-
Notifications
You must be signed in to change notification settings - Fork 0
Tenant Admin Users
Gen 3: This is a legacy Gen 2 article. For current GT AI OS 3.0 guidance, see gen3/users.
As a Tenant Admin, you can manage users within your organization. This guide covers all aspects of user management.
User management allows you to:
- Add new users individually or in bulk via CSV upload
- Control user access (enable/disable accounts)
- Manage two-factor authentication settings
- View user activity and status
- Monitor license usage and expiration
The Users page displays:
Four cards at the top show key metrics:
- Enabled Users (License): Current active users vs. your license limit. A warning appears when the limit is reached.
- Total Users: All users (enabled + disabled)
- Disabled: Users who have been disabled
- License Expires: Your license expiration date. The card turns amber when expiring within 30 days, or red if expired.
Below the dashboard:
- Search bar: Filter users by name or email
-
User table with columns:
- User: Name, email, and role badge (if admin)
- Status: Enabled or Disabled
- 2FA: Enabled, Required, or Not Set
- Last Login: When the user last logged in
- Actions: Menu for user management actions
| Role | Description | Capabilities |
|---|---|---|
| Tenant User | Standard user | Use agents, manage personal resources |
| Tenant Admin | Platform administrator | All user capabilities plus admin features |
| Super Admin | System administrator | Full platform access across all tenants |
Note: Super Admin users are managed through the Control Panel by a Super Admin, not the tenant app. They appear in your user list for visibility but cannot be edited or disabled from this page.
Tenant Users can:
- Access the chat interface
- Use available agents
- Create personal agents and datasets
- Join teams and use team resources
- View their own usage and history
Tenant Admins can additionally:
- Access the Users management page
- Add and disable users
- Bulk upload users via CSV
- Access organization-wide Observability
- See all resources regardless of visibility
- Set resource visibility to Organization (making resources available to all users)
- Go to Users in the sidebar
- Click Add User
- Enter the user's information:
- First Name: The user's first name (required)
- Last Name: The user's last name (required)
- Email Address: The user's email (required)
- Welcome Email Template: Select a template for the welcome email (optional)
- Email Modules: Select header/footer modules to include (optional)
- Require 2FA: Toggle to require two-factor authentication
- Click Create User
Note: Tenant Admins can only create Tenant Users. Tenant Admin roles can only be provisioned by a Super Admin through the Control Panel.
To add multiple users at once:
- Go to Users in the sidebar
- Click Bulk Upload
- Optionally click Download CSV Template to get a pre-formatted file
- Prepare your CSV file with the following columns:
email,first_name,last_name,tfa_required
jane.doe@example.com,Jane,Doe,false
john.smith@example.com,John,Smith,true
- Click the upload area to select your CSV file
- Click Upload
After the upload completes, a summary shows:
- Number of users successfully created
- Number of rows that failed (with specific error details per row)
Passwords are auto-generated for all uploaded users. Each user receives a welcome email with instructions to set up their password.
After creating a user (individually or via bulk upload):
- The user receives a welcome email with instructions to set up their password
- They click the link in the email to create their password
- If 2FA is required, they set it up on first login
The table displays all users with their current status. Each row shows:
- User avatar with name and email
- Role badge (for admins)
- Status badge (Enabled/Disabled)
- 2FA status
- Last login time
- Actions menu (for non-admin users)
Note: Tenant Admin and Super Admin users show "Admin (read-only)" instead of an actions menu. These roles can only be managed through the Control Panel by a Super Admin.
- Find the user in the table
- Click the actions menu (...) on the right
- Select Edit
- The edit panel opens from the right side
- You can:
- Update the user's First Name and Last Name
- Disable User or Enable User (in Quick Actions)
- Require 2FA or Remove 2FA Requirement (in Quick Actions)
- View the 2FA Status section showing the current state:
- "2FA is enabled and active" — the user has set up 2FA
- "2FA is required but not yet set up" — 2FA is required but the user hasn't completed setup
- "2FA is not configured" — 2FA is not set up or required
- Click Save Changes
Note: If your organization has a global 2FA policy enabled, the edit panel shows "2FA Required — Enforced by organization policy" and the remove option is hidden.
User roles are displayed in the user table:
- Tenant User: Standard users with access to chat, agents, and datasets
- Tenant Admin: Platform administrators with access to user management and full observability
Note: Tenant Admin roles can only be provisioned by a Super Admin through the Control Panel. They cannot be assigned in the tenant app.
From the user table:
- Find the user in the list
- Click the actions menu (...)
- Select Disable
Or from the edit panel:
- Open the edit panel for the user
- Click Disable in the Quick Actions section
Note: Disabled users cannot log in but their data is preserved. This action is reversible - you can re-enable the user later.
Use the actions menu and select Enable, or use the Enable button in the edit panel.
To send a password reset email:
- Find the user in the table
- Click the actions menu (...)
- Select Send Password Reset
The user will receive an email with a link to reset their password.
Manage 2FA settings for users from the actions menu:
| Action | Description |
|---|---|
| Require 2FA | User must set up 2FA on their next login |
| Disable 2FA Requirement | Remove the 2FA requirement (if not globally enforced) |
| Reset 2FA | Clear the user's 2FA so they can set up a new device |
Note: If your organization has a global 2FA policy, individual settings cannot override it. The "Disable 2FA Requirement" option will not appear for users when global 2FA is enforced.
Monitor user account status:
- Enabled: User can log in normally
- Disabled: A Tenant Admin has disabled the account
For a single user:
- Create their account via Add User
- Verify they received the welcome email
- Point them to help documentation
- Assign them to relevant teams
- Follow up to ensure successful setup
For multiple users:
- Prepare a CSV file with all user details
- Use Bulk Upload to create all accounts at once
- Review the upload results for any errors
- Verify users received their welcome emails
- Review user list quarterly
- Disable inactive users
- Monitor the License Expires card for upcoming renewals
- Update contact information as needed
- Review access logs regularly
- Promptly disable departing employees
- Report suspicious activity to your Super Admin
Check:
- Account status is Enabled (not Disabled)
- Email address is correct
- Password meets requirements
If the user isn't receiving password reset emails:
- Verify SMTP is configured for your tenant
- Check spam/junk folders
- Verify the email address is correct
- Contact your Super Admin if SMTP issues persist
If rows fail during bulk upload:
- Check the error details shown for each failed row
- Common issues: duplicate email addresses, invalid email format, missing required fields
- Fix the errors in your CSV and re-upload only the failed rows
If a user doesn't appear in the list:
- Use the search bar to search by email
- Verify the user was created successfully
- Check if they were accidentally disabled (they still appear in the list)