Skip to main content

Overview

The user management interface provides administrators with comprehensive tools to manage users, their connected SSO accounts, roles, and authentication settings. This includes viewing user details, managing connected accounts, manually adjusting roles, and troubleshooting authentication issues.

Accessing user management

Navigate to the user management page in your admin dashboard: 
https://your-domain.com/admin/users

User list

The user list displays all users in the application with key information:
ColumnDescription
NameUser’s display name
EmailUser’s email address
RolesAssigned application roles
Auth methodHow the user authenticates (SSO provider or local)
Last loginTimestamp of most recent login
StatusActive, inactive, or suspended
CreatedAccount creation date
Use the search and filter tools to find specific users:
  • Search: Search by name, email, or username
  • Filter by role: Show only users with specific roles
  • Filter by auth method: Show users by authentication provider
  • Filter by status: Show active, inactive, or suspended users
  • Sort: Sort by any column (name, email, last login, etc.)

User details

Click on a user to view detailed information:

Basic information

  • Full name
  • Email address
  • Username (if applicable)
  • Profile picture
  • Account creation date
  • Last login timestamp
  • Account status

Connected accounts

View all SSO providers the user has connected:
ProviderConnectedLast usedActions
GoogleYes2 hours agoDisconnect
Okta SAMLYes1 day agoDisconnect
GitHubNo--
Users can have multiple connected accounts from different SSO providers. They can log in using any connected provider.

Roles and permissions

View and manage the user’s assigned roles:
  • Current roles
  • Role source (default, group mapping, or manual)
  • Last role sync timestamp
  • Manual role adjustments

Authentication history

View recent authentication events:
  • Login attempts (successful and failed)
  • Provider used
  • IP address
  • Timestamp
  • User agent

Managing connected accounts

Viewing connected accounts

For each user, you can see:
  • Which SSO providers they’ve connected
  • When each account was first connected
  • When each account was last used for authentication
  • Provider-specific user identifiers

Disconnecting accounts

Disconnecting a user’s only authentication method will prevent them from logging in. Ensure they have an alternative login method before disconnecting.
To disconnect an SSO account:
1

Navigate to user details

Select the user from the user list
2

Go to connected accounts

View the “Connected Accounts” section
3

Click disconnect

Click “Disconnect” next to the provider you want to remove
4

Confirm action

Confirm the disconnection in the dialog
The user will no longer be able to log in using that provider.

Forcing reconnection

If a user is experiencing authentication issues with a specific provider:
  1. Disconnect the problematic account
  2. Ask the user to log in again using that provider
  3. The account will be reconnected with fresh credentials

Managing user roles

Viewing role assignments

For each user, you can see:
  • Current roles: All roles currently assigned
  • Role source: How each role was assigned
    • default: From provider’s default roles
    • group_mapping: From IdP group-to-role mapping
    • manual: Manually assigned by an administrator
  • Last sync: When roles were last synchronized from IdP

Manual role assignment

Override or supplement automatic role assignment:
1

Navigate to user details

Select the user from the user list
2

Go to roles section

View the “Roles & Permissions” section
3

Click edit roles

Click “Edit Roles” button
4

Add or remove roles

Select roles to add or remove from the user
5

Save changes

Click “Save” to apply the role changes
Manually assigned roles persist across logins and are not affected by role synchronization from IdP groups.

Syncing roles from IdP

Force a role synchronization from the identity provider:
1

Navigate to user details

Select the user from the user list
2

Click sync roles

Click “Sync Roles from SSO” button
3

Confirm sync

Confirm the synchronization action
This fetches the latest group information from the user’s identity provider and updates their roles based on current group-to-role mappings.

User actions

Suspending users

Temporarily disable a user’s access:
1

Select user

Navigate to the user’s detail page
2

Click suspend

Click “Suspend User” button
3

Confirm suspension

Confirm the action in the dialog
Suspended users cannot log in until their account is reactivated.

Reactivating users

Restore access for a suspended user:
1

Select user

Navigate to the suspended user’s detail page
2

Click reactivate

Click “Reactivate User” button
3

Confirm reactivation

Confirm the action

Deleting users

Deleting a user is permanent and cannot be undone. All user data, including connected accounts and activity history, will be removed.
To delete a user:
1

Select user

Navigate to the user’s detail page
2

Click delete

Click “Delete User” button
3

Confirm deletion

Type the user’s email to confirm deletion

User security settings

Connected accounts in user settings

Users can manage their own connected accounts from their security settings: 
https://your-domain.com/settings/security
From this page, users can:
  • View all connected SSO providers
  • Connect additional SSO providers
  • Disconnect SSO providers (if they have alternative login methods)
  • See when each account was last used

User-initiated connections

Users can connect additional SSO providers:
1

Navigate to security settings

User goes to Settings → Security
2

View available providers

See list of available SSO providers
3

Click connect

Click “Connect” next to the desired provider
4

Authenticate

Complete the SSO authentication flow
5

Confirm connection

The provider is now connected to their account

Bulk operations

Bulk role assignment

Assign roles to multiple users at once:
1

Select users

Check the boxes next to users in the user list
2

Click bulk actions

Click “Bulk Actions” dropdown
3

Select assign roles

Choose “Assign Roles”
4

Choose roles

Select roles to assign to all selected users
5

Confirm action

Confirm the bulk role assignment

Bulk suspension

Suspend multiple users at once:
1

Select users

Check the boxes next to users to suspend
2

Click bulk actions

Click “Bulk Actions” dropdown
3

Select suspend

Choose “Suspend Users”
4

Confirm action

Confirm the bulk suspension

Troubleshooting user issues

User can’t log in

Problem: User reports they cannot log in Steps to diagnose:
  1. Check user status (active, suspended, or deleted)
  2. Review connected accounts - ensure they have at least one
  3. Check authentication history for failed login attempts
  4. Review audit logs for specific error messages
  5. Verify the SSO provider is enabled and configured correctly

User has wrong roles

Problem: User doesn’t have expected permissions Steps to diagnose:
  1. Review current role assignments
  2. Check role source (default, group mapping, or manual)
  3. Verify group-to-role mappings in provider configuration
  4. Check user’s groups in the identity provider
  5. Try syncing roles from SSO
  6. Review audit logs for role change events

Duplicate accounts

Problem: User has multiple accounts with different email addresses Solution:
  1. Identify the primary account to keep
  2. Manually transfer any necessary data or permissions
  3. Delete the duplicate account
  4. Update the user’s email in the identity provider if needed

Connected account not working

Problem: User can’t log in with a specific SSO provider Steps to diagnose:
  1. Check if the provider is enabled
  2. Review provider configuration
  3. Check authentication history for error messages
  4. Try disconnecting and reconnecting the account
  5. Verify the provider works for other users
  6. Review audit logs for provider-specific errors

Best practices

Periodically review user accounts, roles, and connected accounts to ensure they align with your security policies.
Assign users the minimum roles necessary for their job functions. Use group-based role assignment when possible.
Regularly review authentication history and failed login attempts to detect potential security issues.
Keep notes when manually adjusting user roles or disconnecting accounts for future reference.
Establish a clear process for suspending or deleting user accounts when employees leave.

Reporting

User statistics

View aggregate statistics about your users:
  • Total users
  • Active users (logged in within last 30 days)
  • Users by authentication method
  • Users by role
  • New users (created in last 30 days)

Export user data

Export user information for reporting or compliance:
1

Navigate to user list

Go to Admin → Users
2

Apply filters

Filter users as needed (optional)
3

Click export

Click “Export” button
4

Choose format

Select CSV or JSON format
5

Download file

Download the exported user data

Next steps

Role mapping

Configure automatic role assignment from IdP groups

Audit logging

Monitor user authentication and account changes

Admin UI

Manage SSO providers and configuration

OIDC setup

Configure OIDC authentication providers