Add and manage users
Adding new users
Inviting via email
As a workspace Owner or Manager, you can invite via email other users to join your GitGuardian workspace.
- Navigate to Settings > Members
- Simply submit the email address of the person you want to invite. If you are under a Business plan, you will be able to specify the teams of your new invitee.
- The invited user will receive and email with an invitation link. If you have performed an SSO integration, the invitation link will redirect to your dedicated SSO login URL.
There is no limit to the number of users on your workspace.
Pointing to SSO login URL
If you have configured SSO, you can simply let the Just-In-Time provisioning do the work.
- Make sure the people you want to add to your GitGuardian workspace are part of the allowed IdP group
- Point those people to the SSO login URL dedicated to your workspace. This URL is accessible by workspace Manager in the Authentication settings section.
Manage pending invitations
Once invited, the new user appears in the "Pending" list in the Members section of your workspace. There, you can choose the role they will be attributed upon sign up.
You can delete a pending invitation, which invalidates the sent invitation link.
Roles
Each user has its own user account and can be member of one or multiple workspaces. Thus, user membership is handled at the workspace level. Each member is assigned a role that defines its privileges on the workspace at stake.
| Action | Owner | Manager | Member | Restricted |
|---|---|---|---|---|
| Can access incidents and act on them according to their incident permissions (share, assign, resolve, ignore, export) | ✅ | ✅ | ✅ | ✅, only to incidents they are given access to |
| Can create/delete API personal access tokens | ✅ | ✅ | ✅ | ✅, only with scan scope |
| Can create/delete API service accounts (Business only) | ✅ | ✅ | ❌ | ❌ |
| Can launch historical scans | ✅ | ✅ | ✅ | ❌ |
| Can add/remove/change members | ✅ | ✅ | ❌ | ❌ |
| Can join/leave/request access to teams | ✅ | ✅ | ✅ | ❌ |
| Can see workspace settings | ✅ | ✅ | ✅ | ❌ |
| Can change workspace settings (SSO, detection capabilities,...) | ✅ | ✅ | ❌ | ❌ |
| Can configure integrations (VCS and notifiers) | ✅ | ✅ | ❌ | ❌ |
| Can delete workspace | ✅ | ❌ | ❌ | ❌ |
Owner
- The Owner has unrestricted access and all rights over the entire workspace.
- Each workspace must have one and only one Owner.
- When the Owner deletes their user account, it also deletes their workspace and members.
Manager
- A Manager has the same level of access as the Owner except they cannot delete the workspace.
- A Manager can manage workspace settings and fellow members of the workspace.
- A Manage can access all the incidents.
Managers are the people responsible for managing the GitGuardian workspace. These may be security or technology managers, depending on your own organization.
Member
- A Member can view the workspace settings but cannot act on them.
- A Member can access the incidents.
- A Member can be part of teams.
Members are people in your organization (Developers, Ops, Security) that you want to collaborate to remediate incidents.
Memberships with Viewers have been migrated to role Member with Can view incident permissions on all the incidents.
Restricted
- A Restricted can only access a certain set of incidents defined by the Manager or the Member on an ad-hoc basis.
- A Restricted cannot be part of a team.
Restricted are typically people outside of your organization who you want to allow access only to very specific incidents.
Promote a Restricted to Member
When promoting a Restricted to Member role:
- They have read access to the workspace settings
- They are able to request to join teams in the workspace
Demote a Member to Restricted
When demoting a Member (or a Manager) to Restricted role:
- They are removed from all the teams they belong to
- Only incidents to which they are granted access to manually are accessible.
- All open incidents they were assigned to are unassigned
The Restricted role is only accessible to workspaces under the Business plan.
Removing members
As a workspace Owner or Manager, you can remove a member from the workspace. However, the Owner of the workspace cannot be deleted by any user.
- Navigate to Settings > Members
- To the right of the person's name, click on the bin icon.
- Confirm your action.
This person will instantly lose access to your workspace and all of its data. Personal access tokens belonging to that person will also be revoked.
[Self-hosting] Access to the Admin Area
If you are using GitGuardian in a self-hosted environment, you will have access to the Admin Area for managing your system. For additional information, please refer to the Admin Area User Management page.
Was this page helpful?
