Usernaut, a Kubernetes Operator based Application that manages user accounts and teams across multiple SaaS platforms, providing a unified, declarative approach to user lifecycle management.
Managing user access across multiple SaaS platforms is challenging:
- Manual Provisioning is Slow: Onboarding users to Fivetran, GitLab, Snowflake, and other platforms requires repetitive manual work
- Offboarding is Error-Prone: When employees leave, their access often lingers across systems, creating security risks
- Inconsistent Access Control: Without a single source of truth, team memberships drift out of sync across platforms
- Compliance Burden: Auditing who has access to what requires checking multiple systems
Usernaut solves these problems by using Kubernetes Custom Resources to declaratively define user groups and automatically synchronizing them to all your SaaS backends.
- Declarative User Management: Define groups as Kubernetes CRs; Usernaut handles the rest
- Multi-Backend Sync: Simultaneously manage users across Fivetran, GitLab, Snowflake, and Rover
- LDAP Integration: Automatically fetches user details from your corporate directory
- Nested Groups: Groups can include other groups for flexible team structures
- Automatic Offboarding: Daily job removes users no longer in LDAP from all backends
- REST API: Query user group memberships programmatically
| Backend | Type | Description |
|---|---|---|
| Fivetran | fivetran |
Data pipeline platform |
| GitLab | gitlab |
Git repository hosting (with LDAP sync support) |
| Snowflake | snowflake |
Cloud data warehouse |
| Red Hat Rover | rover |
Red Hat internal user directory |
┌─────────────────────────────────────────────────────────────────────┐
│ Kubernetes Cluster │
│ │
│ ┌──────────────┐ ┌─────────────────┐ ┌───────────────┐ │
│ │ Group CRD │─────▶│ Usernaut │─────▶│ Backends │ │
│ │ │ │ Controller │ │ │ │
│ │ - group_name │ │ │ │ • Fivetran │ │
│ │ - members │ │ • Sync users │ │ • GitLab │ │
│ │ - backends │ │ • Manage teams │ │ • Snowflake │ │
│ └──────────────┘ │ • Auto-offboard │ │ • Rover │ │
│ └────────┬────────┘ └───────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────┐ ┌───────────────┐ │
│ │ Cache Layer │ │ LDAP Server │ │
│ │ (Redis) │ │ (User Data) │ │
│ └─────────────────┘ └───────────────┘ │
└─────────────────────────────────────────────────────────────────────┘
| Document | Description |
|---|---|
| DEVELOPMENT.md | Architecture deep-dive, core components, and developer setup |
| CONTRIBUTING.md | How to contribute to Usernaut |
| Deployment.md | Detailed deployment instructions |
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.