Version 2.5
User management

User management

Manage who has access under Configuration > Users: invite people, set their role, and enable or disable accounts.

  • Roles — every user has one of three roles:
    • Admin — full access: agents, users, and workspace configuration (LLMs, MCP servers, branding, observability, analytics).
    • Builder — everything a Member can do, plus building: create, edit, and publish agents, and manage the resources agents depend on — MCP servers, data connections, and semantic data models. Builders can also create API keys scoped to themselves — but not service-account keys, which are Admin-only. They can't manage users or workspace configuration.
    • Member — use agents; can't create them or change configuration.
The Update User Role dialog with the role dropdown open, showing Admin, Builder, and Member
The Update User Role dialog with the role dropdown open, showing Admin, Builder, and Member
  • Invite users by email with a role.
  • Auto-add by email domain — optionally allow your organization's email domains. Anyone who signs in with an email on an allowed domain is then admitted automatically and gets the Member role by default — no individual invite needed. Use with care: it's an open door for that whole domain.
  • Enable / disable revokes access without deleting the account.

Self-hosted vs SaaS. Who can sign in is governed by your identity provider (see Identity providers); roles are managed here in the application.