Users
The Users page manages all user accounts in the system. Users can authenticate via local password, external SSO (OIDC), or both. Each user is assigned one or more roles that determine their permissions. The Owner account is created during initial setup and cannot be modified or deleted.
Inputs
| Name | Description | Allowed Values | Default |
|---|---|---|---|
| Username | Display name for the user | Non-empty string | — |
| Email address used for login and notifications | Valid email address | — | |
| Password | Local authentication password | Any string (required unless auth method is SSO-only) | — |
| Auth Method | How the user authenticates | Local, SSO, SSO + Local | Local |
| Roles | Roles assigned to the user (determines permissions) | One or more existing roles | — |
Fields & Columns
| Name | Description |
|---|---|
| Username | The user display name (not editable inline) |
| Editable inline — the user email address | |
| Auth | Editable inline — authentication method (Local, SSO, or SSO + Local) |
| Roles | Combined list of assigned roles, with Owner highlighted in yellow |
How To
Create a new user
- Navigate to Admin > Identity > Users.
- Click Create User.
- Enter the username, email, and initial password.
- Assign one or more roles.
- Click Save to create the account.
Gotchas
- The Owner account cannot be modified or deleted — it bypasses all scope checks.
- SSO-only users do not have a local password and can only log in through the external identity provider.
- Deleting a user is permanent and removes all role assignments for that user.
API Calls (7)
| Method | Path | Description |
|---|---|---|
| GET | /api/admin/identity/users | List all users with their roles |
| GET | /api/admin/identity/users/:id | Get user details by ID |
| POST | /api/admin/identity/users | Create a new user |
| PUT | /api/admin/identity/users/:id | Update user email or auth method |
| DELETE | /api/admin/identity/users/:id | Delete a user |
| POST | /api/admin/identity/users/:userId/roles/:roleId | Assign a role to a user |
| DELETE | /api/admin/identity/users/:userId/roles/:roleId | Remove a role from a user |
Related Pages
- Roles — Roles define the scopes (permissions) assigned to users
- OIDC — Configure the external identity provider for SSO users
- Auth Events — Tracks login attempts by these user accounts