User Management

Grant users access to CloudQuery Platform through the user management interface, or externally using a single sign-on identity provider.

You can grant users access at the Platform level and at the Workspace level.

At the moment, only one Workspace called default is supported. All users should be added to that Workspace.

Adding a single sign-on user

If you have configured the single sign-on integration, all configured users can log in and receive the assigned roles to the default Workspace automatically.

Adding a non-SSO user to CloudQuery Platform

To add a user, you need to have the Admin:Write role on the Platform.

Click your profile badge in the left bottom corner and select Organization settings from the popup menu.

Switch to the Users tab.

Users tab in Organization settings

Click the Add user button.

Specify the name, email, and password.

Add user form with fields for name, email, password, and role selection including workspace and data access roles

For roles, select either a built-in Workspace Role, or check the Limit data access and select a Data Access Role.

Make sure the user is Enabled and click Save.

The platform adds the user to the default Workspace with General:Read role. To change it, head to Changing non-SSO user’s Workspace role.

Changing non-SSO user’s Workspace role

In the users administration page, scroll to the right and click the kebab menu button (the three dots). Select Edit.

Select new roles for the user in the popup.

Programmatic access

Users can be provisioned and managed via the Platform API, which is useful for automated onboarding workflows. See the Platform API Reference (users and admin sections) for endpoint details.

Next Steps

Workspace Roles Overview - Understand roles and permissions
Limiting Access to Data - Restrict data access for teams
Multi-Factor Authentication - Enable MFA for users
Single Sign-On - Configure SSO for automated provisioning

Was this page helpful?

Last updated on April 7, 2026