Manage Global Users

Use /admin/common/users for identity lifecycle operations.

Supported operations

  • Create user
  • Rename user (email and profile names)
  • Disable/enable user
  • Set home tenant (ENSURE_PERSONAL or SET_TENANT)

Create user correctly

Choose home mode explicitly:

  • PERSONAL: creates personal-home posture
  • COMPANY: assigns selected company tenant + at least one repo

For company-home creation, always assign repo access during creation to avoid unusable accounts.

Rename behavior

Renaming email is a security-impacting action.

  • refresh tokens are revoked
  • user must sign in again
  • outstanding invites addressed to old email may fail acceptance checks

Set home tenant behavior

Set home tenant can:

  • ensure personal home if missing
  • move home to selected company tenant and repo set

This operation can change effective access posture and revokes refresh tokens. Plan communications before bulk changes.

Practical guardrails

  1. Avoid user identity mutations during active onboarding windows.
  2. Apply home-tenant changes with explicit repo assignments.
  3. Validate resulting primary tenant/repo by testing login landing behavior.
Previous
Repo Access
Next
Prerequisites