codefresh-io · NimRegev · May 12, 2025 · May 12, 2025 · May 12, 2025
@@ -161,7 +161,7 @@
     - title: Create a Codefresh account
       localurl: /gitops/administration/account-user-management/create-codefresh-account/
     - title: Adding users and teams
-      localurl: /gitops/administration/account-user-management/add-users/
+      localurl: /gitops/administration/account-user-management/add-users-teams/      
     - title: Access control for GitOps
       localurl: /gitops/administration/account-user-management/gitops-abac/
     - title: User settings

@@ -111,10 +111,10 @@
         - title: Create a Codefresh account
           url: "/create-codefresh-account"
         - title: Adding users and teams
-          url: "/add-users"
+          url: "/add-users-teams"
         - title: Managing service accounts
           url: "/service-accounts"
-        - title: Configuring access control for GitOps
+        - title: Access control for GitOps
           url: "/gitops-abac"
         - title: Authorize access to organizations/projects
           url: "/hosted-authorize-orgs"

@@ -225,11 +225,11 @@
     - title: Create a Codefresh account
       localurl: /docs/administration/account-user-management/create-codefresh-account/
     - title: Adding users and teams
-      localurl: /docs/administration/account-user-management/add-users/
+      localurl: /docs/administration/account-user-management/add-users-teams/
     - title: Set up OAuth2 for GitOps
-      localurl: /docs/administration/account-user-management/oauth-setup/
+      localurl: /docs/administration/account-user-management/oauth-setup/    
     - title: Access control for pipelines
-      localurl: /docs/administration/account-user-management/access-control/
+      localurl: /docs/administration/account-user-management/access-control-pipelines/
     - title: Access control for GitOps
       localurl: /docs/administration/account-user-management/gitops-abac/
     - title: Audit

@@ -655,12 +655,14 @@
         - title: Create a Codefresh account
           url: "/create-codefresh-account"
         - title: Adding users and teams
-          url: "/add-users"
+          url: "/add-users-teams"
         - title: Managing service accounts
           url: "/service-accounts"
-        - title: Configuring access control for pipelines
-          url: "/access-control"
-        - title: Configuring access control for GitOps
+        - title: Access control for user accounts
+          url: "/access-control-user-accounts"          
+        - title: Access control for pipelines
+          url: "/access-control-pipelines"
+        - title: Access control for GitOps
           url: "/gitops-abac"
         - title: Setting up OAuth2 for GitOps
           url: "/oauth-setup"

@@ -10,8 +10,8 @@ Codefresh has comprehensive support for all aspects of administration for organi
 Review:
 
 {% if page.collection != site.gitops_collection %}
-* [Add users and teams]({{site.baseurl}}/docs/administration/account-user-management/add-users/) 
-* Configure access control for [pipelines]({{site.baseurl}}/docs/administration/account-user-management/access-control/) and for [GitOps]({{site.baseurl}}/docs/administration/account-user-management/gitops-abac/)
+* [Add users and teams]({{site.baseurl}}/docs/administration/account-user-management/add-users-teams/) 
+* Configure access control for [pipelines]({{site.baseurl}}/docs/administration/account-user-management/access-control-pipelines/) and for [GitOps]({{site.baseurl}}/docs/administration/account-user-management/gitops-abac/)
 * [Configure access control for GitOps]({{site.baseurl}}/docs/administration/account-user-management/gitops-abac/)
 * [Configure Single Sign-On (SSO)]({{site.baseurl}}/docs/administration/single-sign-on/)
 * Get [audit logs]({{site.baseurl}}/docs/administration/account-user-management/audit/) for runtimes (hosted or private)
@@ -21,7 +21,7 @@ For on-premises environments, see [On-premises account and user setup]({{site.ba
 {% endif %}
 
 {% if page.collection == site.gitops_collection %}
-* [Add users and teams]({{site.baseurl}}/docs/administration/account-user-management/add-users/) 
+* [Add users and teams]({{site.baseurl}}/docs/administration/account-user-management/add-users-teams/) 
 * [Configure access control for GitOps]({{site.baseurl}}/docs/administration/account-user-management/gitops-abac/)
 * [Configure Single Sign-On (SSO)]({{site.baseurl}}/docs/administration/single-sign-on/)  
 {% endif %}
@@ -1,5 +1,5 @@
 ---
-title: "Configuring access control for pipelines"
+title: "Access control for pipelines"
 description: "Restrict resources to pipelines in a company environment"
 group: administration
 sub_group: account-user-management
@@ -9,6 +9,7 @@ redirect_from:
   - /docs/enterprise-account-mng/ent-account-mng/
   - /docs/enterprise/ent-account-mng/
   - /docs/administration/ent-account-mng/  
+  - /docs/administration/account-user-management/access-control/
 toc: true
 ---
 
@@ -38,7 +39,7 @@ Let's review the different access mechanisms in more detail, including privilege
 
 ## Role-based access for users and administrators
 
-Role-based access is usually defined when you [add teams]({{site.baseurl}}/docs/administration/account-user-management/add-users/#teams-in-codefresh) to accounts. Role-based access means assigning either a user or an administrator role.
+Role-based access is usually defined when you [add teams]({{site.baseurl}}/docs/administration/account-user-management/add-users-teams/#teams-in-codefresh) to accounts. Role-based access means assigning either a user or an administrator role.
 
 >**NOTE**  
 Only a user with an administrator role can add other users, and assign or change user roles.
@@ -248,7 +249,7 @@ Also review our examples in [Creating rules for pipelines by project tags](#crea
 
 ##### Before you begin
 Make sure you have:
-* [Created at least one team]({{site.baseurl}}/docs/administration/account-user-management/add-users/#teams-in-codefresh)
+* [Created at least one team]({{site.baseurl}}/docs/administration/account-user-management/add-user-teams/#teams-in-codefresh)
 * Reviewed [CRUD privileges for entities/resources](#crud-privileges-for-entitiesresources)   
 * Added tags for all entities, except pipelines
 
@@ -385,7 +386,7 @@ We want:
 
 **Step 1: Set up the teams**  
 The first step is to create the teams, and add the users you want to each team.  
-See [Teams in Codefresh]({{site.baseurl}}/docs/administration/account-user-management/add-users/#teams-in-codefresh).
+See [Teams in Codefresh]({{site.baseurl}}/docs/administration/account-user-management/add-users-teams/#teams-in-codefresh).
 
 If you have already created the DevOps and Users teams, you'll need to create the Marvel team.
 
@@ -624,6 +625,7 @@ By default, if configured for the account, users can also load pipeline definiti
 
 
 ## Related articles
+[Access control for user accounts]({{site.baseurl}}/docs/administration/account-user-management/access-control-user-accounts)  
 [Codefresh Provider for Terraform](https://registry.terraform.io/providers/codefresh-io/codefresh/latest/docs){:target="\_blank"}   
 [Managing your Kubernetes cluster]({{site.baseurl}}/docs/deployments/kubernetes/manage-kubernetes/)  
 
@@ -0,0 +1,38 @@
+---
+title: "Access control for user accounts"
+description: "Define session timeouts and domain restrictions for all users"
+toc: true
+---
+
+## User account access control
+
+You can configure general access control settings that apply to all users in your Codefresh account. These include enforcing automatic logout after periods of inactivity, and restricting invitations to approved email domains. These controls help enforce organizational security policies across the platform.
+
+## Define access controls for user accounts
+
+Define sessions timeouts and email domain restrictions for all users in the account.
+
+> **NOTE**  
+> The maximum duration for inactivity is 30 days. Inactive users are warned 15 minutes before they are logged out.
+
+1. In the Codefresh UI, on the toolbar, click the **Settings** icon.
+1. From the sidebar, select **Access Control**.
+1. **User Session**: Define the maximum duration for inactivity in minutes/hours/days before enforcing a timeout.
+1. **User Invitation**:
+    * To restrict invitations to specific email domains, turn on **Restrict inviting additional users..** 
+    * In the **Email domains** field, type in the domains to allow, one per line.
+
+ {% include image.html
+  lightbox="true"
+  file="/images/administration/access-control/security-timeout.png"
+  url="/images/administration/access-control/security-timeout.png"
+  alt="Security timeout"
+  caption="Security timeout"
+  max-width="90%"
+    %}
+
+## Related articles
+[Access control for GitOps]({{site.baseurl}}/docs/administration/account-user-management/gitops-abac/)  
+{% if page.collection != site.gitops_collection %}
+[Access control for pipelines]({{site.baseurl}}/docs/administration/account-user-management/access-control-pipelines/)  
+{% endif %}
@@ -8,120 +8,96 @@ redirect_from:
   - /docs/accounts/
   - /docs/accounts/invite-your-team-member/
   - /docs/administration/invite-your-team-member/
+  - /docs/administration/account-user-management/add-users/
 toc: true
 ---
 
 Once you have created a Codefresh account, you can add any number of users to collaborate on repositories, entities, and processes.  
+
 {% if page.collection != site.gitops_collection %}
 For Codefresh on-premises, see [On-premises account & user setup]({{site.baseurl}}/docs/installation/on-premises/on-prem-configuration/).
 {% endif %}
 
-You can then create teams in Codefresh to group users who share a common denominator, such as the same permissions, access to the same functionality, or roles. Teams make it easy for administrators to both define and manage items shared by multiple users in an organization.
+You can then create teams to group users who share a common denominator, such as the same permissions, access to the same functionality, or roles. Teams make it easy for administrators to both define and manage items shared by multiple users in an organization.
 
 ## Users in Codefresh
 
 Adding a user to an account requires assigning a role to define access to account resources, and optionally, selecting an SSO provider for the user:
 
+* **Email address**: The user's company email address.
 * **Role**: Defines the user's access level to the resources in the account.  
   * **User**: The default. With this role, users can work with repositories and entities, but cannot change configuration settings.
   * **Administrator**: With this role, users have full access to accounts, and can change all settings, so make sure that they are trusted colleagues.
   {% if page.collection != site.gitops_collection %}
-  For guidelines on access control, see [Access control for pipelines]({{site.baseurl}}/docs/administration/account-user-management/access-control/) and [Configuring access control for GitOps]({{site.baseurl}}/docs/administration/account-user-management/gitops-abac/). 
+  For guidelines on access control, see [Access control for pipelines]({{site.baseurl}}/docs/administration/account-user-management/access-control-pipelines/) and [Access control for GitOps]({{site.baseurl}}/docs/administration/account-user-management/gitops-abac/). 
   {% endif %}
   {% if page.collection == site.gitops_collection %}
-  For guidelines on access control, see [Configuring access control for GitOps]({{site.baseurl}}/docs/administration/account-user-management/gitops-abac/).
+  For guidelines on access control, see [Access control for GitOps]({{site.baseurl}}/docs/administration/account-user-management/gitops-abac/).
   {% endif %}
 * **SSO**: By default, SSO is not enabled for users. If required, explicitly select the SSO provider. For an overview of SSO, see [About Federated Single Sign-on]({{site.baseurl}}/docs/administration/single-sign-on/).
 
 ### Add a user to a Codefresh account
 
-1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **Account Settings**.
-1. From the sidebar select **Users & Teams**.
-1. Select **Users**, and then select **+ [Add User]**.  
-1. Type the **User's email address**, and click **Invite**.
+1. In the Codefresh UI, on the toolbar, click the **Settings** icon.
+1. From the sidebar select **Users**, and then click **Add User**.  
+1. Add the user's **Email address**.
    <!---add screenshot-->
-   The user receives an email invitation, and in the Users list, the username is set to Pending, and status to Resend.
-1. From the **Role** dropdown, select either **User** or **Administrator**.
-1. If SSO is configured for the account, **Select SSO provider**.  
+1. From **Assign a role**, select either **Administrator** or **User**.
+1. If SSO is configured for the account, **Select the SSO provider** from the list.  
 
 ### Manage users in a Codefresh account
 
-Once you add a user to your Codefresh account, you can do the following to manage that user:
-
-* Resend invitations that are pending acceptance: Select **Resend**.  
-* Edit the user's email address: Select **Edit**.  
-* Change the role: From the **Role** dropdown, select the new role.
-* Change SSO provider: From the **SSO** dropdown, select the new SSO provider.
-* Remove the user account: Select **Delete**.
+Once you add a user to your Codefresh account, you have the following options in the context menu of the user in the Users page. 
+* **Edit**: Edit user's email address, change the role, or select a new SSO provider.
+* **Delete**: Remove the user account.
 
 ## Teams in Codefresh
 
-Teams are users who share the same permissions, roles, or requirements defined according to company processes. Teams allow you to enforce access control through ABAC (Attribute Based Access Control).
-
-By default, there are two teams:
+Teams are users who share the same permissions, roles, or requirements, defined according to company processes.
+You first create a team and then invite users to it. You can then view the service accounts the user is assigned to, if any. 
 
+{% if page.collection != site.gitops_collection %}
 * Users
 * Admins with users [invited as collaborators](#assign-a-user-to-a-team)  
-<!--- is this correct? -->
+
 > **NOTE**  
 > Only Enterprise customers can add new teams. Other Codefresh plans can only use the predefined *Users* and *Admin* teams. [Contact us](https://codefresh.io/contact-us/){:target="\_blank"} to upgrade to an Enterprise plan.
 
-{% if page.collection != site.gitops_collection %}
+
 ### Automatically creating projects for teams
 
 As part of the global pipeline settings for an account, when creating a team, you can also automatically create a project and a project tag with the same name as that of the team. Enabling **auto-create projects for teams** (disabled by default), simplifies permissions setup for pipelines and projects, as it also creates a Read rule for the project. See [Auto-create projects for teams]({{site.baseurl}}/docs/pipelines/configuration/pipeline-settings/#auto-create-projects-for-teams).
-{% endif %}
 
-### Create a team in Codefresh
+{% endif %}
 
-Create a team in Codefresh and then assign users to the team. You can assign the same user to multiple teams, as in most companies, users have overlapping roles.  
+### Create teams in Codefresh
 
-1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **User Management**.
-1. From the sidebar, select **Users & Teams**.
-1. Select **Teams**, and then select **Create a Team**.  
-1. Enter the **Team Name**.
+Create multiple teams in Codefresh.
+1. In the Codefresh UI, on the toolbar, click the **Settings** icon.
+1. From the sidebar, select **Teams**, and then click **Add Team**.  
+1. Enter the **Team Name** and click **Create**.
    > **NOTE**  
    > The team name can include only lower-case alphanumeric characters and hyphens, without spaces.
 
-  See the screenshot below for some sample team names.
 
-{% include image.html
-  lightbox="true"
-  file="/images/administration/access-control/teams.png"
-  url="/images/administration/access-control/teams.png"
-  alt="Examples of teams in Codefresh"
-  caption="Examples of teams in Codefresh"
-  max-width="80%"
-    %}
 
-### Assign a user to a team
 
-1. To assign users to the team, do the following:
-    1. Hover over the team name and click the **Settings** icon.
-    1. Click **Invite to team**, type the email address of the user to invite, and then click **Add**.
-1. To change the name of the team, click **Edit** and type the new name.
+### Assign users to teams
+Add one or more users to a team. You can assign the same user to multiple teams, as in most companies, users have overlapping roles.  
 
-## Define session timeouts and domain restrictions for user accounts
+1. In the Codefresh UI, on the toolbar, click the **Settings** icon.
+1. From the sidebar, select **Teams**, and then click the team to which to add users.
+1. Click **Add to team**, and select the user from the list.
+1. Click **Add**.
+
+### Manage teams and users
+
+You can change the name of the team, delete the team, or remove users from a team .
+
+* **Remove user from team**: Click the team name and from the user's context menu, select ** user's email address, change the role, or select a new SSO provider.
+* **Delete**: Remove the user account.
 
-As an administrator, you can optionally define session timeouts to automatically log out users who have been inactive for the specified duration, and restrict invitations to specific email domains.  
 
-> **NOTE**  
-> The maximum duration for inactivity is 30 days. Inactive users are warned 15 minutes before they are logged out.
-
-1. In the Codefresh UI, on the toolbar, click the **Settings** icon, and then select **Account Settings**.
-1. From the sidebar, select **Users & Teams**.
-1. Select **Security**.  
-1. For **User Session**, add the timeout duration in minutes/hours/days.
-1. To restrict invitations to specific email domains, below User Invitations, turn on **Restrict inviting additional users..** and then in the **Email domains**, type in the domains to allow, one per line.
-
- {% include image.html
-  lightbox="true"
-  file="/images/administration/access-control/security-timeout.png"
-  url="/images/administration/access-control/security-timeout.png"
-  alt="Security timeout"
-  caption="Security timeout"
-  max-width="90%"
-    %}
 
 ## Troubleshoot user invites
 
@@ -135,8 +111,8 @@ As an administrator, you can optionally define session timeouts to automatically
 
 ## Related articles
 [Single sign-on]({{site.baseurl}}/docs/administration/single-sign-on/)  
-[Configuring access control for GitOps]({{site.baseurl}}/docs/administration/account-user-management/gitops-abac/)  
+[Access control for GitOps]({{site.baseurl}}/docs/administration/account-user-management/gitops-abac/)  
 {% if page.collection != site.gitops_collection %}
 [Setting up OAuth authentication for Git providers]({{site.baseurl}}/docs/administration/account-user-management/oauth-setup)  
-[Configuring access control for pipelines]({{site.baseurl}}/docs/administration/account-user-management/access-control/) 
+[Access control for pipelines]({{site.baseurl}}/docs/administration/account-user-management/access-control-pipelines/) 
 {% endif %}
@@ -115,5 +115,5 @@ Export all audited events, both Audits and Triggers, to a  `CSV` file, for offli
 
 ## Related articles
 [Codefresh installation options]({{site.baseurl}}/docs/installation/installation-options/)  
-[Configuring access Control]({{site.baseurl}}/docs/administration/account-user-management/access-control/)  
+[Access control for pipelines]({{site.baseurl}}/docs/administration/account-user-management/access-contro-pipelines/)  
 [Codefresh API integration]({{site.baseurl}}/docs/integrations/codefresh-api/)