
What you can do here
For each user row:- Change role. Use the role dropdown to switch the user between viewer, user, and admin. Only an existing super admin can grant or revoke the super admin role.
- Add or remove groups. Click the Select groups field and pick groups from the dropdown to add the user. Click the small
xnext to a group chip to remove it. The dropdown shows every access group available in your tenant. - Save. Click Save to commit the role and group changes for that user. The change is logged in the Audit log.
- Reset Onboarding. Clears the user’s onboarding completion flag. The next time they sign in, they’ll see the welcome flow again. Useful when you want to re-onboard a user after a major release, or when someone reports they got stuck and want to re-run the onboarding.

Direct group assignments vs. SSO group claims
There are two ways a user ends up in a group:- From their identity provider’s group claim. When a user signs in, Aperium reads their group claim from the identity token and adds them to every Aperium group whose system key matches a name in that claim.
- From a manual assignment on this page. Adding a user to a group through the Select groups field works regardless of whether their IdP claims that group.
Searching for a user
Type into the Search users field to filter by name or email. Useful when your tenant has hundreds of members.Common workflows
A new admin needs to be promoted
- Search for the user by email.
- Change their role from user to admin in the role dropdown.
- Click Save.
A user has changed teams
- Find the user.
- Remove the old team’s group from their Select groups chips.
- Add the new team’s group.
- Click Save.