Manage Users
Organizations have the ability to manage users and their roles by going to User Menu >Org Settings > Users.
Add a New User
To add a new user to your organization, click the Add New User button.
In the Create User pop-up, enter the new user's account information and select Submit.
| Field | Description |
|---|---|
| First Name | User's preferred first name. |
| Last Name | User's preferred last name (hyphens are accepted). |
| Enable Password Input | If unchecked, an email will be sent to the user so they can set their password. |
| Password | If Enable Password Input is checked, the user's password will need to be manually entered in this field. |
| Role | There are two options for role designation: Admin: Has access to Org Settings such as Single Sign-On Settings and management of Users User: Does not have access to Org Settings |
Edit User
An Admin User has the option to modify a user's first and/or last name as well as the user's designated role (User vs Admin).
Disabling, Activating, and Deleting Users
Users can be deleted, disabled, or activated from the Edit User screen.
- Deleting a user permanently removes all personally identifiable information (PII), including any user secrets. This action is irreversible.
- Disabling a user will prevent them from logging in, and will log them out shortly if they happen to be logged in at the time. They can be re-enabled or activated at any time.
Removing SSO Users
- Single Sign-On users with a username and password: Users that have been configured directly in Coalesce will be able to log in with a username and password even if SSO has been enabled or removed, as long as their Coalesce-native user record remains active. If you do not wish to allow username and password-based authentication, you must disable or delete these users.
- Users may still appear in your SSO provider's user list, but they will not be able to log in. These users must be removed manually. We recommend reviewing all deleted users to ensure they have been removed from the SSO provider.
Access Tokens and SSO
- Access tokens function independently of SSO. Disabling a user in your SSO platform does not remove access tokens. You must also remove the user directly in Coalesce to revoke any tokens associated with that user.
- Access tokens never expire across all environments and projects.
- Access tokens are regenerated after each login. Previously issued tokens remain valid.
Access tokens are removed when:
- A user is deleted in Coalesce.
- A user is disabled in Coalesce.
- A user's password is changed in Coalesce.
- A user's email address is changed in Coalesce.
- An SSO user requires a new token for each new environment created.
- Multi-factor Authentication is turned on or off.