We need to document a bit more about user administration

[hmpf]

From mail, how to not automatically create users on login (when using OAuth2/OIDC):

By using your own settings.py-file (as we recommend anyway) you can override SOCIAL_AUTH_PIPELINE to not automatically create users, see https://python-social-auth.readthedocs.io/en/latest/pipeline.html#authentication-pipeline (search for "For example, a pipeline that won’t create users, just accept already registered ones would look like this:") If you do that you'll have to pre-create all allowed users before they log in for the first time via the admin (at https://BACKEND-URL/admin/argus_auth/user/, use the admin-user generated on setup). The leftmost column is the Feide id, do also fill on email-address. The "staff status" controls whether the user may access the admin-page. A user that no longer should have access can have the "active" attribute turned off, without deleting the user. This is necessary if users are created on first login as the user is recreated on the next login if it is deleted.

I'm not even sure we have documented the existence of the admin at all.

The user-model has an attribute is_staff for people that may log in to the admin. We could add a field to the user serializer with a link to the admin if is_staff is true or something.