User Management¶
User management in Manifest Platform covers the full lifecycle of user accounts — from sending the initial invitation through onboarding, role assignment, and eventual deactivation. Admins can manage users individually or in bulk, and every change is recorded in the audit log.
User Lifecycle¶
Every user account in Manifest Platform moves through a defined set of states.
stateDiagram-v2
[*] --> Invited: Admin sends invitation
Invited --> Active: User accepts & completes setup
Invited --> Expired: Invitation not accepted within expiry window
Expired --> Invited: Admin re-sends invitation
Active --> Suspended: Admin suspends account
Suspended --> Active: Admin reactivates account
Active --> Removed: Admin removes from organization
Suspended --> Removed: Admin removes from organization
Removed --> [*]| State | API value | Description |
|---|---|---|
| Invited | — | Invitation email sent. User has not yet accepted. |
| Active | active |
User has accepted the invitation, completed setup, and can access the platform. |
| Expired | — | Invitation was not accepted within the expiration window (default: 7 days). |
| Suspended | suspended |
Account is temporarily disabled. The user cannot log in, but their data and role assignments are preserved. |
| Removed | — | User has been removed from the organization. All role assignments are deleted. The user's global account is not deleted and they may be re-invited. |
Removal is irreversible within the organization
Removing a user from the organization revokes all their role assignments immediately. If you need to temporarily restrict access, use Suspend instead. A removed user can be re-invited, but their previous role assignments will not be restored.
Inviting¶
Single Invitation¶
- Go to Admin > Users & Roles
- Click Invite User
- Enter the user's email address
- Select one or more roles and their scopes
- Optionally add a personal message
- Click Send Invitation
The user receives an email with a link to accept the invitation and complete account setup (set password or connect SSO).
Invitation Fields¶
| Field | Default | Description |
|---|---|---|
email |
— | Email address to invite |
role_id |
— | UUID of the role to assign |
org_id |
— | Organization scope for the role assignment (required if not scoping to a workspace) |
workspace_id |
— | Workspace scope for the role assignment (required if not scoping to the org) |
expires_in_days |
7 |
How long the invitation link remains valid (1–90 days) |
message |
— | Optional personal message included in the invitation email (up to 1000 chars) |
Invitation Settings¶
| Setting | Default | Description |
|---|---|---|
auto_assign_workspace |
None | Automatically add invited users to a default workspace |
require_sso |
false |
When true, invited users must authenticate through the configured SSO provider |
allowed_email_domains |
All | Restrict invitations to specific email domains (e.g., company.com) |
Configure these in Admin > Settings > User Defaults.
Managing Roles and Permissions¶
Roles determine what a user can see and do. Assign roles during invitation or update them at any time.
Viewing a User's Roles¶
Navigate to Admin > Users & Roles, select a user, and review the Roles section.
Updating Roles¶
- Select the user in Admin > Users & Roles
- In the Roles section, click Add Role or remove an existing role
- Changes take effect immediately
Role Assignment Fields¶
| Field | Description |
|---|---|
role_id |
UUID of the role to assign |
org_id |
Scope the assignment to an entire organization (cascades to all workspaces within it) |
workspace_id |
Scope the assignment to a single workspace |
expires_at |
Optional expiration timestamp for temporary access (e.g., contractors, guests). The role is automatically revoked at this time |
is_guest |
Whether this is a guest assignment (limited cross-org access) |
Role changes are immediate
When you assign or revoke a role, the change takes effect on the user's next API request. Active sessions pick up the new permissions without requiring re-login.
For full details on available roles, custom roles, and permission scopes, see Roles & Permissions.
User Actions¶
Suspending a User¶
Suspending temporarily blocks a user's access while preserving their account, roles, and data.
Suspend a user in Admin > Users & Roles by selecting the user and clicking Suspend. Provide a reason for the suspension.
Suspension revokes all active sessions immediately. The user sees a "Your account has been suspended" message if they attempt to log in.
Reactivating a User¶
Reactivate a suspended user in Admin > Users & Roles by selecting the user and clicking Reactivate.
The user regains access with their previous role assignments intact.
Removing a User from the Organization¶
Removing a user permanently revokes all their role assignments within the organization and removes their access.
Click Remove from Organization in the user's detail page (Danger Zone) or from the actions menu in the users list. The action takes effect immediately.
Data retention
When a user is removed, their audit history, deployment records, and activity logs are retained. Solutions and components they created remain owned by the organization. The user's global account continues to exist and they can be re-invited.
Resending an Invitation¶
If an invitation expires before the user accepts:
Resend an expired invitation from Admin > Users & Roles by selecting the user and clicking Resend Invitation. This sends a new invitation email with a fresh expiration window.
Bulk Operations¶
For organizations managing many users, bulk operations save time.
Bulk Invite¶
Upload a CSV file to invite multiple users at once.
CSV format:
email,role,scope
alice@company.com,solution-builder,workspace:engineering
bob@company.com,viewer,organization
carol@company.com,solution-builder,workspace:marketing
dave@company.com,admin,organization
- Go to Admin > Users & Roles
- Click Bulk Invite
- Upload the CSV file or paste email addresses
- Map columns to fields (email, role, scope)
- Review the preview
- Click Send Invitations
Bulk Role Update¶
Update roles for multiple users by uploading a CSV file in Admin > Users & Roles > Bulk Update.
CSV format:
email,action,role,scope
alice@company.com,add,admin,organization
bob@company.com,remove,viewer,organization
carol@company.com,add,solution-builder,workspace:data-team
Bulk Remove¶
Remove multiple users from the organization (e.g., after an offboarding event) by uploading a CSV file in Admin > Users & Roles > Bulk Remove.
Dry run
Use the Dry Run option in the bulk import dialog to preview changes without applying them.
User Directory¶
The user directory in Admin > Users & Roles provides a searchable, filterable view of all users.
Available filters:
| Filter | Options |
|---|---|
| Status | Active, Invited, Suspended |
| Role | Any built-in or custom role |
| Workspace | Any workspace in the organization |
| Last active | Date range |
| Authentication method | SSO, API key, password |
Available actions from the directory:
- Export the user list as CSV
- Send bulk invitations
- Apply bulk role changes
- Filter to find inactive users for cleanup