User Management

Overview

User management in mindzie Studio enables administrators to control who can access the system, what they can do, and how they authenticate. This section covers user creation, role assignment, permissions, and the special service account feature for cross-tenant access.

User Management Functions

Core User Operations

• Create Users - Add new users to your tenant
• Assign Roles - Grant appropriate permissions through role assignment
• Manage Permissions - Control access to specific features and data
• Deactivate Users - Remove access while preserving audit history

Advanced Features

• Service Accounts - Enable cross-tenant access for consultants and support staff
• User Roles - Understand the different roles and their capabilities
• User Permissions - Fine-grained permission management

User Types in mindzie Studio

Regular Users

Standard users who access a single tenant:

• Authenticate directly to their assigned tenant
• Have permissions only within their tenant
• Cannot access other tenants without separate accounts

Service Accounts

Special users designed for multi-tenant access:

• Authenticate at a designated "home tenant"
• Can access multiple tenants with appropriate permissions
• Limited to Server Administrator (TenantAdmin) and Administrator roles
• Learn more about Service Accounts

User Roles

mindzie Studio uses role-based access control with five primary roles. They appear here from broadest to narrowest scope. See User Roles for the full description of each.

The role with the highest level of access is shown in the role dropdown and API responses as TenantAdmin. This page refers to it as Server Administrator to match what it actually does (it owns the Server Administration menu and can manage every tenant). When assigning the role through the UI or API, select TenantAdmin.

Server Administrator

• Full access across all tenants
• Can create, modify, and delete tenants
• Owns the Server Administration menu (Manage Tenants, Manage Users, Server Memory, Backups, executions)
• Can be promoted to service account
• Shown in the role dropdown as TenantAdmin

Administrator

• Full administrative authority within a tenant
• Can manage users, reset passwords, and assign roles
• Manages analysis templates and tenant settings
• Cannot open the Server Administration menu or create new tenants
• Can be promoted to service account

IT Admin

• Technical configuration access
• Manages integrations, connections, and global API keys
• Limited authoring access — does not build dashboards or analyses
• Cannot become service account

Analyst

• Access to analysis tools and reports
• Can create and share dashboards, investigations, and notebooks
• Limited administrative access
• Cannot become service account

Developer

• Access to development tools and APIs
• Can create custom integrations
• Limited administrative access
• Cannot become service account

Managing Users

Adding New Users

1. Navigate to Administration -> Users
2. Click Add User
3. Enter user details:
   • Name
   • Email address
   • Initial role
4. Configure authentication method
5. Send invitation email

Editing Existing Users

1. Navigate to Administration -> Users
2. Find the user in the list
3. Click Edit
4. Modify user properties:
   • Role assignment
   • Permissions
   • Service account status (if eligible)
5. Save changes

Bulk Operations

For managing multiple users:

• Bulk Import - Upload CSV with user details
• Bulk Role Assignment - Change roles for multiple users
• Bulk Service Account Promotion - Convert eligible users to service accounts

Service Account Management

Service accounts are a powerful feature for organizations that need cross-tenant access:

When to Use Service Accounts

• Consultants working with multiple client tenants
• Support Staff providing assistance across tenants
• Integration Accounts for automated cross-tenant processes

Creating Service Accounts

1. User must have Server Administrator (TenantAdmin) or Administrator role
2. Navigate to user management
3. Select eligible user
4. Enable service account status
5. Assign home tenant
6. Detailed Guide

Security Best Practices

Account Security

• Enforce strong password policies
• Enable multi-factor authentication
• Regular access reviews
• Prompt deactivation of unused accounts

Service Account Security

• Limit service accounts to essential users only
• Regular audit of cross-tenant access
• Monitor service account activity
• Document business justification

Permission Management

• Follow principle of least privilege
• Regular permission audits
• Document special permissions
• Use roles rather than individual permissions

Common Tasks

Resetting User Passwords

1. Navigate to user management
2. Select the user
3. Click Reset Password
4. User receives password reset email

Changing User Roles

1. Find user in user list
2. Click Edit
3. Select new role from dropdown
4. Confirm change
5. User permissions update immediately

Deactivating Users

1. Locate user account
2. Click Deactivate
3. Confirm deactivation
4. User access removed immediately
5. Audit history preserved

Troubleshooting

User Cannot Log In

• Verify account is active
• Check authentication configuration
• Confirm correct tenant URL
• Reset password if needed

Missing Permissions

• Verify role assignment
• Check tenant-specific permissions
• Review recent changes
• Confirm user is in correct tenant

Service Account Issues

• Verify home tenant assignment
• Check cross-tenant permissions
• Confirm eligible role (Server Administrator / TenantAdmin, or Administrator)
• Review authentication flow

Related Documentation

• Service Accounts Overview
• User Roles Guide
• Permission Management
• Tenant Management