> ## Documentation Index
> Fetch the complete documentation index at: https://koreai.mintlify.app/llms.txt
> Use this file to discover all available pages before exploring further.

# User Management

Manage users, roles, and directory sync for your Agent Platform account from a single interface.

***

The **User Management** module in the Settings Console gives administrators control over who can access Agent Platform and what they can do. It covers user invitations, bulk import, role assignments, Active Directory (AD) sync, and user profile configuration.

<Note>Only users with the **Admin** role and required permissions can access User Management in the Settings Console.</Note>

## Users Dashboard

Navigate to **Settings** > **User Management** > **Users** to see the dashboard.

The dashboard shows a live count of users by status and lists each user's name, email, role, and current status.

| Status       | Description                                                  |
| ------------ | ------------------------------------------------------------ |
| **Active**   | User has accepted the invitation and can access the Platform |
| **Inactive** | User was invited but has not yet accepted                    |
| **Locked**   | User exceeded 5 consecutive failed login attempts            |

## Add Users

| Method                    | Best For                                         |
| ------------------------- | ------------------------------------------------ |
| **Email invitation**      | Individuals or small groups                      |
| **Bulk import**           | Many users at once via a CSV or TXT file         |
| **Active Directory sync** | Syncing users from your organization's AD server |

### Invite via Email

1. Go to **Settings** > **User Management** > **Users** > **Add New User** > **Invite**.
2. Enter a valid email address.
3. Select a role from the dropdown.
4. To add more invitees, click **+ Add another member** and repeat steps 2–3.
5. Click **Send invitation(s)**.

<Note>
  * Invitations expire after **15 days**. The user's status shows as **Inactive** until they accept.
  * Email addresses must include a valid domain (e.g., `user@example.com`). Leading/trailing spaces are not allowed.
  * Duplicate email addresses in the same invitation batch are rejected.
</Note>

### Bulk Import

Use a `.csv` or `.txt` file to add multiple users at once. Download the sample CSV from the Import page as a reference — it contains pre-defined field headers.

**File requirements:**

| Requirement         | Detail                                  |
| ------------------- | --------------------------------------- |
| Valid formats       | `.csv`, `.txt`                          |
| Required fields     | Name, email ID, user status             |
| Accepted delimiters | Comma, pipe (`\|`), semicolon, tab      |
| First row           | Must be the header row with field names |
| Valid status values | `New`, `Update`, `Delete`               |
| Invalid emails      | Skipped automatically during import     |

**Steps:**

1. Go to **Settings** > **User Management** > **Users** > **Add New User** > **Import**.
2. Click **Upload File** or drag and drop your file into the upload area.
3. Review the data preview, then click **Continue**.
4. If validation errors appear, correct the highlighted rows and re-upload.
5. Click **OK** when the import completes to see users on the dashboard.

<Note>Imported users are assigned the **Viewer** role by default. You can change this after import.</Note>

To review past imports, click **Import History** on the Import page. Each entry shows the date and time, the importing user, and a count of successful and failed records.

## Manage Users

### Search

Use the search field on the Users dashboard to find users by name. A message is shown if no match is found.

### Unlock a Locked User

1. On the Users dashboard, hover over a user with **Locked** status.
2. Click **Unlock**, then confirm.

The user's status returns to **Active**.

### Change Role

To change the role for a single user, see [Reassign a Role](/agent-platform/administration/role-management#delete-a-custom-role).

To bulk-assign the same role to multiple users:

1. Select the target users on the dashboard.
2. In the bottom action bar, open the **Role** dropdown and select the new role.

<Note>Bulk role change assigns the same role to all selected users. To assign different roles, update each user individually.</Note>

### Delete Users

<Note type="warning">
  Deleting a user revokes their access and removes their data from your account. Their personal Platform account is unaffected. To re-add them later, send a new invitation.

  You cannot delete a user who owns active tools. They must remove their tools first.
</Note>

**Single delete:** Hover over the user entry, click the **Delete** icon, and confirm.

**Bulk delete:** Select multiple users, click the **Delete** icon in the bottom action bar, then click **Remove**.

## Roles and Permissions

Role assignments determine what each user can see and do across the platform.

| Role Type        | Description                                                                           |
| ---------------- | ------------------------------------------------------------------------------------- |
| **System roles** | Pre-defined roles (Master Admin, Admin, Member, Viewer). Cannot be edited or deleted. |
| **Custom roles** | Duplicated from a system role and modified with custom module-level permissions.      |

The **Master Admin** role is assigned to the account owner by default. The **Tool Admin** role is automatically assigned to the user who creates a tool.

For detailed instructions on creating and managing roles, see [Role Management](/agent-platform/administration/role-management).

## Active Directory Sync

Active Directory (AD) sync imports user data from your organization's directory and keeps it current automatically — no email invitations or manual file imports needed. Any additions, updates, or deletions in AD are reflected on the platform.

<Note>An Active Directory professional with the necessary technical expertise should handle this configuration.</Note>

To configure AD sync, go to **Settings** > **User Management** > **Settings** > **Configure Directory** and complete the following steps in order.

### Step 1: Set Up the Connection

| Field              | Description                                    |
| ------------------ | ---------------------------------------------- |
| **Host Name**      | Hostname or IP address of the AD server        |
| **Server Port**    | Network port the AD server uses to communicate |
| **Base DN**        | Location in the directory for users and groups |
| **User ID**        | Identity used to log in to AD                  |
| **Password**       | Password used to log in to AD                  |
| **SSL** (optional) | Enable to secure communications over HTTPS     |

Click **Next**. Fix any validation errors shown before proceeding.

### Step 2: Import Organization Units

Select which organizational units (OUs) to import:

| Option                               | Behavior                             |
| ------------------------------------ | ------------------------------------ |
| **Import all organization units**    | Imports users from every OU          |
| **Do not import organization units** | Imports no users from OUs            |
| **Import only the following OUs**    | Imports users from selected OUs only |

Click **Next** to proceed.

### Step 3: User Attributes and Rules

Map AD fields to user profile fields and define which users to include or exclude from sync.

**Map user profile fields:**

1. (Optional) Enable **Import users from active directory** to fetch default field values from AD.
2. In the **User Attributes** tab, map each default profile field to the corresponding AD attribute.
3. (Optional) Add custom field mappings under **Custom Fields**:
   * Click **Add Field**.
   * Enter the custom field name and its corresponding AD field name.
   * (Optional) Use the tag icon to mark a field as the primary field.
4. Click **Next**.

<Note>A custom field can only be deleted if more than one custom field exists.</Note>

**Set inclusion and exclusion rules:**

Use these rules to control which AD users are synced.

| Rule Type           | Purpose                       | How to Configure                                                             |
| ------------------- | ----------------------------- | ---------------------------------------------------------------------------- |
| **Inclusion rules** | Define which users to sync    | Enter an LDAP filter expression in the **Rule Definition** field             |
| **Exclusion rules** | Define which users to exclude | Click **+ Add exclusion**, then set the AD/LDAP field, match type, and value |

Exclusion rule match types:

| Match Type           | Behavior                                          |
| -------------------- | ------------------------------------------------- |
| **Exact Match**      | AD field must exactly equal the specified value   |
| **Partial Match**    | AD field must partially match the specified value |
| **Multiple Matches** | AD field must match all specified values          |

Click **Next**. All mandatory fields must be filled before proceeding.

### Step 4: Schedule Auto Sync

Auto sync ensures the Platform always reflects the latest AD data. Enabling it is optional but recommended.

1. Turn on the **Enable auto-sync** toggle.
2. Set the sync schedule:

| Field              | Options                                                                |
| ------------------ | ---------------------------------------------------------------------- |
| **Sync Frequency** | Daily, Weekly (select a repeat day), Monthly (select a day), or Custom |
| **Sync Start**     | Select a future date (defaults to today)                               |
| **Time**           | Time of day for the sync (defaults to 12:00 PM)                        |

3. Click **Save**.

<Note>
  * With auto sync off, clicking **Save** only stores the configuration. Run a manual sync anytime using **Sync Now** under Configure Sync with Directory.
  * Sync must be scheduled for a future date and time.
</Note>

**After setup**, the following options appear under **Configure sync with directory**:

| Option                    | Description                                                          |
| ------------------------- | -------------------------------------------------------------------- |
| **Sync now**              | Trigger an immediate sync                                            |
| **Sync History**          | View past syncs — date, user, success/failure counts                 |
| **Manage directory sync** | Edit the existing configuration                                      |
| **Reset**                 | Clear the AD sync configuration while retaining the last synced data |
| **Sync Status**           | Summary of last sync — date, total users and OUs synced, errors      |

## User Settings

### Profile Field Visibility

Control which profile fields are visible to all users in your domain, and whether users can edit them:

* **Default fields**: Manage visibility and edit permissions for standard fields (e.g., First Name).
* **Controlled fields**: Manage visibility and edit permissions for optional fields (e.g., District).

### Default Role for New Workspace Users

Set a default role — Admin, Member, or Viewer — applied automatically to users added via invite, AD sync, or API. Select the role and click **Save**.

<Note>
  * Applies only to new users with no explicitly assigned role.
  * Does not affect existing users.
  * **Member** is the recommended default.
  * A role assigned explicitly at the time of invitation or creation overrides this default.
</Note>

### Email Notifications

Configure when users receive email notifications after being added to the account:

* When invited by an administrator
* When added or synchronized via AD sync