Users represent people who interact with the API Control Plane. Each user belongs to an organization and is assigned a role that determines their level of access. Users can be created manually, invited via email, or provisioned automatically through LDAP, SAML, or OIDC identity providers.
The Control Plane supports multiple authentication origins, allowing you to mix manual accounts with SSO-provisioned accounts. SSO users without administrator privileges must use personal access tokens for API access.
User properties
| Field | Type | Description |
|---|
username | string | Unique login name |
displayName | string | Full display name |
email | string | Email address |
firstName | string | First name |
lastName | string | Last name |
status | enum | INVITED, ACTIVE, or DELETED |
role | enum | User role |
organization | UUID | Organization membership |
origin | enum | How the user was created |
locked | boolean | Whether the account is locked |
Roles
| Role | Description |
|---|
GLOBAL_ADMIN | Full administrative access |
ADMIN | Administrative access |
USER | Standard user |
BILLING_CONTACT | Billing-related access |
NO_ACCESS | Account disabled |
User origins
| Origin | Description |
|---|
MANUAL | Created manually |
INVITED | Created via invitation |
LDAP | Synced from LDAP |
SAML | Created via SAML SSO |
OIDC | Created via OIDC SSO |
MANAGED | Platform-managed |