Platform

Users

Manage organization members and access.

Overview

User management in Admin Center covers organization member lifecycle: invitations, activation, team assignment, role binding, and deprovisioning. Accurate user records underpin RBAC enforcement, audit attribution, and remediation approval non-repudiation.

Enterprise deployments typically integrate corporate identity through SSO while using Console invitations for contractors, partners, or pre-SSO onboarding. Both paths must align with your access provisioning and offboarding runbooks.

User records are organization-scoped. Members see only projects, runs, and resources permitted by their team membership and assigned roles.

Who should read this

  • Organization administrators and IT identity teams managing Console access provisioning.

Prerequisites

  • Admin Center Directory permission to manage users
  • Corporate email domain verification or SSO configuration for enterprise tenants
  • Documented onboarding checklist including team and role assignment standards

When to use this workflow

  • Onboarding new team members to Zof terminology and workflows
  • Authoring internal runbooks aligned with Console labels
  • Designing CI/CD or webhook integrations against documented behavior

Step-by-step procedure

Plan access before invitation

Identify the user's team ownership, required Console areas, and approver responsibilities.

Select appropriate roles following least-privilege principles, avoid default administrator assignment.

Confirm the user's corporate email or approved alternate identity for tenant association.

Send invitation or verify SSO provisioning

Open Admin Center → Directory → Users and invite the member by email.

For SSO-enabled tenants, verify just-in-time provisioning creates records on first sign-in if applicable.

Track pending invitations and resend or revoke stale invites per security policy.

Assign teams and roles

Add the user to teams reflecting their operational ownership of applications and projects.

Bind roles granting access to required Console areas, Operate, Quality, Automation, Governance, Platform.

Verify the user can access intended destinations after sign-in without excessive permissions.

Complete onboarding verification

Confirm the user completes MFA enrollment if required by identity policy.

Direct new members to Getting Started documentation and persona-appropriate Console tour material.

Validate audit logs capture invitation acceptance and role assignment events.

Manage lifecycle changes

Update team and role assignments when users change function or organizational unit.

Transfer ownership of projects and applications before removing users from owning teams.

Document access changes in change tickets where regulated environments require evidence.

Deprovision promptly on departure

Remove or deactivate users immediately upon termination or contract end.

Revoke API keys and integration tokens owned by departing users.

Verify audit logs reflect deprovisioning actions for compliance records.

Key concepts

Organization scope
All Zof Console and API operations are isolated to your authenticated tenant.
Governed execution
Agent output and remediation follow policy packs with human approval when configured.

Best practices

  • Automate offboarding checks against HR termination feeds where integration is available.
  • Prohibit shared user accounts, audit trails require identifiable individuals.
  • Review dormant accounts quarterly and deactivate unused memberships.
  • Use group or team-based role assignment patterns to reduce individual configuration drift.
  • Include Console access in standard employee onboarding and exit checklists.

Common issues

Invitation not received
Verify email address, corporate spam filters, and domain verification status. Resend invitation or confirm SSO provisioning path.
User lands in wrong organization tenant
Multi-tenant users must select correct organization context at sign-in. Verify domain auto-assignment rules with your administrator.
SSO user missing expected permissions
SSO provisioning may create users without team or role bindings. Complete directory assignment after first sign-in.

Was this page helpful?

01Zof Console

Isang surface para sa posture, operasyon, at kung ano ang kailangang asikasuhin susunod.

Ang authenticated na home na binubuksan araw-araw ng mga team ng engineering, QA, at SRE: quality posture, mga in-flight na run, coverage ayon sa module, at kung ano ang dapat asikasuhin susunod.

OPERATIONAL KPIs

  • Mga Run
  • Coverage
  • Panganib

Live sa bawat environment na sini-ship mo.

WORK SPINE

  • Specs
  • Tests
  • Schedules

Mula sa specification hanggang scheduled regression.

GUARDRAILS

  • RBAC
  • SSO
  • audit

Bawat aksyon ay maiuugnay sa pinangalanang tao.

LIVE/console
Zof AI home command center na nagpapakita ng 12 run sa 94% pass, 3 bukas na kritikal na isyu, 84% coverage, apat na module traceability bar, ang specification pipeline, mga paparating na iskedyul, at mga inirerekomendang susunod na aksyon na may active-runs sidebar.
Home view · Checkout Service · Staging · captured live from the product.
  • 01 · RUNS · 24H

    94% pass

    12 runs across staging

  • 02 · COVERAGE

    84%

    Across four modules

  • 03 · ACTIVE RUNS

    3 running

    Live on this branch

  • 04 · NEXT ACTIONS

    Recommended

    Triage gaps, new spec

Users | Zof AI Documentation