• Documentation
    • Search documentation
    karat

    +

    K

    API Reference ↗
    Management & enablementAuthenticationSelf-service user directoryManage users within your enrollment

    Manage users within your enrollment

    Beta

    Palantir’s self-service passwordless identity provider is in a beta state and may not be available on all enrollments. It is currently available for new enrollments configured for AIP Now and AIP Bootcamps as of Summer 2024.

    In most cases, your enrollment administrator will integrate your organization's existing identity provider with the Palantir platform so you can log in with the same credentials you use across other internal systems.

    This page provides detailed guidance on how to access and manage user accounts within your enrollment when using Palantir's self-service user directory. The following instructions describe how to add new users, enable or disable existing accounts, and reset user accounts.

    Access user management

    To begin managing users within your enrollment, you will need to be an enrollment administrator or an authentication administrator. If you do not have one of these permissions, an existing enrollment administrator can grant you the relevant role. Review Grant user permission to manage users of the enrollment for more information.

    To navigate to the Manage Users page, follow these instructions:

    1. Navigate to Control Panel > Authentication > Providers.
    2. Use the Actions dropdown menu to select Manage Users.
    View of Manage Users option in Authentication within Control Panel.

    Add a new user

    1. Navigate to the Manage Users page. Review Access user management.
    User directory on Authentication page within Control Panel.
    1. Select Add new user. From here, you can fill out the prospective user’s name and email address and send them an invitation to join the enrollment.
    The add new user option. Add new user dialog.
    1. The new user will receive an email to complete their user account registration and configure a passkey. Review Authentication documentation.

    Reset user accounts

    If a user is locked out of their account or needs their account reset for any other reason, an administrator will need to reset the user’s passkey. Upon reset, the user’s existing passkeys will become invalid and they will receive an account recovery email with a login link and a request register a new passkey. The one-time password in the email expires in four days if not used, but can be re-sent if required.

    To reset a user account:

    1. Navigate to the Manage Users page. Review Access user management.
    2. Select the user to be reset.
    3. Use the Reset passkey option located in the User details pane.
    User directories user details pane
    1. Review the information in the pop up window and select Reset.

    Disable user access

    To revoke access from a user, an administrator can disable the account. The user will no longer be able to register, login, or have their account reset until the user is re-enabled.

    To disable the user account:

    1. Navigate to the Manage Users page. Review Access user management.
    2. Select the user to be disabled.
    3. Use the Disable option located in the User details pane.
    User directories user details pane.
    1. Review the information in the pop up window and confirm by selecting Disable.
    User directories disable user dialog.

    Re-enable user access

    For a disabled user to regain access to the platform, an administrator will need to enable their account. Once enabled, the user’s account is reset and they will be able to register and login.

    To enable a user:

    1. Navigate to the Manage Users page. Review Access user management.
    2. Select the user to be enabled.
    3. Select the Enable option in the User details pane.
    User directories user details pane.
    1. Review the information in the pop up window and confirm by selecting Enable.
    User directories enable user dialog.

    Delete a user

    To permanently revoke access from a user, you should delete the user.

    This action cannot be undone and the user will no longer have any access to the platform. Any resources the user owns should be shared or ownership transferred before deleting the user.

    To delete the user account:

    1. Navigate to the Manage Users page. Review Access user management.
    2. Select the user to be deleted.
    3. Select the Delete option in the User details pane.
    User directories user details pane.
    1. Review the information in the pop up window and confirm by selecting Delete.
    User directories delete user dialog.

    Grant user permission to manage users of the enrollment

    To give other users the ability to manage users within your enrollment, you will need to grant these users either the enrollment administrator and/or authentication administrator role. For more information on enrollment permissions review Levels of permissions.

    User directories user details pane.