Guides

Users

Users are the representation of the human individuals accessing your application.

Suggest Edits

Users can have different levels of access and permissions within the application, depending on their roles and permissions. They are isolated per tenant and must always be associated with a specific IDP. Therefore, user attributes that require uniqueness, such as an email address, are required to be unique within the combination of a tenant and an IDP.


Onboarding Users

Wristband offers multiple methods to onboard users efficiently, ensuring a seamless experience.

Signup

Users can create their own accounts by providing necessary information on your application's signup page. Users can also be allowed to self-signup directly into a specific tenant if this option is enabled.

To learn more about the signup process, refer to the Signup Workflow documentation.

New User Invitation

Existing users or administrators can invite new users to join your application. Invited users receive a link to complete the onboarding process. The minimum requirement for sending an invitation is the email address of the user being invited.

For detailed information on inviting new users, refer to the New User Invitation Workflow documentation.

Manual Provisioning / Existing User Invitation

Administrators can manually create user accounts from the Wristband dashboard. This method includes sending invitations to provisioned users, guiding them through the onboarding process.

To manually provision users, refer to the Users Page documentation.

For details on inviting existing users, refer to the Existing User Invitation Workflow documentation.

Just In Time (JIT) Provisioning

JIT Provisioning dynamically creates user accounts during Enterprise Single Sign-On (SSO) login into your application. Enable JIT Provisioning for any Enterprise External Identity Providers through the Wristband dashboard to streamline this process.

For more information on JIT Provisioning, refer to the JIT Provisioning documentation.

Programmatic API Requests

Automate user onboarding by making programmatic API requests. This method is ideal for integrating onboarding into custom workflows, allowing efficient and scalable user provisioning through automated interactions.

To create users via the API, refer to the Wristband Create User API.


Managing Users in Wristband

You can manage the full user lifecycle in the Wristband dashboard, from adding users to controlling their permissions, ensuring a secure, efficient experience for your B2B SaaS customers.

Adding Users

  • Manually Adding Users: Navigate to the "Users" section within the Tenant Settings for your desired tenant. Click the "Add User" button. Enter the required information, including email address, full name, and any relevant metadata.
  • Inviting Users: Use the "New User Invitations" section to send email invitations to new users. Enter the user's email address and select any initial roles to be assigned. Wristband will send an email invitation allowing users to complete their registration and begin using the application. For a more detailed walkthrough of user onboarding, refer to the User Onboarding documentation.

User Schema

The User Schema section defines the required data fields that must be provided during user registration, tailoring the registration experience to your specific needs.

  • Enable Tenant Override: Toggle this switch to enable overrides for the user schema at the tenant level. This allows you to customize user schema settings for this specific tenant.
  • Required Fields: Select the required data fields (e.g., email, birthday, full name, username) that should be collected during user registration. Any fields marked as "required" will be mandatory during user registration.

Editing User Profiles

  • View User Profiles: Navigate to the "Users" section within the Tenant Settings for your desired tenant. You can view a list of all users associated with that tenant.
  • Edit User Profiles: Click on a specific user's name or email address to access their profile. Update their details, such as name, email address, or other relevant information.

Adding User Metadata

  • Add Metadata: You can add additional metadata fields to user profiles by accessing the "User Schema" section within the Tenant Settings.
  • Customize Metadata: Create new metadata fields to collect specific user information relevant to your application's functionality.
  • Control Visibility: Configure which metadata fields are visible to users, administrators, or both.

Changing Email

  • Update Email: Users can change their email address within the application. You can configure the email verification workflow for this process using the "Email Policies" section within the Tenant Settings.

Assigning Roles

Wristband's robust role-based access control (RBAC) system allows you to granularly manage user permissions, ensuring that users only have access to the resources and functionalities they need.

  • Roles: Create and edit roles in the "Authorization" section within the Tenant Settings. Roles define the specific permissions granted to users and OAuth2 clients.
  • Assign Roles: Assign roles to users directly, or configure automatic role assignment policies. For detailed information on RBAC and role assignment, refer to the RBAC documentation.

Deactivating Users

  • User Status: You can manage user status within the "Users" section.
  • Deactivating Users: Deactivate a user to temporarily disable their access to the application. This can be useful for inactive employees or users who should no longer have access.
  • Reactivating Users: You can reactivate deactivated users from the "Users" section.

Refreshing Tokens

  • Token Refresh: Wristband handles token refresh automatically. Ensure the necessary settings and policies are in place to manage token refresh intervals, expiration dates, and security best practices.

User Statuses

The following is a list of all possible statuses your application users can have in Wristband:

User StatusDescriptionAllowed Actions
ACTIVEThe user has been activated and is allowed to authenticate with the application successfully.The user can go through all Wristband workflows except for the New User Invitation and Signup workflows.
INACTIVEThe user has been deactivated and can no longer authenticate with the application.The user can be re-activated either by sending them an Existing User Invitation or by manually activating them.
PENDING_INVITE_ACTIVATIONThe user was provisioned through the New User Invite Workflow and is in the activation process but has not yet clicked the link in the activation email.The user can go through the User Activation Workflow. Application admins can manually trigger an activation email to be sent to the user or directly activate the user without requiring them to complete the User Activation Workflow. The user cannot go through any other workflows aside from the User Activation Flow.
PENDING_SIGNUP_ACTIVATIONThe user was provisioned through the Signup Workflow and is in the activation process but has not yet clicked the link in the activation email.The user can go through the User Activation Workflow. Admins can manually trigger an activation email to be sent to the user or directly activate the user without requiring them to complete the activation flow. The user cannot go through any other workflows aside from the User Activation Flow.
PROVISIONEDThe user has been provisioned but cannot authenticate successfully yet. This is typically the initial state if the user is manually created by an admin.The user can be activated by sending them an Existing User Invitation or directly activated by an admin.

🚧

Inactive Applications and Tenants

Even if a user has an ACTIVE status, they will not be able to authenticate with the application if their associated tenant has an INACTIVE status or if the application itself is marked as INACTIVE.


User Status State Machine

The following illustrates the possible transitions between different states for a user.

User Lifecycle State Machine

Updated about 1 month ago