• Documentation
    • Search documentation
    karat

    +

    K

    API Reference ↗
    Management & enablementAuthenticationSelf-service user directoryManage users within your enrollment

    Manage users within your enrollment

    Palantir’s self-service passwordless identity provider is currently only available for new commercial and developer tier enrollments and AIP bootcamps.

    In most cases, your enrollment administrator will integrate your organization's existing identity provider with the Palantir platform so you can log in with the same credentials you use across other internal systems.

    This page provides detailed guidance on how to access and manage user accounts within your enrollment when using Palantir's self-service user directory. The following instructions describe how to add new users, enable or disable existing accounts, and reset user accounts.

    Access user management

    To begin managing users within your enrollment, you must be an enrollment administrator or an authentication administrator. If you do not have one of these permissions, an existing enrollment administrator can grant you the relevant role. Review the documentation on granting user permission to manage users of the enrollment for more information.

    To access the User directory page, navigate to Control Panel > User directory.

    View of User directory option within Control Panel.

    Add a new user

    1. Navigate to the User directory page. Review the access user management documentation.
    User directory within Control Panel.
    1. Select Add new user. From here, you can fill out the prospective user’s name and email address and send them an invitation to join the enrollment.
    The add new user option. Add new user dialog.
    1. The new user will receive an email to complete their user account registration and configure a passkey. Review the authentication documentation for more information.

    Reset user accounts

    If a user is locked out of their account or needs their account reset for any other reason, an administrator will need to reset the user’s passkey. Upon reset, the user’s existing passkeys will become invalid and they will receive an account recovery email with a login link and a request register a new passkey. The one-time password in the email expires in four days if not used, but can be re-sent if required.

    To reset a user account, follow the steps below:

    1. Navigate to the User directory page. Review the access user management documentation](/docs/foundry/authentication/./user-directory/#access-user-management).
    2. Select the user to be reset.
    3. Use the Reset passkey option located in the User details pane.
    User directories user details pane
    1. Review the information in the pop-up window and select Reset.

    Disable user access

    To revoke access from a user, an administrator can disable the account. The user will no longer be able to register, login, or have their account reset until the user is re-enabled.

    To disable the user account, follow the steps below:

    1. Navigate to the User directory page. Review the access user management documentation.
    2. Select the user to be disabled.
    3. Use the Disable option located in the User details pane.
    User directories user details pane.
    1. Review the information in the pop-up window and confirm by selecting Disable.
    User directories disable user dialog.

    Re-enable user access

    For a disabled user to regain access to the platform, an administrator will need to enable their account. Once enabled, the user’s account is reset and they will be able to register and login.

    To enable a user, follow the steps below:

    1. Navigate to the User directory page. Review the access user management documentation.
    2. Select the user to be enabled.
    3. Select the Enable option in the User details pane.
    User directories user details pane.
    1. Review the information in the pop-up window and confirm by selecting Enable.
    User directories enable user dialog.

    Delete a user

    To permanently revoke access from a user, you should delete the user.

    This action cannot be undone, and the user will no longer have any access to the platform. Any resources the user owns should be shared or ownership transferred before deleting the user.

    To delete the user account, follow the steps below:

    1. Navigate to the User directory page. Review the access user management documentation.
    2. Select the user to be deleted.
    3. Select the Delete option in the User details pane.
    User directories user details pane.
    1. Review the information in the pop-up window and confirm by selecting Delete.
    User directories delete user dialog.

    Grant user permission to manage users of the enrollment

    To give other users the ability to manage users within your enrollment, you must grant these users either the enrollment administrator and/or authentication administrator role. For more information on enrollment permissions review Levels of permissions.

    User directories user details pane.