User Management¶
The Users page (/users) is the central hub for managing who has access to the DragonFly portal. It is split into five tabs.
Tab 1 — Users¶
Lists every portal user visible to you. Non-superadmin users only see accounts within their own organization and any sub-organizations they manage.
Columns:
| Column | Description |
|---|---|
| Login email address | |
| Name | First and last name |
| Role | Assigned permission role (see User Roles) |
| Organization | Tenant the account belongs to |
| Firebase | Whether the account has a linked login credential (Linked / None) |
| Status | Active (green) or Inactive (grey) |
| Last Login | Timestamp of most recent successful login |
| Actions | Row-level buttons (see below) |
Search¶
Live search filters by name, email, role, or organization. Results update as you type.
+ Add User¶
Creates an account directly (no invitation email). Requires: email, first name, last name, role, and organization. The account is created immediately with a temporary password — the user can log in right away and change their password from their profile.
Use Invite (tab 3) instead when you want the person to set their own password via an email link.
Row Actions¶
| Icon | Label | What it does |
|---|---|---|
| ✏️ Pencil | Edit User | Change name, role, or organization |
| 🔑 Key | Reset Password | Sends a password-reset email to the user |
| 🛡 Shield | Reset 2FA | Clears the user's TOTP secret — they must re-enroll on next login |
| 👁 Eye / 🚫 | Toggle Active | Activates or deactivates the account without deleting it. Deactivated users cannot log in. |
| 🗑 Trash | Delete User | Permanently removes the account. Cannot be undone. |
Superadmin-only actions
A Ghost as User button (person icon) is visible to superadmins only. It allows DragonFly staff to temporarily impersonate an account for troubleshooting without knowing the user's password. All actions taken in ghost mode are logged.
A 2FA Exempt toggle is also superadmin-only. It bypasses the two-factor requirement for a specific user (e.g. a service account).
Tab 2 — Pending Registrations¶
When someone self-registers at the portal login page (rather than being invited or added directly), their account lands here in a pending state. They cannot log in until an admin reviews and approves it.
Actions per entry:
- Approve & Assign — Opens a dialog to assign a role and organization, then activates the account.
- Reject — Permanently deletes the registration request. The person is notified by email.
Tab 3 — Invitations¶
Send a pre-configured invitation link to someone who does not yet have an account. The recipient receives an email with a link that lets them set their own password and complete registration — no admin needs to set a temporary password.
Sending an invitation requires:
- Recipient email address
- Organization (must be within your tenant tree)
- Role to assign on acceptance
- Expiry (default: 7 days)
Invitation states:
| Status | Meaning |
|---|---|
| Pending | Link not yet used, not yet expired |
| Accepted | User clicked the link and completed registration |
| Expired | Link was not used before the expiry date |
| Revoked | Manually cancelled by an admin |
Row actions on pending invitations:
- Resend — Generates a new link and re-sends the invitation email (resets the expiry timer).
- Delete / Revoke — Cancels the invitation. Any existing link stops working immediately.
Tab 4 — Domains¶
Domain registration enables automatic role assignment for users who register with a matching corporate email address. When a user self-registers with an email from a registered domain, they are automatically assigned the configured role and organization — no manual approval needed.
Example: Register columbiafitness.com → Viewer role → anyone who signs up with @columbiafitness.com is automatically placed into the Columbia Fitness organization as a Viewer.
Adding a domain requires:
- Domain name (e.g.
columbiafitness.com) - Organization to auto-assign to
- Default role to assign
Warning
Public email domains (Gmail, Outlook, Yahoo, etc.) cannot be registered. Only corporate/private domains are allowed.
Tab 5 — Audit Log¶
Read-only log of all user management actions taken in the portal. Useful for compliance, troubleshooting, and reviewing who changed what.
Logged events include:
- User created, edited, deleted, activated, deactivated
- Password resets sent
- 2FA resets and exemptions toggled
- Invitations sent, resent, revoked
- Domain registrations added or removed
- Role assignments changed
- Ghost (impersonation) sessions started
Each entry shows the timestamp, the admin who performed the action, and the affected user or resource.