Before disabling native user login, confirm that at least one other IdP user has the organization owner role. Assign a new organization owner if you haven't done that yet.
Assigning a new organization owner
- Log in at least once to the Hybrid Manager (HM) console as the IdP user that will become the organization owner. This ensures the HM console indexes the new user. Then, log out.
- Log in as the current native owner of HM (for example,
owner@mycompany.com). - From the top-right profile menu, select User management. Verify the user that will become the new owner is in the list.
- Edit the user and assign them the owner role.
Disabling native users
Retrieve the current secret content:
kubectl get secret hm-portal-bootstrap -n default -o jsonpath='{.data.static-passwords\.yaml}' | base64 -d > static-passwords.yaml
Edit the
static-passwords.yamlfile and setstaticPasswordsto an empty list:staticPasswords: []
Update the secret with the modified content:
kubectl patch secret hm-portal-bootstrap -n default \ --type merge \ -p "{\"data\":{\"static-passwords.yaml\":\"$(base64 < static-passwords.yaml | tr -d '\n')\"}}"
Kubernetes automatically replicates the secret to the
upm-dexnamespace, and Dex automatically restarts to apply the changes.
You've now disabled native user login, but the user account still appears in the User management view. Only users who authenticate through the configured IdP can access the HM console.