In order to allow organizations to keep control over who can do what within the tool, Portainer incorporates a range of access control and identity management features. Initially, Portainer users can be created manually by an admin, or auto-created when Portainer is configured against an external authentication repo.
Portainer can be configured to authenticate users against an external source, such as LDAP or oAUTH. And for Portainer Business users, the external authentication can also be configured for MS AD, Azure AD, Github Authentication, Google Authentication.
When creating resources (applications, volumes, etc), the user is set as the owner and they are prompted to define the access control (private, team, public). Users can be grouped into teams, and all users in the same team can collaborate through a shared view of deployed resources.
External authentication can be configured to filter logins so only users that meet certain attributes are allowed to login. The external authentication can be configured to retrieve group membership information and then use this information to auto populate Portainer Teams based on a corresponding group membership.