Imported from docs/user-guides/admin-platform/user-management.md in cloud-factory. Last synced: 2026-03-15
User Management
This guide covers managing your internal team members, roles, permissions, and security settings within the Admin Platform. Team management is accessed through the Settings area.
Accessing Team Management
- Click Settings in the sidebar.
- Select the Team Members tab.
Viewing Team Members
The team members list shows all users who have access to the Admin Platform. Each row displays:
- Name -- Full name of the team member
- Email -- Login email address
- Role -- Assigned RBAC role
- Status -- Active or Invited (pending acceptance)
- Last Active -- Date of most recent login
How to Invite a New Team Member
- Navigate to Settings > Team Members.
- Click the Invite Member button.
- Enter the team member's email address.
- Select a role from the dropdown (see roles table below).
- Click Send Invitation.
- The invitee will receive an email with a link to set up their account.
Note: Invitations expire after 48 hours. If an invitation expires, you can resend it from the team members list by clicking the options menu next to the pending member.
RBAC Roles
Role-Based Access Control (RBAC) ensures team members only see and do what their responsibilities require.
| Role | Dashboard | Products | Orders | Billing | Support | Settings | Monitoring | Audit Log |
|---|---|---|---|---|---|---|---|---|
| Admin | Full | Full | Full | Full | Full | Full | Full | Full |
| Manager | Full | Full | Full | View | Full | Limited | Full | View |
| Support | View | View | View | View | Full | None | View | None |
| Billing | View | View | View | Full | View | None | View | None |
Role Descriptions
- Admin -- Complete platform access. Can manage team members, configure settings, and perform all operations. Assign this role only to senior operators and system administrators.
- Manager -- Broad operational access for day-to-day management. Can manage products, orders, and support but cannot change platform-wide settings like branding or security policies.
- Support -- Focused on customer support. Full access to the support ticket system with read-only access to orders and billing for context when resolving issues.
- Billing -- Focused on financial operations. Full access to invoices, payments, and usage data with read-only access to other areas for reference.
How to Change a Team Member's Role
- Navigate to Settings > Team Members.
- Find the team member in the list.
- Click the options menu (three dots) on their row.
- Select Change Role.
- Choose the new role from the dropdown.
- Click Save.
The role change takes effect immediately. The team member may need to refresh their browser to see updated navigation options.
How to Remove a Team Member
- Navigate to Settings > Team Members.
- Click the options menu on the team member's row.
- Select Remove Member.
- Confirm the removal in the dialog.
Removed members immediately lose access. Their past actions remain recorded in the Audit Log.
Security Settings
Two-Factor Authentication (2FA)
Enabling 2FA adds a second verification step at login using a time-based one-time password (TOTP).
How to enable 2FA for your account:
- Navigate to Settings > Security.
- Click Enable Two-Factor Authentication.
- Scan the QR code with your authenticator app (Google Authenticator, Authy, or any TOTP-compatible app).
- Enter the 6-digit code from your authenticator app to verify.
- Save the backup codes in a secure location. These are your recovery method if you lose access to your authenticator.
Recommendation: All Admin and Manager role users should enable 2FA.
Password Changes
- Navigate to Settings > Security.
- Click Change Password.
- Enter your current password.
- Enter and confirm your new password.
- Click Update Password.
Password requirements:
- Minimum 12 characters
- At least one uppercase letter, one lowercase letter, and one number
- Cannot reuse your last 5 passwords
Active Sessions
The Security settings page shows your active sessions across devices. You can terminate any session you do not recognize.
API Keys
API keys allow external systems to interact with the Cloud Factory API on behalf of your organization.
How to Create an API Key
- Navigate to Settings > API Keys.
- Click Create API Key.
- Enter a descriptive name (e.g., "Monitoring Integration" or "Billing Export Script").
- Select the permission scope for the key.
- Click Generate.
- Copy the key immediately. It will not be shown again.
Managing API Keys
The API Keys list shows all active keys with:
- Name -- Descriptive label you assigned
- Created -- When the key was generated
- Last Used -- Most recent API call using this key
- Status -- Active or Revoked
To revoke a key, click the options menu and select Revoke. Revoked keys stop working immediately.
Security: Treat API keys like passwords. Never share them in emails, chat messages, or code repositories.
Related Guides
- Getting Started -- Platform overview and navigation
- Settings -- Full settings reference
- Reporting & Dashboard -- Audit log for tracking team activity