User Management & Permissions
Overview
The Admin Console uses role-based access control. Every user has a role that determines what they can see and do. Access can be scoped to the entire organization or restricted to one or more specific subtenants — useful when different teams or customers should only see their own workflows and data.
For the time being, User Management & Permissions capabilities still live in the legacy console. In Admin 2.0, when you navigate to Admin → Users, you will be directed to the User Management section of the legacy console.
Roles & Permissions
Five roles are available. Each role applies at either the organization level or the subtenant level depending on how the user is assigned.
| Role | Config changes | User management | View services & workflows | View transactions & reports |
|---|---|---|---|---|
| Admin | ✓ | ✓ | ✓ | ✓ |
| Service Manager | ✓ | — | ✓ | ✓ |
| Manager | — | ✓ | ✓ | ✓ |
| Auditor | — | — | — | ✓ |
| Default | — | — | ✓ | ✓ |
When to use each role:
- Admin — Full access. Use for org owners and anyone responsible for both configuration and user management. Assign sparingly.
- Service Manager — Can create and modify workflows and configurations but cannot add or remove users. Use for developers and implementation teams.
- Manager — Can invite and manage users but cannot change workflow configuration. Use for team leads who handle onboarding of colleagues but don't own technical configuration.
- Auditor — Read-only access to transactions and reports only. Cannot see workflow or service configuration. Use for compliance, audit, or finance roles that need transaction visibility without access to system configuration.
- Default — Read-only access including workflow and service visibility. Use for support staff or observers who need to review configuration and transactions but should not make changes.
Inviting Users
- In the Admin Console, navigate to Admin → Users.
- Click Invite New User.
- Enter the user's email address.
- Select the appropriate role.
- Click Save. The user receives a one-time registration link via email from
[email protected].
Once the user completes registration, their role takes effect immediately. Users can be modified or removed at any time from the same Admin → Users page.
Restricting Access to a Specific Subtenant
By default, a user invited at the organization level can see all subtenants. If you need to limit a user's access to one specific subtenant — for example, a developer who should only work in the Account Opening subtenant, or a customer admin in a reseller setup — assign them a subtenant-level role.
- Navigate to Admin → Users.
- Find the user and click the eye icon next to their name.
- Click Edit in the top right.
- Scroll to the bottom and click Add Subtenant Role.
- Select the subtenant and the role for that subtenant.
- Click Save.
The user will only have access to the workflows, configurations, and transaction data within that subtenant. They will not see any other subtenants or organization-level settings.
You can assign a user to multiple subtenants with different roles on each — for example, Service Manager on one subtenant and Default (read-only) on another.
Related Resources
→ Org Structure | → Environments | → SSO
Updated 14 days ago