User Management
Manage users, teams, roles, and permissions with multi-factor authentication support for secure team collaboration.
Understanding User Roles
| Role | Permissions | Best For |
|---|---|---|
| Admin | Full platform access, manage users, billing, infrastructure, policies, governance | Platform administrators, IT managers, DevOps leads |
| Developer | Deploy apps, create workflows, manage resources, access data sources, deploy models | Software engineers, DevOps engineers, data scientists, ML engineers |
| App (Viewer) | Read-only access to apps, workflows, dashboards, reports - no modification rights | Stakeholders, business users, auditors, managers |
How to Invite Users
Step 1: Navigate to User Management
- Click Settings in the main navigation
- Select Users from the settings menu
- Click Invite User button
Step 2: Enter User Information
Required Information:
- Email Address: User's email for login and notifications
- Full Name: Display name in UI
- Role: Select from Admin, Developer, Data Scientist, or Viewer
- Teams: Optional - assign to existing teams
- Send Invitation Email: Automatically send setup instructions
Step 3: Set Password Policy (First-Time Setup)
Users receive an invitation email with a secure link to set their password. Password requirements:
- Minimum 8 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character
How to Create and Manage Teams
Creating a Team
- Go to Settings → Teams
- Click Create Team
- Enter team name and description
- Add team members from existing users
- Set team lead (optional) with additional permissions
- Configure team-level resource quotas (optional):
- Max CPU across all team resources
- Max memory allocation
- Max storage per team
- Max number of apps, workflows, workspaces
- Click Create Team
Sharing Resources with Teams
Once teams are created, you can share resources:
Sharing Applications
- Open app details page
- Click Share button
- Select teams or individual users
- Set permissions: View only or Edit
Sharing Projects
- Open project settings
- Go to Access Control tab
- Add teams with View or Edit rights
- All project workspaces inherit permissions
Sharing Workflows
- Open workflow in builder
- Click Settings icon
- Add collaborators or teams
- Viewers can see execution logs only
Sharing Data Sources
- Edit data source
- Go to Permissions section
- Choose Private, All Users, or Specific Users/Teams
- Credentials remain encrypted
How to Enable Multi-Factor Authentication
For Individual Users
- Click your profile icon in top-right corner
- Select Account Settings
- Go to Security tab
- Click Enable MFA
- Scan QR code with authenticator app (Google Authenticator, Authy, 1Password, etc.)
- Enter 6-digit verification code from app
- Save backup codes in secure location
- Click Activate MFA
Enforcing MFA for All Users (Admin Only)
- Go to Settings → Security Policies
- Enable Require MFA for All Users toggle
- Set grace period (e.g., 7 days for users to set up MFA)
- Optionally require MFA for specific roles only (e.g., Admin, Developer)
- Click Save Policy
- All users will be prompted to enable MFA on next login
Lost Access?
If a user loses their MFA device, admins can reset MFA from the Users page. The user will need to set up MFA again on next login.
Managing User Permissions
Changing User Roles
- Go to Settings → Users
- Click on user name
- Select new role from dropdown
- Click Update Role
- Changes take effect immediately
Deactivating Users
- Find user in Users list
- Click Actions → Deactivate
- User loses all access immediately
- Resources owned by user remain intact
- Can reactivate later without data loss
Activity Monitoring
- View user login history and last active time
- Track resource creation and modifications
- Monitor failed login attempts
- Export activity logs for compliance
Access Reviews
- Quarterly access review reminders
- Review users with admin privileges
- Identify inactive users for deactivation
- Audit team memberships and permissions
Security Best Practice
Enable MFA for all admin users, conduct quarterly access reviews, and deactivate users within 24 hours of departure.