Close
logodocs

Users

The Users page of the Admin UI is where you can view and manage all Users in your organization. The Users table lists at-a-glance information about each User, including name, type (User or Service Account), provisioning type (managed by an identity provider or strongDM), Permission Level, email address, and access type (Role membership or temporary access).

User Types

There are two types of users in your strongDM organization: Users and Service Accounts.

A User is an entity that represents any individual member of your organization who can log in to the strongDM GUI and CLI on their local machine or to the Admin UI. In the User management area, each User may be added to one or more Roles (up to a maximum of 20). The Roles a User belongs to will determine what resources the User can access.

A Service Account is a slightly different type of entity that allows for programmatic access to strongDM resources. See the Service Accounts page for more details.

All Users and Services Accounts are shown on the Users page with either the User's name and email address, or the Service Account's display name. In addition, you may see a special indicator beside a User or Service Account's name.

  • An eye icon indicates a high-traffic User whose queries are not visible in the Admin UI logs but are available via the command line.
  • The lock icon indicates that the User is locked out.
  • The Service Account label helps to distinguish a Service Account from a User account.

Permission Level

The Permission Level column displays each User's assigned Permission Level (i.e., Account Administrator, Team Lead, Database Administrator, or User).

Permission Level determines what administrative actions are available to the User for their organization in the Admin UI. The Permission Level dictates the User's ability to add resources to the organization, edit those resources, or manage other Users.

A (non-SSO) label underneath the Permission Level indicates that Single Sign-on (SSO) is configured for your organization, but the User was created with the Allow non-SSO users option selected, which allows the User to log in with a password.

Managed by

The Managed by column shows whether the User is managed by an identity provider or strongDM. If provisioning has been configured for your organization and the User is managed by an identity provider, the column shows the identity provider's name (e.g., Azure AD, Okta, etc.). If the User is not managed by an identity provider, the column will show strongDM.

Roles

The Roles column shows the name of any Role(s) that have been assigned to the User. Roles determine what resources a User can access.

If no Roles have been assigned to the User, the column will show no roles.

Temporary Access

The Temporary Access column indicates whether the User has been granted time-boxed access to resources.

What You Can Do on the Users Page

Add Users and Service Accounts

You can add Users and Service Accounts to your organization with the Add user and Add service buttons.

View User Details

Clicking the Details button for a User will direct you to that User's details, where you can assign Roles, grant temporary access, and update settings.

User Details
User Details

Take Quick Actions

Clicking the Actions button for a User will pop the actions you can take on the selected User, without having to go into the User's Details.

User Actions
User Actions

With one click, you can select one of the following actions to take:

  • Edit details
  • Set roles
  • Remove from all roles
  • Grant temporary access
  • Set permission level
  • Send password reset email
  • Suspend user
  • Delete user

Search for Users

The Search field allows you to find Users and Service Accounts in your organization according to name, email, Role membership, Permission Level, status, provisioning type, and tags. You can either type into the Search field or use the Role and Permission Level filter drop-down menus to narrow your search. The table header will display the number of results returned by the active search and filter query.

Free-text search

You can enter any text or string into the Search field, such as name, email address, or parts of a name or email. The Admin UI will check against all first names, last names, and emails in your organization.

Enter any text into the Search field.
Enter any text into the Search field.

User search filters

User filters will display Users according to their status (i.e., active or suspended), access (locked out or not), provisioning type (i.e., managed by strongDM or an identity provider), or tag.

You can type or copy/paste the following filters into the Search field, with or without other text. Do not use quotes or tick marks.

FilterDescriptionExample Search
locked:falseShows Users who are not locked outlocked:false service finds all Service Accounts that are not locked out.
locked:trueShows all locked out Userslocked:true finds all locked out Users.
managed:falseShows Users managed and provisioned by strongDMmanaged:false finds all User accounts managed by strongDM instead of the configured IdP.
managed:trueShows Users managed and provisioned by a third-party identity provider (e.g., Azure AD, Okta, etc.)managed:true Okta finds all Okta-managed User accounts.
suspended:falseShows all active Userssuspended:true John finds all active Users named John.
suspended:trueShows all suspended Userssuspended:true @strongdm finds all suspended Users whose email address includes “@strongdm.”
tags:title=valueShows Users with the specified tag; supports wildcards (*)tags:env=prod or tags:env=pr* finds all Users with the env=prod tag. Tag values containing commas must be inside quotes (e.g., tags:region="useast,uswest")

By default, the Users page filters out suspended Users. The suspended:false filter is applied automatically when you visit the Users page.

Default User Page Filter
Default User Page Filter

Role, Permission Level, and Managed by filters

Additionally, you may narrow the search results by selecting a filter from the Role, Permission Level and Managed by drop-down menus located to the right of the Search field.

Select Role to automatically populate filters based on Role assignment.

Filter by Role membership.
Filter by Role membership.

Select Permission level to automatically populate filters based on Permission Level.

Filter by permission level.
Filter by permission level.

If provisioning is enabled for your organization, select Managed by to automatically populate filters based on provisioning type (i.e., managed by either strongDM or an identity provider).

Filter by provisioning type
Filter by provisioning type

Save your favorite search and filter queries

The parameters of your search and filter queries are reflected in the page URL, allowing you to bookmark your favorite searches and filters in your web browser.

For example, when filtering Users based on the “Account Administrator” Permission Level, the URL becomes https://app.strongdm.com/app/admin?permissionLevel=admin.

Note that when filtering Users by Role, the URL includes the Role ID parameter, rather than the Role name (e.g., https://app.strongdm.com/app/admin?roleID=r-603258af61aab3c1).

Perform bulk operations on multiple Users

Bulk operations allow you to conduct a single operation on multiple Users at a time. Using the checkboxes, you can select up to 25 Users. Then, using the dialog buttons, you have the option to set the Users' Permission Level, set the Users' Role(s), or remove the Users from all valid Roles. Once you do a bulk operation, the Users remain selected and highlighted. You can click Deselect all to remove the selection.

The Users page showing two selected Users
The Users page showing two selected Users

Set Permission Level for multiple Users

To set the same Permission Level for multiple Users, follow these steps:

  1. Select the checkbox beside each User's name.
  2. Click the Set permission level button in the dialog.
  3. Select the Permission Level you want to set, and then click Confirm.
    Set Permission Level
    Set Permission Level

Set Roles for multiple Users

Some Users may have no Roles or need their Roles changed. To set the same Role for multiple Users, follow these steps:

  1. Select the checkbox beside each User's name.
  2. Click the Set Roles button in the dialog.
  3. Select the checkbox for each Role(s) you want to assign.
  4. Click Apply roles.
    Set Roles for selected Users
    Set Roles for selected Users

Remove multiple Users from all Roles

You can remove Users from valid Roles by following these steps:

  1. Select the checkbox beside each User's name.
  2. Click the Remove from all roles button in the dialog.
  3. Click Confirm remove.

Note that if provisioning is enabled for your organization, and Users and Roles are managed by an identity provider (IdP) like Okta or Azure AD, you will not be able to remove IdP-managed Users from IdP-managed Roles from within the Admin UI. In fact, the Admin UI won't even show IdP-managed Roles because they will be considered invalid Roles.

No Users can be removed from Roles message
No Users can be removed from Roles message

You will have to remove Users from such Roles from the IdP's portal. You can, however, remove IdP-managed Users from strongDM-managed Roles.

Remove Users from all roles
Remove Users from all roles

Invite a User

You can easily invite a User to join your strongDM organization. All you need to know is their name and email address.

  1. In the Admin UI, go to Access > Users.
  2. Click Add user.
    Add User Button
    Add User Button
  3. Enter the email address, first name, and last name. To invite multiple Users, click Add row.
    Provide information to invite Users.
    Provide information to invite Users.
  4. Click Send invitations.

The User(s) will receive an email with instructions on how to join strongDM.

Suspend a User

You can revoke a User’s access to infrastructure by suspending their account. In the Admin UI, there are two ways to suspend a User: use the quick Actions button on the Users page; or update the User’s settings.

Suspend from the Users page

  1. In the Admin UI, go to Access > Users.
  2. Locate the User you wish to suspend, and click the Actions button beside their name. This button lets you take quick action on a User without having to go into the User’s details.
    Suspend User Button
    Suspend User Button
  3. Select Suspend user.
    Select the Suspend user action from the drop-down
    Select the Suspend user action from the drop-down
  4. Click Confirm suspension.
    Confirm Suspension Message
    Confirm Suspension Message

Suspend from the User’s Settings tab

  1. On the Users page, click on the name of the User you wish to suspend.
    Example User to Suspend
    Example User to Suspend
  2. Go to the Settings tab and click Suspend user.
    User Settings tab
    User Settings tab
  3. Click Confirm suspension.
    Confirm Suspension Message
    Confirm Suspension Message

Switch to Dark mode

For a change of scenery, you can use the switch at the top of the page to toggle between Light mode and Dark mode.

Admin UI in Light mode
Admin UI in Light mode
Admin UI in Dark mode
Admin UI in Dark mode
Admin UI Guide — Previous
Access Rules
Next
Roles