Login
Contents x
User management
  • 11 Sep 2023
  • 2 Minutes to read
  • Dark
    Light
Contents

User management

  • Updated on 11 Sep 2023
  • 2 Minutes to read
  • Dark
    Light
Article Summary

Users are granted access to platform components and actions based on their assigned roles. This is commonly known as role-based access control (RBAC). Torq provides several preconfigured roles: viewer, operator, creator, contributor, and owner.

Torq RBAC supports flexible claim-based access control where access can be managed as a policy. Some common accesses controls include read/write/execute permissions for secrets, integrations, events, workflows, and so on.

For management purposes, Torq exposes high-level roles that users/groups are assigned to, which correspond to typical organizational roles.

RBAC is unique to each Torq workspace. This means that if a user exists on multiple workspaces, their assigned role is defined per workspace.

To manage users and roles, go to Settings > Users.

💡 TIP
You can add custom roles to your workspace. Contact Torq support for more information.

Invite users

This article explains adding users to Torq directly from the platform by sending individual invites.

There are additional ways to add users:

When adding users from the platform, you send an invite to individual users. There is no option to send bulk invites. Only users with the Owner role can invite new users.

  1. Go to Settings > Users and click Invite.
  2. Enter the valid email address of the user you want to invite.
  3. Select a Torq role to assign the user to.
🗒️ Required permissions

Users with the Owner role can invite other users to Torq.

Delete users

  1. Go to Settings > Users.
  2. Locate the user you want to remove.
  3. Click the three-dot buttons and select Delete.
🗒️ NOTE
Users with the Owner role can delete users from Torq.


SSO

Enterprise Single Sign-On (SSO) enables you to integrate with your enterprise Identity Provider (IdP) to Torq and apply Torq roles to your users and groups as defined in the IdP.

After connecting Torq to the enterprise IdP, all IdP-authenticated users, belonging to specific groups, will be able to sign in to Torq.

Torq supports OpenID Connect with both code flow and implicit grant type for performing single sign-on with enterprise IdPs including but not limited to:

⚠️ IMPORTANT
Users that receive an email invite before SSO is implemented will still be able to log in without SSO. To prevent this, go to the invited users list and remove/delete the users, just leaving the SSO settings. You should maintain 1-2 non-SSO accounts in case your SSO provider is unavailable.

Supported SSO methods and protocols

Torq supports the following SSO protocols.

  • Open ID connect
  • SAML 2.0

You can configure SSO using the following account types.

  • Google account
  • GitHub account
  • Local user/password account

Important to know

Torq assumes that the SSO domain (identifier of an organization) is identical to the email domain of the workspace owner that's configuring SSO. For example, the administrator identified by admin@mycompany.com can configure SSO for the domain mycompany.com. If you want to configure single sign-on for a different domain, please open a ticket for Torq Support.

Was this article helpful?
What's Next
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout