Identity & Access Management

User Management Lifecycle

Learn how user accounts are provisioned, activated, scoped within workspaces, suspended, or permanently removed in Infralo.

Managing user access follows a structured lifecycle to ensure security, compliance, and clean role delegation. The diagram below illustrates the typical progression of a user account in the system:

    [Admin Invites User]


        ┌──────────┐
        │ Invited  │ ─── (Pending username & password setup)
        └────┬─────┘
             │ (User registers/accepts)

        ┌──────────┐
        │  Active  │ <───► [Workspace memberships assigned & synced]
        └────┬─────┘
             ├──────────────────────┬──────────────────────┐
             │ (Admin deactivates)  │ (Admin deletes)      │
             ▼                      ▼                      ▼
        ┌──────────┐          ┌──────────┐          ┌──────────────┐
        │ Disabled │          │ Deleted  │          │   SSO/OIDC   │
        └──────────┘          └──────────┘          │  Auto-Sync   │
  (Access blocked; can       (Account soft-         └──────────────┘
   be reactivated later)      deleted; sessions      (Direct Active
                              invalidated)            provisioning)

1. Provisioning & Invitation

In standard environments (basic authentication), onboarding begins with a system invitation.

Frontend Flow

  1. Navigate to the Global Dashboard > Users screen.
  2. Click Invite User.
  3. Enter the user's email, name, and choose their initial Global Role (superadmin, admin, or member).
  4. An invitation link is generated (e.g. https://infralo.yourcompany.com/register?token=...).

Backend Flow & State

  • The backend creates a user record with the status Invited and no password.
  • A secure invitation token is generated with a limited expiration window.
  • When the user navigates to the link, the backend validates the token to confirm identity before allowing registration.

2. Onboarding & Activation

To transition an account from pending to fully active, the invited user must complete their registration.

Onboarding Steps

  1. The user visits the invitation link.
  2. They are prompted to input a unique Username and set a secure Password.
  3. Upon submitting, the system hashes the password, registers the username, and marks the account status as Active.
  4. The user is redirected to the login page to start their session.

SSO / OIDC Automatic Provisioning

For organizations utilizing Single Sign-On (SSO / OIDC), this step is bypassed. Users logging in through your identity provider are auto-provisioned directly into the Active state upon their first successful login (assuming they satisfy the required claims filter). See SSO / OIDC Configuration for more information.

3. Workspace Membership & Syncing

An Active global user has access to the platform, but cannot view or interact with any workspaces unless they are explicitly assigned.

Scoping Users to Workspaces

  • Creation: When a user creates a new workspace, they are automatically designated as its Owner.
  • Syncing Members: Workspace Owners and Administrators manage membership from the Workspace > Members screen.
  • Role Assignment: From this interface, you can add any active global user to the workspace and assign them a Workspace Role (owner, admin, or member).
  • Bulk Synced: Behind the scenes, the frontend uses a sync API endpoint that evaluates the list of workspace members, adding new additions, updating modified roles, and removing omitted users in a single operation.

4. Suspension & Deactivation

If a user leaves a team temporarily or needs their access revoked immediately, administrators can disable the account.

How to Disable a User

  1. Open the Global Dashboard > Users list.
  2. Select the target user and click Disable.

UI and API Behavior

  • State Transition: The user's status transitions to Disabled in the management console.
  • Session Invalidation: The backend immediately invalidates all active sessions (both access and refresh tokens) for that user.
  • Access Denied: Any further requests by that user—including active UI sessions and API calls authenticated with their credentials—will be rejected with a 403 Forbidden error.
  • Reactivation: The administrator can click Activate on the user's profile at any time to restore their Active status and allow them to log in again.

5. Deletion & Cleanup

When a user permanently leaves the organization, their account should be deleted.

Safety Constraints

To prevent accidental lockouts and orphaned resources, the system enforces three safety rules:

  • No Self-Deletion: Users cannot delete their own active accounts.
  • Superadmin Downgrade: Superadmin accounts cannot be deleted directly. To delete a Superadmin, they must first be downgraded to an Admin or Member role by another Superadmin.
  • Owner Protection: If a user is the Owner of a workspace, they cannot be deleted or removed from that workspace until ownership is transferred to another workspace member.

Deletion Behavior

  • Soft Deletion: When an administrator deletes a user, the system marks the user record as deleted using a timestamp.
  • Session Termination: All current login sessions are terminated, and user caches are cleared.
  • Workspace Clean Up: The user is immediately removed from all workspace registries and can no longer be searched or assigned to resources.

IAM Overview

Securely manage system access, establish hierarchical boundaries, and provision scoped memberships across Infralo.

Roles & Permissions

Master reference of Infralo's Role-Based Access Control (RBAC) model, including global roles, workspace roles, and granular permission definitions.

On this page

1. Provisioning & InvitationFrontend FlowBackend Flow & State2. Onboarding & ActivationOnboarding Steps3. Workspace Membership & SyncingScoping Users to Workspaces4. Suspension & DeactivationHow to Disable a UserUI and API Behavior5. Deletion & CleanupSafety ConstraintsDeletion Behavior