ForjioHuudisIdentityPlugipayPaymentsStorlaunchE-commerceFulkrumaFulfilmentRiplloMarketingLinkSnapShort URLsPawpadoGPU streamingCatentioAgent runtime
Huudis Docs
⌘K

Managing users

Plugipay family portal: users

Huudis has two distinct kinds of "user":

  • Workspace members — the human administrators who can sign into the Huudis dashboard and configure your workspace. Covered here.
  • End users — people who signed into your OIDC clients. Covered on the Portal — End users section of the dashboard tour.

This page covers workspace members.

Viewing members

Dashboard → Users lists every account member who has access to the current workspace. Each row shows:

  • Display name (or email if no name is set).
  • Email address.
  • Role (Owner / Admin / Member).
  • Last sign-in timestamp.
  • Whether MFA is enrolled.

Inviting a member

Click Invite member in the top right. You'll need:

  • Email address — the person's email. They don't need an existing Huudis account; the invite flow handles both cases.
  • Role — one of:
    • Owner — everything an Admin can do, plus deleting the workspace and changing other members' roles.
    • Admin — configure OIDC clients, identity providers, IAM, end users.
    • Member — read-only access to the dashboard. Useful for engineers who need to see configuration but shouldn't change it.

Huudis emails the invitee a link valid for 7 days. Clicking it accepts the invite; if they don't have a Huudis account yet, they're walked through sign-up first.

Changing a member's role

Open the member's detail page. The Role dropdown changes the role; it takes effect on the member's next request (their existing access token doesn't carry the role — Huudis re-resolves role on every check).

Only Owners can change roles. Owners can also demote themselves, but a workspace must always have at least one Owner — Huudis refuses the demotion if you're the last one.

Removing a member

Click Remove from workspace on the member's detail page. This:

  1. Deletes the account_member row.
  2. Revokes the member's active dashboard session.
  3. Does not delete the underlying Huudis user — they can still sign into other workspaces they belong to, or into Forjio products they've consented to.

Removing yourself is allowed but, as with role changes, only if you're not the last Owner.

Enforcing MFA

Dashboard → Users → Workspace settings → Require MFA.

Toggling this requires every member to enrol an MFA factor before their next sign-in to the dashboard. Members without a factor will be walked through enrolment on the sign-in screen.

This is a workspace-level setting; it does not affect end users of your OIDC clients. To require MFA for end users, attach a policy with forjio:MfaPresent: true in the condition block.

API endpoints

Everything the Users page does has a matching API endpoint:

Method Path What
GET /api/v1/account/members List members.
POST /api/v1/account/members/invites Send an invite.
PATCH /api/v1/account/members/:userId Change role.
DELETE /api/v1/account/members/:userId Remove member.

See API reference for the wire format.

Next