Managing Users

View and manage user accounts, monitor authentication activity, and configure user permissions in your Signia tenant.

Viewing Users

User List

Navigate to Users in the dashboard sidebar to see all users in your tenant.

Displayed Information:

• User ID (unique identifier)
• Email address
• Name (if available)
• Status (active, suspended, etc.)
• Last login
• Registration date

Search and Filter

Search by:

• Email address
• Name
• User ID

Filter by:

• Status (active, suspended, pending)
• Registration date
• Last login date
• Authentication method

User Details

Click on a user to view detailed information:

Profile Information

• User ID - Unique identifier (sub claim)
• Email - Email address
• Email Verified - Verification status
• Name - Full name
• Given Name - First name
• Family Name - Last name
• Picture - Profile picture URL

Authentication Methods

View registered authentication methods:

• Passkeys - WebAuthn credentials

  • Device name
  • Registration date
  • Last used
  • Credential type (platform/roaming)

• Legacy Methods (if enabled)

  • Email magic links
  • Social logins (Google, GitHub, etc.)

Activity Log

Recent authentication activity:

• Login attempts - Successful and failed
• Timestamp - When the event occurred
• IP address - Source IP
• User agent - Browser/device information
• Result - Success, failed, blocked

Applications

Applications the user has accessed:

• Application name
• First access date
• Last access date
• Number of logins

User Management Actions

Inviting Users

Send invitations to new users:

1. Click Invite User button
2. Enter email address
3. Select role (optional)
4. Click Send Invitation

Invitation Flow:

1. User receives email invitation
2. Clicks link to accept
3. Registers passkey on first login
4. Account activated

Bulk Invitations

To invite multiple users, enter multiple email addresses (comma-separated) or upload a CSV file.

Suspending Users

Temporarily disable a user account:

1. Open user details
2. Click Suspend User
3. Provide reason (optional)
4. Confirm suspension

Effects:

• ✅ Login attempts are blocked
• ✅ Existing sessions are invalidated immediately
• ✅ Can be reactivated anytime
• ✅ User data preserved

Reactivating Users

Restore a suspended account:

1. Open user details
2. Click Reactivate User
3. Confirm reactivation

User can log in immediately after reactivation.

Deleting Users

Permanently remove a user account:

1. Open user details
2. Scroll to Danger Zone
3. Click Delete User
4. Confirm deletion

GDPR Compliance

User deletion is permanent and complies with GDPR's "right to be forgotten". All personal data is removed.

What gets deleted:

• User profile data
• Authentication credentials (passkeys)
• Activity logs
• Session tokens

What's preserved:

• Audit logs (anonymized)
• Usage statistics (anonymized)

User Roles & Permissions

Assigning Roles

1. Open user details
2. Click Edit in the Roles section
3. Select role(s)
4. Click Save Changes

Available Roles

Admin

• Full tenant access
• Can manage all users and applications
• Can modify tenant settings
• Can view all audit logs

Developer

• Can create and manage applications
• Can view users
• Cannot delete applications
• Cannot manage other users

Viewer

• Read-only access
• Can view applications and users
• Cannot make any changes

Custom Roles (Enterprise)

• Define granular permissions
• Assign specific capabilities
• Create role hierarchies

Authentication Methods

Managing Passkeys

View and manage a user's registered passkeys:

Passkey Information:

• Device name (e.g., "iPhone 13", "YubiKey")
• Registration date
• Last used
• Credential type
  • Platform - Device-bound (Face ID, Touch ID)
  • Roaming - Portable (YubiKey, USB key)

Actions:

• Rename - Update device name
• Revoke - Remove passkey access

Multiple Passkeys

Users should register multiple passkeys for backup access (primary device + security key).

Resetting Authentication

If a user loses access to their authentication methods:

1. Open user details
2. Click Reset Authentication
3. Select method:
   • Send magic link to email
   • Generate one-time reset code
   • Send new invitation
4. Confirm reset

Security Notes:

• Requires admin permissions
• Logged in audit trail
• User must verify email
• Old credentials invalidated

User Activity Monitoring

Recent Activity

View user's recent authentication events:

✅ Login successful - Chrome on macOS
   Oct 7, 2024 10:30 AM - IP: 192.168.1.1

❌ Login failed - Firefox on Windows
   Oct 7, 2024 10:15 AM - IP: 10.0.0.5
   Reason: Invalid passkey

🔒 Account suspended by admin
   Oct 6, 2024 2:00 PM

Session Management

View and manage active sessions:

Session Information:

• Device/browser
• IP address
• Location (approximate)
• Login time
• Last activity

Actions:

• Revoke session - Force logout
• Revoke all sessions - Log out everywhere

Use cases:

• Security breach suspected
• Lost device
• Force re-authentication

Anomaly Detection

Signia automatically flags suspicious activity:

• 🚨 Login from new location
• 🚨 Multiple failed login attempts
• 🚨 Login from suspicious IP
• 🚨 Unusual access patterns

Admins are notified and can take action.

Bulk Operations

Bulk User Actions

Select multiple users to perform actions:

Available Actions:

• Suspend users
• Reactivate users
• Assign roles
• Send invitations
• Export user data

How to use:

1. Select users using checkboxes
2. Click Bulk Actions dropdown
3. Select action
4. Confirm operation

Export User Data

Export user information for compliance or backup:

Export Formats:

• CSV (email, name, status, etc.)
• JSON (complete user data)

What's included:

• Profile information
• Registration date
• Last login
• Assigned roles
• Activity summary

Privacy: User IDs are included, but authentication credentials and sensitive data are excluded.

Advanced User Management

User Metadata

Store custom data for users:

{
  "department": "Engineering",
  "employee_id": "EMP-12345",
  "manager": "jane@example.com",
  "hire_date": "2024-01-15"
}

Use cases:

• Store organizational data
• Custom business logic
• Integration with HR systems

User Linking

Link multiple authentication methods to one account:

• Google account + passkey
• Email + GitHub
• Multiple passkeys

Users can choose any linked method to log in.

Federated Identity

Link users from external identity providers:

• Active Directory
• LDAP
• SAML providers
• Social logins

Troubleshooting

User can't login

Common causes:

1. Account suspended

   • Check user status
   • Reactivate if needed

2. No valid authentication method

   • Verify passkeys registered
   • Send password reset

3. Application access revoked

   • Check application permissions
   • Re-grant access

User not receiving invitation

Solutions:

1. Check spam folder

   • Email might be flagged

2. Verify email address

   • Ensure correct spelling
   • Check for typos

3. Resend invitation

   • Click Resend button
   • Wait 5-10 minutes

Can't delete user

Possible reasons:

1. User is admin - Transfer admin role first
2. Active sessions - Revoke sessions first
3. Insufficient permissions - Need admin role

Security Best Practices

1. Regular Access Reviews

• Review user list quarterly
• Remove inactive users
• Audit role assignments

2. Multi-Device Authentication

Encourage users to register:

• Primary device (phone/laptop)
• Backup security key
• Alternative device

3. Monitor Suspicious Activity

Set up alerts for:

• Multiple failed logins
• Login from new countries
• Unusual access patterns

4. Least Privilege Principle

• Grant minimum necessary permissions
• Use custom roles for specific needs
• Review and adjust regularly

Next Steps

• Managing Applications - Application configuration
• Security Guide - Security best practices
• Quick Start - Integrate authentication