Manage users and roles

Add, delete, and assign roles to users with Cloud Observability, the Cloud Observability API, or Terraform.

The content below is intended for Organization Admins and Organization Billing Admins. For conceptual information about managing users and roles and possible setups, visit User and role management.

In Cloud Observability

Add users

Follow the steps below to create a new user. Once you add a user, Cloud Observability sends them an email inviting them to create an account.

  1. In Cloud Observability, click Settings > User management > Users.
  2. Click Add new user and fill out the Invite new user panel:
    1. Enter the user’s email address.
    2. Choose the user’s role.

  3. Click Invite user to send the user an email asking them to set their password and sign in.

    The new user appears on the page. You and other Organization Admin or Organization Billing Admin users can change their role if needed.

Change passwords

If you’re using SSO, users can’t change passwords in Cloud Observability.

If you’re not using SSO, users can change their password. Follow these steps to change your password:

  1. In Cloud Observability, click Personal settings > General preferences.
  2. In the Change password section, enter your current password, and then enter and verify the new password.
  3. Click Save changes to finish changing your password. You can now log in with your new password.

Change user roles

Follow these steps to change an existing user’s role:

  1. In Cloud Observability, click Settings > User management > Users.
  2. Find the relevant user and click ⋮ > Edit user.
  3. Choose the new role in the Edit user panel and click Confirm.

Cloud Observability displays <email> roles updated and returns to the Users page.

Delete users

You can delete a single user or delete multiple users in bulk. Once you delete a user, they can no longer access Cloud Observability.

Follow these steps to delete users:

  1. In Cloud Observability, click Settings > User management > Users.

  2. On the Users page:

    • Delete a single user by finding the user, clicking ⋮ > Delete, and clicking Confirm in the dialog.
    • Delete users in bulk by selecting them, clicking Delete selected users, and clicking Confirm in the dialog.

Cloud Observability displays <email> deleted from <organization> and returns to the Users page.

Set the default project for new users

Customize the Cloud Observability experience for new users. Choose the project they see when they log in for the first time.

If you don’t customize this setting, first-time users see either the project that comes first alphabetically or a project with prod in its name. Organization Restricted Members view the first project they have access to alphabetically.

Follow these steps to customize the default project for new users:

  1. In Cloud Observability, click Settings > User management > Additional settings.
  2. In the Default project section, click the drop-down and select your project.

Cloud Observability displays <Organization name> default project updated. Users now see that default project when they first log into Cloud Observability. For all subsequent logins, users see the project they last visited.

Set the default role

Cloud Observability assigns the default role to all new users. You can change users’ roles once they’re in the system.

Don’t set the default role to Organization Admin. If you set it to Organization Admin, all new users get full access to Cloud Observability.

  1. In Cloud Observability, click Settings > User management > Additional settings.
  2. Click the Default role drop-down to select the new role.

Cloud Observability displays <organization> default role updated.

Cloud Observability API

Use the Cloud Observability API to manage users in bulk. The API has two endpoints for creating, deleting, and listing Cloud Observability users.

  • Users - Create, delete, and list Cloud Observability users.
  • RoleBinding - List user roles.

Cloud Observability and Terraform

Use Terraform to manage user roles in bulk. Cloud Observability has these user-management resources:

  • lightstep_user_role_binding - Assign or reassign organization and project roles.
  • lightstep_saml_group_mappings - Set up SAML group mapping.

See also

User and role management

Roles and permissions

Set up JIT provisioning

Updated Feb 28, 2024