Skip to main content

Manage users

Manage via Logto Console

Browse and search users

To access the user management functionality in the Logto Console, navigate to Console > User management. Once there, you will see a table view of all the users.

The table consists of three columns:

  • User: It displays information about the user, such as their avatar, full name, username, phone number, and email
  • From application: It displays the name of the application that the user initially registered with
  • Latest sign-in: It displays the timestamp of the user's most recent sign-in.

It supports keyword mapping for name, id, username, primary-phone, primary-email.

Add users

Using the Console, developers can create new accounts for end-users. To do so, click on the "Add user" button in the screen's upper right corner.

After the new user has been created, you can copy their entered identifiers (email address / phone number / username) and initial password to send to them. This will allow them to log in to the system and start using it.

The initial password will only appear one time, but you can reset the password later.

View and update the user profile

To view the details of a user, simply click on the corresponding row in the user table. This will take you to the "User Details" page where you can find the user's profile information, including:

  • Authentication-related data: email address, phone number, username, has password, social connections, enterprise SSO connections, multi-factor authentication, and personal access token.
  • User profile data: name, avatar URL, custom data, and additional OpenID Connect standard claims that are not included.

The "Social connections" section displays a list of social connectors that the user has linked to their account. For example, if the user has signed in using their Facebook account, you will see a "Facebook" item in the list. You can refer to the social identities documentation for more information.

Please note that while the full name, avatar image URL, and custom data can be edited, the social connections can be removed, and the other properties are read-only.

warning:

It is important to confirm that the user has an alternative sign-in method before removing a social connection, such as another social connection, phone number, email, or username-with-password. If the user does not have any other sign-in method, they will not be able to access their account again once the social connection is removed.

View user activities

To view the recent activities of a user, navigate to the "User logs" sub-tab on the "User details" page. Here, you can find a table that displays the user's recent activities, including the action performed, the result of the action, the related application, and the time that the user acted.

Click the table row to see more details in the user log, e.g., IP address, user agent, raw data, etc.

Suspend user

On the "User details" page, click "Three dots" -> "Suspend user" button.

Once a user is suspended, the user will be unable to sign in to your app and won't be able to obtain a new access token after the current one expires. Additionally, any API requests made by this user will fail.

If you want to reactive this user, you can do so by clicking "Three dots" -> "Reactivate user" button.

Delete user

On the "User details" page, click "Three dots" -> "Delete" button. Delete user can not be undo.

Reset user password

On the "User details" page, click "Three dots" -> "Reset password" button.

After you reset the password, copy and send it to the end-user. Once the "Reset password" modal is closed, you can no longer view the password. If you forget to keep it, you can reset it again.

Manage roles of users

In the "Roles" tab of the user details page, you can easily assign or remove roles to meet your desired outcome. Check Role-based access control for details.

View the organizations the user belongs to

Logto supports organizations and can manage their members. You can easily view user details and see which organization they belong to.

Manage via Logto Management API

Management API is a collection of APIs that provide access to the Logto backend service. As previously mentioned, the user API is a critical component of this service and can support a wide range of scenarios.

The user-related RESTful APIs are mounted at /api/users except for the user activities, i.e., user logs /api/logs?userId=:userId.

You can manage users through the Management API in several use cases. Such as advanced user search, bulk creation accounts, invitation-only sign-up, etc.

FAQs

How to restrict access to certain applications for specific users?

Due to Logto's Omni-sign-in nature, it's not designed to restrict user access to certain applications before authentication. However, you can still design application specific user roles and permissions to protect your API resources, and validate permissions on API access upon successful user sign-in. Refer to Authorization: Role-based access control for more information.