# TeleportUser This guide is a comprehensive reference to the fields in the `TeleportUser` resource, which you can apply after installing the Teleport Kubernetes operator. ## resources.teleport.dev/v2 **apiVersion:** resources.teleport.dev/v2 | Field | Type | Description | | ---------- | --------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | apiVersion | string | APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: | | kind | string | Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: | | metadata | object | | | spec | [object](#spec) | User resource definition v2 from Teleport | ### spec | Field | Type | Description | | -------------------- | ----------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | github\_identities | \[][object](#specgithub_identities-items) | GithubIdentities list associated Github OAuth2 identities that let user log in using externally verified identity | | oidc\_identities | \[][object](#specoidc_identities-items) | OIDCIdentities lists associated OpenID Connect identities that let user log in using externally verified identity | | roles | \[]string | Roles is a list of roles assigned to user | | saml\_identities | \[][object](#specsaml_identities-items) | SAMLIdentities lists associated SAML identities that let user log in using externally verified identity | | traits | [object](#spectraits) | Traits are key/value pairs received from an identity provider (through OIDC claims or SAML assertions) or from a system administrator for local accounts. Traits are used to populate role variables. | | trusted\_device\_ids | \[]string | TrustedDeviceIDs contains the IDs of trusted devices enrolled by the user. Note that SSO users are transient and thus may contain an empty TrustedDeviceIDs field, even though the user->device association exists under the Device Trust subsystem. Do not rely on this field to determine device associations or ownership, it exists for legacy/informative purposes only. Managed by the Device Trust subsystem, avoid manual edits. | ### spec.github\_identities items | Field | Type | Description | | ------------------- | ------ | -------------------------------------------------------------------------------------------------------- | | connector\_id | string | ConnectorID is id of registered OIDC connector, e.g. 'google-example.com' | | samlSingleLogoutUrl | string | SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable. | | user\_id | string | UserID is the ID of the identity. Some connectors like GitHub have an unique ID apart from the username. | | username | string | Username is username supplied by external identity provider | ### spec.oidc\_identities items | Field | Type | Description | | ------------------- | ------ | -------------------------------------------------------------------------------------------------------- | | connector\_id | string | ConnectorID is id of registered OIDC connector, e.g. 'google-example.com' | | samlSingleLogoutUrl | string | SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable. | | user\_id | string | UserID is the ID of the identity. Some connectors like GitHub have an unique ID apart from the username. | | username | string | Username is username supplied by external identity provider | ### spec.saml\_identities items | Field | Type | Description | | ------------------- | ------ | -------------------------------------------------------------------------------------------------------- | | connector\_id | string | ConnectorID is id of registered OIDC connector, e.g. 'google-example.com' | | samlSingleLogoutUrl | string | SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable. | | user\_id | string | UserID is the ID of the identity. Some connectors like GitHub have an unique ID apart from the username. | | username | string | Username is username supplied by external identity provider | ### spec.traits | Field | Type | Description | | ----- | --------- | ----------- | | key | string | | | value | \[]string | |