should have already run your extended user integration and selected User plus SaaS User to populate the Fleet software entry in the Software > SaaS menu.
To create a Saas User workflow using the Fleet User Role preset, complete the following steps:
- Click Configuration > Workflows
- Click Add (+) and select Software SaaS Users from the list.
- Edit the Begin block by adding the rules that will trigger the workflow. For further information see SaaS User Roles.
- Click the Blocks tab, and drag and drop the SaaS User Role retrieval block onto the canvas.
- Click the Edit icon.
- Enter Fleet in the search field and choose the Fleet User Role preset.
- Click the right arrow >.
- Enter your Credentials.
- Select the Deactivate User checkbox to deactivate the SaaS user in SaaS > Fleet > Users if they are not found in your Fleet instance.
- Click SAVE.
- Connect the blocks.
- Validate, launch, and save your workflow.
To view active Fleet users in the SaaS Users UI, complete the following steps:
- Click Software from the menu.
- Select the Saas tab, and select your software entry for Fleet.
- Click Users in the side pane.
- The Role column will be populated with the global role information to confirm that this user has been found in your Fleet SaaS
Comments
0 comments
Please sign in to leave a comment.