Skip to main content

User Management

Learn how to create, manage, and organize users in the PDaaS Console.

Overview

Users are the primary identity type in PDaaS. Each user has:

  • Email address (unique within the organization)
  • Password (encrypted with bcrypt)
  • MFA status (required for console access)
  • Group memberships
  • Direct policy attachments
  • Account scope

Viewing Users

Navigate to Identity > Users to see all users in your organization.

User List

The user list displays:

  • Name: User's full name
  • Email: User's email address
  • Status: Active or Inactive
  • Groups: Number of groups the user belongs to
  • Last Activity: Last time the user accessed the console or API
  • Actions: Quick actions (Edit, Deactivate, Delete)

Search:

  • Type in the search box to filter users by name or email
  • Search is case-insensitive and matches partial strings

Filters:

  • Status: Show only active or inactive users
  • Groups: Show users in specific groups
  • Last Activity: Filter by recent activity (last 24h, 7 days, 30 days)

Sorting:

  • Click column headers to sort
  • Default: Most recently created first

Pagination

  • Default: 20 users per page
  • Options: 10, 20, 50, 100 users per page
  • Use navigation arrows to move between pages

Creating a User

  1. Click Create User button
  2. Fill in the required fields:
    • Full Name: User's display name
    • Email: Must be unique in the organization
    • Password: Must meet password requirements
    • Confirm Password: Must match the password
  3. (Optional) Assign groups
  4. (Optional) Attach policies directly
  5. (Optional) Select account scope (default: all accounts)
  6. Click Create User

Result:

  • User is created with status "Active"
  • User receives a welcome email with sign-in instructions
  • User must verify email and set up MFA before accessing console

Password Requirements

When creating a user, the password must meet:

  • Minimum 12 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character

The password strength meter will guide you.

Editing a User

  1. Click the Edit icon next to a user
  2. Modify user details:
    • Full Name
    • Email (careful: this changes their sign-in credentials)
    • Status (Active/Inactive)
    • Groups
    • Policies
    • Account scope
  3. Click Save Changes

Note: You cannot change a user's password from the console. Users must reset their password using the "Forgot Password" flow.

Managing Group Memberships

Adding to Groups

From User Detail Page:

  1. Navigate to Identity > Users > [User Name]
  2. Go to the Groups tab
  3. Click Add to Group
  4. Select groups from the dropdown
  5. Click Add

From User Edit Form:

  1. Click Edit on the user row
  2. In the Groups section, select groups
  3. Click Save Changes

Removing from Groups

  1. Navigate to user detail page
  2. Go to Groups tab
  3. Find the group
  4. Click Remove
  5. Confirm the action

Attaching Policies

Users can have policies attached directly (in addition to group policies).

To attach a policy:

  1. Navigate to user detail page
  2. Go to Policies tab
  3. Click Attach Policy
  4. Select a policy from the list
  5. Click Attach

To detach a policy:

  1. Find the policy in the Policies tab
  2. Click Detach
  3. Confirm the action

Note: User's effective permissions = Group policies + Direct policies

Deactivating Users

Deactivating a user:

  • Prevents sign-in
  • Revokes all active sessions
  • Preserves user data and audit history
  • Can be reactivated later

To deactivate:

  1. Click Deactivate in the user row or detail page
  2. Confirm the action
  3. User status changes to "Inactive"

To reactivate:

  1. Filter users by "Inactive" status
  2. Click Activate on the user
  3. User can sign in again

Bulk Operations

Select multiple users to perform bulk actions:

Bulk Deactivate

  1. Check the boxes next to users
  2. Click Bulk Actions > Deactivate
  3. Confirm the action
  4. All selected users are deactivated

Bulk Add to Group

  1. Select users
  2. Click Bulk Actions > Add to Group
  3. Select the group
  4. Click Add

Bulk Export

  1. (Optional) Filter users
  2. Select users or leave empty to export all
  3. Click Export > CSV
  4. Download the CSV file

User Detail Page

Navigate to a user's detail page to see:

Overview Tab

  • User information
  • Status
  • Creation date
  • Last activity
  • MFA status

Groups Tab

  • All groups the user belongs to
  • Option to add/remove groups

Policies Tab

  • Directly attached policies
  • Inherited policies from groups (read-only)
  • Option to attach/detach policies

Activity Tab

  • Recent actions by the user
  • Sign-in history
  • API calls
  • Failed authentication attempts

Sessions Tab

  • Active sessions
  • Device information
  • IP addresses
  • Option to revoke sessions

Best Practices

  1. Use Groups: Assign policies to groups rather than individual users for easier management
  2. Regular Audits: Periodically review user list and deactivate unused accounts
  3. Least Privilege: Only grant necessary permissions
  4. MFA Enforcement: Ensure all users have MFA enabled
  5. Account Scope: Use account scopes to limit user access to specific environments

Common Tasks

Reset User's MFA

See MFA Admin Tools

Force Password Reset

Users must use the "Forgot Password" flow on the sign-in page.

View User Activity

Navigate to Security > Audit Log and filter by the user's email.

Troubleshooting

User can't sign in:

  • Check if user is active
  • Verify email is correct
  • Ensure MFA is set up
  • Check for account lockout (too many failed attempts)

User not receiving emails:

  • Verify email address is correct
  • Check spam folder
  • Confirm organization email settings

Permissions not working:

  • Verify policies are attached (directly or via groups)
  • Check policy syntax in Policy Editor
  • Use Policy Simulator to test permissions

Next Steps