<@U038T7WTTU0> &gt; I just subscribed to Ory Cloud...
# ory-network
I just subscribed to Ory Cloud and I have some questions:
• 1) migration of existing users
◦ Can we use the API to create the users? I think we use the same algo for the password, would that work?
• 2) concept of organization, how does it work in your app?
1) See this document for a guide how to import/create identities, either with cleartext password or hashed. 2) You mean in an access control scenario? User X is part of Organisation Y? I recommend to check out Ory Keto for this, we are currently implementing it to be available in Ory Cloud, but you can already test it locally. See also this blogpost.
@User Which document for (1)?
@User Regarding the question 2, I mean in a
scenario: • Create team • Invite users • List (pending invites & resend invitations) • Remove users • Resource discovery • Profiles • Sub-teams RBAC isn't a part of those Teams features?
Would this be a user facing feature? Or teams administering your Ory Cloud project? You can invite "Project Collaborators" on the Project settings pages, is that what you mean? (sans the sub-teams)
👍 1
@User in our case it's user facing feature, for our saas. Not related to managing the Ory Team :) https://ory-community.slack.com/archives/C02MR4DEEGH/p1647969789309939?thread_ts=1647965723.382249&amp;cid=C02MR4DEEGH
How does it work for this feature "invite project collaborators" in Ory Cloud? Do you use Ory Kratos or Keto to do this or it's custom development?
It is using Ory Keto & Kratos in the backoffice as well yes 🙂 As for your more complex authz needs, see this comment: https://github.com/ory/keto/issues/598#issuecomment-845402527 So AFAIK teams / subteams and similar will be implemented to fulfill this described case. Maybe @User can chime in quickly, as he is solely working on Keto.
what we have in the Cloud right now is roles on projects modeled in Keto, i.e.
Copy code
we want to add permissions per operation, so e.g. reading project identities, as it's own thing to keto through subject set rewrites, but that is not yet implemented therefore we just check the role membership on the project right now later on we will define what permission each role has, and are able to allow granting/revoking specific permissions additionally to just assigning predefined roles
@User @User Thank you for your answers, looks interesting and sexy but not easy to get started when you don't have any experience. Is it possible to get an example of a real use case implementation like you did for Ory Cloud? Do you have anything open-source too?
Hey Axel, almost all of our work is open source, including the components that Ory Cloud is based on, check our github: https://github.com/ory
Okay my bad, I should have checked. Thank you
No problem 🙂
And except from that, no other examples?
Depends what you are looking for exactly. Since our components are very flexible you can implement a lot of different use cases. For example see what pixie labs wrote: https://blog.px.dev/open-source-auth/ something different from commit: https://blog.commit.dev/articles/open-source-sundays-building-a-user-management-solution-using-ory-oathkeeper-and-auth0
For an overview of all community projects and articles I recommend this: https://www.ory.sh/docs/ecosystem/community
This could be something related to your use case for example: https://github.com/pngouin/k8s-ory-example
Note that the managed Ory Cloud and self-hosting Ory is basically interchangeable, since both are using the same base OSS components.
👍 1
I just read the articles but I was more looking for Keto examples of team management https://ory-community.slack.com/archives/C02MR4DEEGH/p1648142215956149?thread_ts=1647965723.382249&amp;cid=C02MR4DEEGH
Here an example of a paid solution just to understand what I mean https://frontegg.com/team-management