Manage users

# Manage users

This guide walks you through the process of managing a user account. An owner or an administrator can manage user accounts.

# Onboard users

There are three ways to onboard a user:

The user can self-register via the My Account portal or the login page of an application if self-registration is enabled in the organization. Learn how to configure self-registration.
An administrator can onboard users from an on-premise user store by connecting a remote user store to Asgardeo.

If the remote user store access type is read-only, you cannot update the user profiles of users onboarded from this read-only user store.
An administrator can onboard users from the Asgardeo Console.

Let's look at how administrators can onboard users from the Asgardeo Console.

# Onboard single user

On the Asgardeo Console, go to User Management > Users.
Click Add User > Single User and provide the following details:
- Email (Username): A unique email address to identify the user.
- First Name: First name of the user. You can add/change this later.
- Last Name: Last name of the user. You can add/change this later.
- A username is always unique to the organization and you can't change the username once it is created.
- Instead of using the email as the username, you can configure the username to be an alphanumeric. Then, you will be asked to enter an alphanumeric username between the configured minimum and maximum lengths.
- The existing users who have already registered with their email address as the username can continue to use it to access applications, instead of having to create a new username.
You can either request the user to set the password or set one on the user's behalf.
- Invite user to set their own password:
  - Invite via email: If this option is selected, an email with a confirmation link will be sent to the provided email (username). The user can use the confirmation link to set up a new password.
  - Invite offline: If this option is selected, the administrator will receive an invite link at the end of user registration. This link can be shared with the user.
- Set a password for the user: If this option is selected, the administrator can set a password for the user. The user can change this password from the My Account Portal.
Add the user to a group in the next step. You will not see this option if you haven't created any groups in Asgardeo.
Click Finish.

If you have selected Invite offline or decided to set a password for the user, you can copy the corresponding information at the Summary page of the wizard and share with the user.

# Onboard multiple users

In addition to adding a single user, you can onboard multiple users at once, either manually or by using a CSV file. This is especially useful for large organizations that seek efficiency.

Importing multiple users is only supported for the Asgardeo-provided DEFAULT user store.

# Add multiple users manually

On the Asgardeo Console, go to User Management > Users.
Click Add User > Multiple Users.
Switch to the Manual tab.
Enter the email addresses of the users you want to invite. Press Enter after each email to add it to the list.
Under Groups, select the group(s) from the dropdown to which users will be added during the import.
Click Add to send out the invitations.

An email with a confirmation link will be sent to the provided email addresses, allowing the users to set their own passwords.

# Add multiple users using a CSV file

On the Asgardeo Console, go to User Management > Users.
Click Add User > Multiple Users.
Switch to the File Based tab.
Click Upload CSV File or drag and drop a CSV file into the designated area.
Ensure your CSV file is formatted correctly, with headers that correspond to user attributes. These attributes must be mapped to local attributes.
- A sample CSV file format would include: username, givenname, emailaddress, groups
- For example:
```
username,givenname,emailaddress,groups
user1,john,[email protected],group1|group2
user2,jake,[email protected],group2
user3,jane,[email protected],group1
```
  1
  2
  3
  4
Click Import to add the users to the system.
An email with a confirmation link will be sent to the provided email addresses, allowing the users to set their own passwords.

# Assign groups

A user can be assigned to different groups in the organization. Groups can be used to restrict the user's access to resources.

To assign users to groups:

On the Asgardeo Console, go to User Management > Users.
Click Edit for the user.
Go to Groups and assign groups.

The Groups tab for a user account will only appear after you create one or more groups in the organization. Learn how to create a group

# Manage user profiles

A user profile consists of attributes that represent the details of the user such as username, email address, contact information, other custom attributes, etc.

Administrators in the organization can configure the list of attributes that should be available in a user profile. See Manage attributes for details.

# View profile details

Administrators can view the user profile of any user as follows:

On the Asgardeo Console, go to User Management > Users.

If you have connected a remote user store, and want to filter the users in your remote user store, select your user store from the drop-down menu.
Select the user to view the profile.

# Update the profile

An administrator can update the profile of a user via the Asgardeo Console.

To update the user profile:

On the Asgardeo Console, go to User Management > Users.
Find the user's account and click Edit.
Update the information on the user profile.
Click Update to save.

# Reset the user's password

Administrators can reset a user's password or initiate the password reset process from the Asgardeo Console.

To reset the password:

Click Reset password at the bottom of the user's profile.

Select a method to reset the user password:
- Invite user to set their own password: If this option is selected, a password reset request can be sent to the user via email. The user can then use the instructions in the email to reset the password.
- Set a temporary password for the user:
  If this option is selected, the owner or an administrator can set a temporary password for the user.
Click Reset Password.

Using the API

You can also use Asgardeo's SCIM API to initiate the admin initiated password recovery flow.

Get an access token with the internal_user_mgt_update scope.

Use the obtained access token to execute the following cURL.

curl --location --request PATCH 'https://api.asgardeo.io/t/<org_name>/scim2/Users/<user_id>' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <access_token>' \
--data '{
   "schemas": [
      "urn:ietf:params:scim:api:messages:2.0:PatchOp",
      "urn:scim:wso2:schema"
   ],
   "Operations": [
      {
            "op": "add",
            "value": {
               "urn:scim:wso2:schema": {
                  "forcePasswordReset": true
               }
            }
      }
   ]
}'

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

Upon successful execution of the cURL the user will recieve an email to reset their password.

# Lock a user account

When you lock a user's account, the user will no longer be able to access any applications or the My Account portal.

To lock a user account:

On the Asgardeo Console, go to User Management > Users and select the user.
Enable the Lock user toggle at the bottom of the user's profile.

Enable the checkbox to confirm your action.
Click Confirm.

You can unlock the user account again using the Lock user toggle explained above.

# Delete a user

A user account can be deleted by administrators. Once an account is deleted, the action is irreversible.

To delete a user account:

On the Asgardeo Console, go to User Management > Users and select the user.
Click Delete User at the bottom of the user's profile.
Enable the checkbox to confirm your action.
Click Confirm.