Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Delegate on-boarding/off-boarding tasks (user creation and removal)

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 407 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      ferchu
      last edited by

      Hello!

      I'm using PFsense, and would like to delegate the creation/removal of non-privileged users to a different team. However, to the extent that is possible, I'd like to remove any other privileges to this team.

      They should simply be able to:

      • create new users (limited privileges + cert)

      • Remove users (ideally, just non-privileged users)

      • Update the password of non-privileged users (i.e., "password reset")

      • Export the corresponding OpenVPN profile

      In other words, I'd like to be able to delegate some usual IT functions to a specific group, without giving them the privileges to mess around with the whole pfsense installation.

      Thoughts?

      Thanks!

      Regards,
      Fernando

      Dobby_D 1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        You probably want to use an external authentication server for that.

        https://docs.netgate.com/pfsense/en/latest/usermanager/authentication-servers.html

        Steve

        1 Reply Last reply Reply Quote 0
        • Dobby_D Offline
          Dobby_ @ferchu
          last edited by

          @ferchu

          Thoughts?

          • MS AD Server or VM with LDAP & Radius role

          • LDAP Server & Radius Server based on Linux or BSD

          • MikroTik RouterOS with user manager (RB1100AHx4 (ARM))

          • pfSense with captive portal and the only have allowed to enter the CP menue for managing.

          #~. @Dobby

          Turris Omnia - 4 Ports - 2 GB RAM / TurrisOS 7 Release (Btrfs)
          PC Engines APU4D4 - 4 Ports - 4 GB RAM / pfSense CE 2.7.2 Release (ZFS)
          PC Engines APU6B4 - 4 Ports - 4 GB RAM / pfSense+ (Plus) 24.03_1 Release (ZFS)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.