Backstage by Example (Part 2)

Clearing Out Sample Data

Users and Groups

The Backstage catalog can be set up to ingest organizational data — users and teams — directly from an organization in GitHub or GitHub Enterprise. The result is a hierarchy of User and Group kind entities that mirror your org setup.

If Backstage is configured to use GitHub Apps authentication you must grant Read-Only access for Members under Organization in order to ingest users correctly. You can modify the app’s permissions under the organization settings,

Authentication and Users


Backstage has many different authentication methods, but has no built-in way to authorize access to specific data, APIs, or interface actions. Authorization is a way to enforce rules about what actions are allowed for a given user of a system. In Backstage today, endpoints are not protected and all actions are available to anyone.

Similar to a custom sign-in resolver, you can also write a custom auth handler function which is used to verify and convert the auth response into the profile that will be presented to the user. This is where you can customize things like display name and profile picture.

This is also the place where you can do authorization and validation of the user and throw errors if the user should not be allowed access in Backstage.

Next Steps



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store