Built-in User Management

Simple user management solution for small to medium-sized businesses

Overview

FlagFlow includes a built-in user management system designed for organizations that need straightforward authentication without the complexity of external identity providers. This system is ideal for small to medium-sized teams that want to get started quickly with secure feature flag management.

Perfect for: Teams of 5-50 users, development environments, proof-of-concepts, and organizations without existing identity infrastructure.

Key Features

Session-Based Authentication

  • Secure session management
  • Configurable session timeouts
  • Automatic session cleanup
  • Remember me functionality

User Management

  • Create, modify, and delete users
  • Role-based permission assignment
  • Password management
  • User activity tracking

Administrative Interface

  • Web-based user management
  • Bulk operations
  • User permission overview
  • Session monitoring

Security Features

  • Password hashing and salting
  • Session token security
  • Brute force protection
  • Audit logging

Configuration

Enable and configure the built-in user management system:

Environment Configuration 
# Enable built-in user management
SESSION_USERS_ENABLED=true

# Default user created at startup
SESSION_DEFAULT_USERNAME=admin
SESSION_DEFAULT_PASSWORD=your-secure-password

# Session timeout (in seconds)
SESSION_TIMEOUT_SEC=1800  # 30 minutes

# Optional: Environment identifier
ENVIRONMENT=production

Security Recommendations

  • Always change the default password immediately after first login
  • Use strong, unique passwords for all user accounts
  • Configure appropriate session timeouts based on your security requirements
  • Regularly review and audit user permissions

Default User Setup

When FlagFlow starts with built-in user management enabled, it automatically creates a default administrator user if no users exist in the system.

Initial Setup Process

  1. Set the SESSION_DEFAULT_USERNAME and SESSION_DEFAULT_PASSWORD environment variables
  2. Start FlagFlow with SESSION_USERS_ENABLED=true
  3. The default user is created automatically with full administrator permissions
  4. Log in using the configured credentials
  5. Immediately change the password after first login

First Login: Navigate to your FlagFlow instance and use the login form with your configured default credentials. You'll be prompted to change the password on first login for security.

User Operations

Creating Users

Users with the users permission can create new user accounts through the web interface:

  1. Navigate to the Users section in the admin interface
  2. Click Add User
  3. Provide username and initial password
  4. Assign appropriate permissions
  5. Save the new user

Managing Permissions

Each user can be assigned specific permissions based on their role:

PermissionDescriptionTypical Role
flag-valueModify flag valuesDeveloper, DevOps
flag-schemaModify flag schemasSenior Developer, Architect
flag-createCreate and delete flagsProduct Manager, Lead Developer
usersManage users and sessionsAdministrator
migrationExecute migrations and backupsSystem Administrator

Session Management

Session Behavior

  • Timeout: Sessions automatically expire after the configured timeout period (default: 30 minutes)
  • Activity Extension: Active sessions are automatically extended
  • Concurrent Sessions: Users can have multiple active sessions
  • Logout: Manual logout immediately invalidates the session

Session Security

  • Session tokens are securely generated and stored
  • Sessions are tied to IP addresses for additional security
  • Expired sessions are automatically cleaned up
  • All session activities are logged for audit purposes

Migration to Enterprise Auth

As your organization grows, you may want to migrate from built-in user management to an enterprise identity provider like Keycloak.

Migration Process

  1. Set up your Keycloak instance and configure FlagFlow client
  2. Import existing users and their permissions to Keycloak
  3. Test authentication with a subset of users
  4. Update environment variables to enable Keycloak
  5. Disable built-in user management: SESSION_USERS_ENABLED=false

See the Keycloak Integration documentation for detailed setup instructions.

Troubleshooting

Common Issues

Cannot Login with Default Credentials

  • Verify SESSION_USERS_ENABLED=true is set
  • Check that default username and password environment variables are correct
  • Ensure FlagFlow has successfully started and created the default user
  • Check logs for any user creation errors

Session Expires Too Quickly

  • Increase SESSION_TIMEOUT_SEC value
  • Check for browser cookie restrictions
  • Verify system clock synchronization

Cannot Create New Users

  • Ensure your user has the users permission
  • Check for username conflicts with existing users
  • Verify password meets minimum requirements
© 2025 FlagFlow All Rights Reserved. llms.txt