User management

The Users tab of the Admin app is where site admins can view, add, and manage users in their Instabase deployment.

View users

From the users list (All apps > Admin > Users), you can view all users in the deployment. All users are displayed in alphabetical order, but you can filter and search for specific users:

• To filter for users who are site admins, click the Users dropdown and select Site admins.

• To include deactivated and disabled accounts in the users list, deselect the Show active users only checkbox.

• To search for a specific user, enter any part of their username or email address in the Search bar.

The users list includes the following information and settings:

• Username: The user’s username.

• Email: The user’s email address.

• Registered on: The date the user was added or registered.

• Site admin: Sets the user as a site admin. See managing site admins for details.

• Status: Whether the user has an active, disabled, or deactivated account.

• More (three dots) button: Opens a menu to access additional user settings. See the manage users section for details.

Add users

To add users individually:

1. From the Admin app, select Users.

2. Click Create user.

3. In the Username field, enter a username.

4. In the Email field, enter the user’s email address.

5. By default, the user’s password is generated and can be copied using the Copy button. To set the password manually, turn off the Generate password toggle and enter a custom password.

6. Optionally click Add line to add an additional user, following the previous steps.

7. Click Add.

To add users in bulk:

1. From the Admin app, select Users.

2. Click Create user.

3. Select the Bulk tab.

4. In the input field, define the list of users, one line per user. Each line must include a comma-separated list of {username}, {user's email address}, {user's password}.

   Tip

   You can click and drag the bottom right corner of the input field to resize it.

5. Click Add.

Manage users

From the users list, you can:

• Manage an individual user’s authentication.

• Disable, deactivate, or reactivate a user’s account.

• View and manage a user’s OAuth tokens.

Manage authentication

To manage a user’s authentication:

1. From the Admin app, select Users.

2. Click the three-dot icon in the user’s row of the users list.

3. Click Manage auth.

4. Make the desired changes on the Password or Two-factor authentication tab:

   • From the Password tab of the Manage authentication dialog, you can reset the user’s password. You can copy the randomly generated password, or turn off the Generate password randomly toggle and define a custom password.

   • From the Two-factor authentication tab, you can reset the user’s two-factor authentication. Clicking Disable resets the current two-factor authentication on the user’s account; upon next login they’re prompted to reset their two-factor authentication.

5. Click Disable to confirm your changes.

Disable, deactivate, and reactivate a user account

A user’s account can be disabled or deactivated. When a user account is disabled or deactivated, that user cannot log into that account or use APIs with any authentication token created by that account. A deactivated account is additionally removed from any previously assigned groups, spaces, or subspaces.

If a disabled account is reactivated, the user’s experience and access is the same as previously configured. If a deactivated account is reactivated, they do not automatically regain their previously granted access permissions.

To disable a user’s account:

1. From the Admin app, select Users.

2. Click the three-dot icon in the user’s row of the users list.

3. Click Disable.

4. Click Disable.

To deactivate a user:

1. From the Admin app, select Users.

2. Click the three-dot icon in the user’s row of the users list.

3. Click Disable.

4. Select Also delete all ACLs for {user}.

5. Click Deactivate.

To reactivate a disabled or deactivated user:

1. From the Admin app, select Users.

2. Click the three-dot icon in the user’s row of the users list.

   Note

   Deselect the Show active users only checkbox to include deactivated and disabled users in the users list.

3. Click Reactivate.

4. Click Reactivate.

View and manage OAuth tokens

Site admins can view and manage a user’s OAuth tokens from the user’s profile page. OAuth tokens are used to authenticate Instabase API requests. To access a user’s OAuth management settings:

1. From the Admin app, select Users.

2. Click the three-dot icon in the user’s row of the users list.

3. Click View user.

4. Select the OAuth management tab.

From here, you can:

• Create new OAuth apps for the user.

• View all the OAuth apps that have been created by or for this user.

• Delete existing OAuth apps.

• Generate new OAuth tokens for the apps.

Managing user roles and permissions

Define roles by managing user permissions and entitlements. Rather than assigning a user a specific role, assign them specific permissions that match their role’s responsibilities.

Each user in your deployment likely fits one of the following roles:

• User: The default role assigned to new users of the Instabase platform without any out-of-the-box entitlements or permissions. Many users likely won’t require additional access, but can still be granted this access selectively through site and app permissions.

• General, non-site-wide admin: Users who require some administrative access to meet their responsibilities, such as fulfilling managerial functions. This access is granted selectively through site and app permisisons.

• Site admin: Users who manage the Instabase installation and require global administrative access across the platform. Site admins have all-or-nothing permission to manage site-wide settings and configurations, including the ability to manage sensitive features like encryption and authentication.

  Note

  Because site admin users have such wide-ranging permissions, minimize the number of site admins. Instead, create general admin users by assigning only the administrative access they require.

Users requiring site admin permissions can be assigned site admin status. For non-site admin users, you can selectively assign the following types of permissions:

• Site permissions: Site permissions are used to grant the ability to perform actions otherwise restricted to site admins, such as managing users or group memberships. See the site permissions documentation for details.

• App permissions: App permissions are used to grant access to applications otherwise restricted to site admins, such as the Deployment Manager, Metrics, or Audit Logs apps. See the app permissions documentation for details.

• Space and subspace permissions: Users can be assigned space and subspace-specific permissions within organization spaces. See the spaces documentation for details.

Managing site admins

Site admin users have wide-ranging permissions and the site admin status should be granted with care. Site admins can:

• Access the data of and manage all organization and user spaces.

• Create new organization spaces.

• Manage all groups and add new groups.

• Create accounts for new users.

• Manage authentication and OAuth tokens for users.

• Add/remove other site admins.

• Grant/remove site permissions for users.

• Manage all flow pipelines.

• Create new signup tokens.

• Manage encryption.

• Change site-wide configuration options.

• Manage all licenses.

• Publish apps to Marketplace.

• Install or update the Instabase license.

• Set up new features available in new releases.

To make a user a site admin:

1. From the Admin app, select Users.

2. Search for the user in the Users list.

3. Turn on the Site admin toggle.

4. Click Confirm.

To revoke site admin status:

1. From the Admin app, select Users.

2. Search for the user in the Users list.

3. Turn off the Site admin toggle.

4. Click Remove.

To view all site admins:

1. Open the Users tab of the Admin app.

2. Click the Users dropdown and select Site admins. All users with site admin status enabled display.