Knowledge Base » Administration » Managing Users and Access Control

Managing Users and Access Control

PlatformAxion SSO Administration By Bryan Caddy Nov 30, 2025 9:39 PM 3 views

Managing Users and Access Control

Overview

This guide covers user management, roles, permissions, and access control in the GuardAxion SSO Portal.

User Management

Adding New Users

Via Admin Panel

  1. Navigate to Admin > Access
  2. Click Add User button
  3. Fill in user details:
    • Email: User's email address
    • First Name: User's first name
    • Last Name: User's last name
    • Role: User role (User, Administrator)
    • Require MFA: Force MFA setup
  4. Click Create User
  5. User receives invitation email with temporary password

Via User Invites (Recommended)

  1. Navigate to Admin > Invites
  2. Click Create Invite
  3. Enter email address
  4. Set role and permissions
  5. Click Send Invite
  6. User receives email with registration link
  7. User sets their own password and MFA

Editing Users

  1. Admin > Access
  2. Click Edit next to user
  3. Modify:
    • Name
    • Email
    • Role
    • MFA requirement
    • Active status
  4. Click Save Changes

Deactivating Users

  1. Admin > Access
  2. Find the user
  3. Toggle Active status to Off
  4. User cannot log in (account preserved)
  5. To reactivate, toggle back to On

Deleting Users

Warning: This permanently removes the user and all their data

  1. Admin > Access
  2. Click Delete next to user
  3. Confirm deletion
  4. User and associated data are removed

User Roles

User (Standard)

Permissions:

  • Access assigned applications
  • Update own profile
  • Manage own MFA settings
  • View own activity logs

Cannot:

  • Manage other users
  • Configure applications
  • Access admin panel
  • View audit logs

Administrator (Tenant Admin)

Permissions:

  • All User permissions, plus:
  • Manage users in tenant
  • Create and configure applications
  • View all audit logs
  • Configure tenant settings
  • Manage user invites
  • Reset user passwords
  • Require MFA for users

Cannot:

  • Manage other tenants
  • Access super admin functions
  • Modify system-wide settings

Super Administrator (Support)

Permissions:

  • All Administrator permissions, plus:
  • Manage all tenants
  • Create new tenants
  • Manage super admins
  • Access support portal
  • View system-wide analytics
  • Configure global settings

Access Control

Application Access

Users can only access applications where they are:

  1. Active members of the tenant
  2. Specifically granted access
  3. Not explicitly blocked

Granting Application Access

  1. Admin > Applications
  2. Select an application
  3. Click Manage Access
  4. Add users or groups
  5. Save changes

Revoking Application Access

  1. Admin > Applications
  2. Select application
  3. Click Manage Access
  4. Remove users from access list
  5. Save changes

User Invites

Creating Invites

  1. Admin > Invites
  2. Click Create Invite
  3. Enter:
    • Email: Recipient email
    • Role: User or Admin
    • Expiration: Invite validity (1-30 days)
  4. Click Send Invite

Invite Process

  1. User receives email with unique link
  2. Clicks link to registration page
  3. Sets password
  4. Configures MFA (if required)
  5. Completes profile
  6. Gains access to applications

Managing Invites

  1. Admin > Invites
  2. View pending invites
  3. Resend invite email if needed
  4. Cancel unused invites
  5. Check invite status (Pending/Accepted/Expired)

Password Management

Reset User Password (Admin)

  1. Admin > Access
  2. Find user
  3. Click Reset Password
  4. User receives email with reset link
  5. User sets new password

User Self-Service Password Reset

Users can reset their own password:

  1. Click "Forgot Password" on login page
  2. Enter email address
  3. Receive reset link via email
  4. Set new password

Password Requirements

  • Minimum 8 characters
  • Mix of uppercase and lowercase
  • At least one number
  • At least one special character
  • Cannot be same as previous password

Audit Logging

Viewing User Activity

  1. Admin > Audit
  2. Filter by:
    • User
    • Action type
    • Date range
    • IP address
  3. Export logs if needed

Tracked Events

  • User login/logout
  • Failed login attempts
  • Password changes
  • MFA setup/disable
  • Role changes
  • Application access
  • Settings modifications

Best Practices

User Management

  • Remove access for departed employees immediately
  • Regular access reviews (quarterly)
  • Use invite system for new users
  • Require MFA for all administrators
  • Document role assignments
  • Monitor failed login attempts

Security

  • Enforce strong password policies
  • Require MFA for sensitive roles
  • Regular audit log reviews
  • Deactivate instead of delete (preserves audit trail)
  • Limit administrator accounts
  • Use service accounts for integrations

Compliance

  • Maintain user access records
  • Document access changes
  • Regular permission audits
  • Export audit logs for compliance
  • Implement least privilege principle

Troubleshooting

User Can't Log In

Check:

  • Account is active
  • Correct tenant name
  • Password hasn't expired
  • MFA is set up correctly
  • No IP restrictions
  • Review audit logs for failures

User Not Receiving Emails

  • Check spam/junk folder
  • Verify email address is correct
  • Check email service status
  • Review system logs
  • Contact administrator

Invite Link Not Working

  • Check if invite has expired
  • Verify link wasn't modified
  • Ensure invite hasn't been used
  • Resend invite if needed

Multi-Tenant Considerations

Tenant Isolation

  • Users in Tenant A cannot see Tenant B users
  • Applications are tenant-specific
  • Audit logs are isolated per tenant
  • Settings are per-tenant

Cross-Tenant Access

  • Generally not supported
  • User needs separate accounts in each tenant
  • Contact support for special requirements

Was this article helpful?

Still need help? Create a ticket

Related Articles

← Back to Knowledge Base