Manage Users
Manage users and user permissions in CKS Organizations
For more information on user permissions, see User Permissions
Create first administrator account
When an organization creates an account, the first user to access CKS is invited to create their account to access the CoreWeave Cloud Console. This user is the default administrator for the Organization.
The first user from an organization to create a CoreWeave account will always be an Administrator. No group or cluster on CKS can be created without a user with admin privileges. Users with admin permissions can assign the role of admin to others through the UI. For more information on signing up for a CoreWeave account, please see the User Management documentation.
Invite new users
Once the administrator has set up an account, they can access all the features of the Cloud Console. For users with admin privileges, this includes the ability to invite other users to their organization's namespace. The option to invite users is located in the top right-hand corner of the Cloud Console Users page.
When an admin user clicks the Add User button, a modal pops up, inviting them to enter information for the user to invite, and to decide which permission groups the user is in. After entering the new user's email, the Administrator may then select any desired permission groups from the dropdown menu:
Users will have a dedicated Account page on the Cloud Console. This is accessible via the user icon in the top left corner of the Console window.
When users navigate to this page, they will be able to see most of their account information, and to modify some elements of their content.
Set up a new user account
To set up your user account, click the link sent to you by your administrator. As a user, you may log in either using an email and password combination, a linked social media account, or by using SAML-based Single Sign-On (SSO) if your administrator has configured it for the organization.
Sign in with email and password
Users can create and authenticate accounts using a combination of the email address their administrator used to invite them and a secure password.
Sign in with social sign-in
If you decide to use email or a pre-existing social media credential, you'll be prompted to link your account to your organization later.
GitHub or Gmail can be used as social sign-on only if the email address for those accounts matches the one used for your CoreWeave invitation.
The Cloud Console login is integrated with Google Workspace and GitHub, so you can also access the Cloud Console using either account.
CoreWeave Kubernetes Service provides support for SAML so users can perform SSO logins. Users with administrator privileges can enable, configure, and manage SAML settings within their organizations via the Cloud Console.
Change user account settings
Update account password
Users update their password preferences from the "Passwords" section of the settings page. An email is sent confirming the change after entering the information and clicking Save. Entering an incorrect current password will result in no change.
Update Cloud Console theme
Users can also choose to change the theme of the Cloud Console from light to dark mode. This option appears in a dropdown window:
Two Factor Authentication (2FA)
At the bottom of the User Settings page the user is given an option to enable Two-Factor Authentication for their CoreWeave account.
Clicking this slider brings up a modal which asks the user to re-authenticate by entering their password. Once they enter their password, they are directed to a modal which asks them to scan a QR code in the 2FA app of their choice on another device.
If a user successfully enters the code and sets up 2FA with their device, they will be prompted to re-authenticate with their OTP every time they log in to the CoreWeave Cloud Console.
Disabling 2FA is simpler in reverse. A user turns the slider to the "off" position, which disables 2FA and is confirmed with a popup.
Deactivating user accounts
Users with admin permissions may deactivate user accounts, including other accounts with admin privileges. Deactivated accounts cannot access the Cloud Console, nor will the account have authorization to perform any actions outside of the Console.
Please note that deactivated accounts are NOT deleted from the organization. Administrators may re-activate a deactivated user account at any time.