- 11 Sep 2023
- 2 Minutes to read
- DarkLight
User management
- Updated on 11 Sep 2023
- 2 Minutes to read
- DarkLight
Users are granted access to platform components and actions based on their assigned roles. This is commonly known as role-based access control (RBAC). Torq provides several preconfigured roles: viewer, operator, creator, contributor, and owner.
Torq RBAC supports flexible claim-based access control where access can be managed as a policy. Some common accesses controls include read/write/execute permissions for secrets, integrations, events, workflows, and so on.
For management purposes, Torq exposes high-level roles that users/groups are assigned to, which correspond to typical organizational roles.
RBAC is unique to each Torq workspace. This means that if a user exists on multiple workspaces, their assigned role is defined per workspace.
To manage users and roles, go to Settings > Users.
Invite users
This article explains adding users to Torq directly from the platform by sending individual invites.
There are additional ways to add users:
When adding users from the platform, you send an invite to individual users. There is no option to send bulk invites. Only users with the Owner role can invite new users.
- Go to Settings > Users and click Invite.
- Enter the valid email address of the user you want to invite.
- Select a Torq role to assign the user to.
Users with the Owner
role can invite other users to Torq.
Delete users
- Go to Settings > Users.
- Locate the user you want to remove.
- Click the three-dot buttons and select Delete.
Owner
role can delete users from Torq.SSO
Enterprise Single Sign-On (SSO) enables you to integrate with your enterprise Identity Provider (IdP) to Torq and apply Torq roles to your users and groups as defined in the IdP.
After connecting Torq to the enterprise IdP, all IdP-authenticated users, belonging to specific groups, will be able to sign in to Torq.
Torq supports OpenID Connect with both code flow and implicit grant type for performing single sign-on with enterprise IdPs including but not limited to:
- Microsoft Azure Active Directory
- Okta (SAML 2.0 / OpenID)
- OneLogin (SAML 2.0 / OpenID)
Supported SSO methods and protocols
Torq supports the following SSO protocols.
- Open ID connect
- SAML 2.0
You can configure SSO using the following account types.
- Google account
- GitHub account
- Local user/password account
Important to know
Torq assumes that the SSO domain (identifier of an organization) is identical to the email domain of the workspace owner that's configuring SSO. For example, the administrator identified by admin@mycompany.com can configure SSO for the domain mycompany.com. If you want to configure single sign-on for a different domain, please open a ticket for Torq Support.