Identity management

Reading time: 0 minute(s) (0 words)

Every user and API key in a Nobl9 organization is considered an actor and must be assigned an organization role.

• Users: You can set a default organization role that will be assigned automatically to all new users in your organization
• API keys: No default role is automatically assigned. Assign an organization role to a newly created API key on its details page

Viewing the list of organization users is available to any organization and project role. API keys are visible to organization admins only.

To access the list of API keys or users, go to Settings > API keys / Users.

User management

You can search users or API keys by the following:

• Users
  • Email
  • First and last name
  • User ID
    Search results appear only upon entering the full ID. Otherwise, no results are returned
• API keys—by any column value

Additionally, you can filter the user list by:

• Status
• Organization roles
• Project roles

Actor statuses

Users in a Nobl9 organization can have one of the following three statuses:

• Active
  A user activated their Nobl9 account, accepted the invitation, and set their password. They can use Nobl9 according to the roles and permissions assigned to them.
• Provisioned
  A user was invited to your Nobl9 organization, but didn't accept the invitation yet. To gain access to Nobl9, according to their role, they must activate their account—set a password, and select a security question and picture.
• Deactivated
  A user is deactivated by the Organization admin.

API keys can have the following statuses:

• Active / Inactive
  The switcher in the active state indicates that the API key is operating. When the switcher is in the inactive state, the API key is deactivated and can be activated back to resume operation.

Additionally, the Expired status indicates that a default validity period is requested and configured for any access keys in the organization. To enforce regular key rotation, you can request such an expiry period by contacting Nobl9 Support. The same expiry period applies to user and API keys created after its enablement in the organization. Expired keys aren't available for reactivation, they can only be replaced.

Basic actions

The actions you can perform depend on your assigned organization role. For instance, an Organization admin has full permissions to manage all users, API keys, and their access.

Setting a default organization role

Not available for API keys

A default organization role is applied to users only. Newly created API keys have no organization role—it must be assigned individually for every API key.

By default, new users in Nobl9 are assigned with the Organization user role. However, the Organization admin can set any other role as default in their organization.

To set a default organization role, click Set default role above the user list. Then, select the required role and click Save.
↪ Result: The role you set is assigned to all new users in the organization at their first login to Nobl9. This doesn't impact already assigned user roles.

Any project role allows the assigned users to view all resources this project holds.

Creating a user

1. Click Create user above the list of users.
2. Fill in the user's information, considering every user must be assigned at least an organization role.
   ↪ Result: An invitation to join Nobl9 is automatically sent to the user. The status of the invited user is set to Provisioned. Once they accept the invitation, their status changes to Active. The organization role you assigned to them is applied upon their first login.

Invitation link expiry

The invitation link is valid for 30 days.

Learn how to create an API key.

Deleting or editing an actor

1. Hover the cursor over the required user or API key row in the list. Click to the right.
2. Click Delete to confirm.
   ↪ Result: The user or API key is permanently removed from the organization with access to the Nobl9 Web application, sloctl, and API revoked.

Delete a user

You can edit API key's display name and description. For this, hover over an API key row and click .

Viewing actor details

Click the required user or API key to manage roles and permissions granted to them. On the details page, you can find the following details:

Actor	Details
User	• Email • User ID • Status • Last activity date and time • Organization roles
API key	• Description • Client ID • Status • Creation date and time • Validity period • Organization role

User details page

User role origin

The Role origin column under the Projects & roles tab on the user details indicates where the role comes from.

The source of the Nobl9 project roles is your Nobl9 organization.

The Nobl9

Enterprise

Edition allows you to connect a third-party identity provider (IdP) to manage user groups.

User activity is logged from February 11, 2025, 12:00 UTC onwards. The following roles are applied:

User created	Login since Feb 11, 2025, 12:00	Displayed value
Before Feb 11, 2025	No	(No date and time)
After Feb 11, 2025	No	Last active: Never
After Feb 11, 2025	Yes	Last active: date and time

Go to the Projects & roles and Organization roles tabs to handle the user's or API key's access to the required scope.

Permission Management

Organization admins can manage project-level access for all projects. Project owners can manage access to their own projects.

Useful links

Check out these related guides and references:

Organization role referenceAccess managementProject role referenceAccess managementRBAC groupsAccess managementRole binding YAML guideAccess managementAPI keysAccess managementUser access keysAccess managementHandling role binding with the Nobl9 Terraform providerNobl9 Terraform documentation