How to Manage Users
Admin guide
This page is for administrators. Some fields are hidden or read-only when the platform authenticates through an external provider (SAML or OAuth2) rather than internal login.
What is it?
A user is a platform login. Each user carries one or more roles, and those roles are the only thing that determines what the user can access. A user with no role can sign in but sees nothing.
- Users are managed in Settings → Users.
- Identity fields (name, email, department) describe the person; the roles field grants access.
- You don't delete users. You deactivate them with Is Active.
- Password and reset options appear only when the platform uses internal authentication.
Before you start
- You need write access to Users in Settings.
- The roles you intend to assign must already exist.
- If the platform authenticates through SSO, users are typically provisioned on first login with a default role (set in Platform Settings), so manual creation may not be needed.
How to Create a User
Step 1: Open the Users list
Go to Settings → Users. The list shows every user with these columns:
| Column | Shows |
|---|---|
| Username | The login name. |
| First Name / Last Name | The person's name. |
| The user's email address. | |
| Role | The roles assigned, shown as Workspace: Role. |
| Last Login | When the user last signed in. |
| Is Active | Whether the user can currently sign in. |
Click + New User at the top right. (This button is hidden when the platform uses an external authentication provider, because users come from that provider.)
Step 2: Fill in the user form
| Field | What to enter |
|---|---|
| UsernameRequired | The login name. You can set it only when creating the user; it is locked on edit. |
| First Name / Last Name | (Optional) The person's name. |
| Department | (Optional) The user's department. |
| EmailRequired | A valid email address. Used for notifications and approval requests. |
| Is Active | On by default. Turn off to block the user from signing in (see Deactivating below). |
| User RolesRequired | Multi-select. Pick one or more roles; each is shown as Workspace: Role. This is what grants the user access. Locked when authorization is external. |
Click Save.
Note
When the platform authenticates through SSO, the identity fields are managed by the provider and shown read-only. When authorization is external, the User Roles field is also locked.
Resetting a Password
On a user's page, click Reset Password (shown only for internal authentication). The dialog requires a new Password and a matching Confirm Password. Passwords must be 8 to 60 characters and include an uppercase letter, a lowercase letter, a digit, and a special character from !@#$%^&*_-.
Deactivating a User
There is no delete action. To revoke access, open the user and turn off Is Active, then save. The user can no longer sign in, but their history and authored objects are preserved for audit. Turn Is Active back on to restore access.
Reviewing User Activity
Each user has a Recent Activity tab showing login statistics:
- Last Login Date
- Logins in Last 7 Days
- Logins in Last 30 Days
- Logins in Last Year
Use this to spot dormant accounts before deactivating them.
What's next
- Configure Roles and Permissions to define what the roles you assign here can actually do.
- Configure Platform Settings to set login methods and the default role for SSO users.