Skip to content

Admin: Users & Organizations

Two related screens under the admin area let you manage who can sign in (Users) and which organization they belong to (Organizations). Both require the Admin role or above — see Roles & Permissions for what each role can do.

Users screen showing the user table with role dropdowns and action icons

Managing users

The Users screen lists every user visible to you:

  • If your organization is a master organization, you see every user on the platform.
  • Otherwise you only see users belonging to your own organization.

Each row shows the user's email/username, role, organization, Cognito account status (CONFIRMED, UNCONFIRMED, FORCE_CHANGE_PASSWORD, etc.), and creation date. From the Actions column you can:

  • Assign organization — re-assign the user to a different organization (only shown if you're a master-org admin or a Super-User).
  • Reset password — sends the user a password-reset email; they get a code and must choose a new password at next sign-in.
  • Delete user — permanently removes the account. You'll be asked to confirm. Deleting your own account logs you out immediately.

Deleting a user cannot be undone

There's no undo for account deletion. Double-check you have the right user before confirming.

Creating a user

Click Create User to open the form. You need:

  1. Email address — the user signs in with this; they'll receive a temporary password by email and must change it on first login.
  2. Role — Viewer, Editor, or Admin. (Super-User cannot be granted from this form.)
  3. Organization — if you're a Super-User or a master-org Admin, pick any organization from the dropdown. If you're a regular (non-master) Admin, the new user is automatically assigned to your own organization — there's no picker.

After submitting, the user receives an email with login credentials and must set a new password before they can use the account.

Changing a role

On the Users table, each user's role is shown as a coloured pill. For any user below Super-User, the pill is an editable dropdown — pick a new role (Viewer / Editor / Admin) and it saves immediately, with a confirmation toast.

Super-User rows are read-only here — you cannot promote anyone to Super-User, or change the role of an existing Super-User, from this screen.

Admins are capped below their own rank

An Admin can set another user's role up to Admin, but cannot grant Super-User and cannot change the role of a user ranked above them. This is enforced on the server regardless of what the browser shows — see Roles & Permissions.

Managing organizations

The Organizations screen (also Admin+) lists every organization you have visibility into, showing name, type/scope, contact email, and creation date. From here you can:

  • Add Organization — create a new organization.
  • Edit (pencil icon) — update its name, scope, contact email, and partner settings.
  • Delete (bin icon) — permanently remove an organization. You'll be asked to confirm; this cannot be undone.

Add Organization dialog showing ID, name, scope selector and contact email fields

When creating or editing an organization you set its Scope:

ScopeWhat it means
SingleOwn devices only.
MultiOwn devices plus a set of allocated customer organizations (used by maintenance/operator orgs).
AllFull cross-organization visibility — reserved for the platform owner.

Only a Super-User can select Multi or All, or change an existing organization's scope — Admins see the scope as read-only when editing.

You can also optionally tick Create first admin user when adding an organization (using the contact email you entered) so the new organization has an admin ready to sign in immediately.

Partner organizations

An organization can be flagged as an Integration Partner from its Edit dialog. Turning this on gives every user in that organization time-limited, test-only access, scoped to:

  • Allowed config presets — pick from a checklist of presets defined in other organizations. These are the only presets this partner may apply; applying anything else is denied server-side.
  • Allocation access — the organization(s) this partner can allocate devices into is derived automatically from the config presets you selected above (each preset's destination organization), not chosen separately.
  • Can Allocate Devices — a toggle for whether this partner's users may allocate an available unallocated device into one of the derived organizations.
  • Access Window — partner access expires. A new partner defaults to a 14-day window from creation; use Extend +14d on the Edit dialog to push the expiry back another 14 days. Letting the window lapse does not un-allocate anything the partner already did — only new actions are blocked.

This replaced the old per-user "integrator" role

Partner access is set at the organization level now, not on individual users. To give someone partner access, mark their organization as a partner rather than changing their personal role.