Knogin
[Developers]

Users Administration

Day-to-day user administration rarely involves complex automation. More often it is straightforward: invite a new team member, assign the right role, check that they activated their account, and suspend access when someo

Back to All Modules
Category: ManagementLast Updated: Feb 5, 2026
management

Overview#

Day-to-day user administration rarely involves complex automation. More often it is straightforward: invite a new team member, assign the right role, check that they activated their account, and suspend access when someone leaves. The Users Administration module handles that operational cadence cleanly, with invitation-based onboarding, activity monitoring that makes inactive accounts visible, and bulk operations for the times when team changes happen at scale.

Every status transition is logged. Audit trails are maintained throughout the account lifecycle, so access decisions are always traceable.

Key Features#

  • User Lifecycle Management: Manage users through their complete account lifecycle: invitation, activation, active use, suspension, and deactivation. Each status transition is logged and triggers automated notifications to affected users and administrators.

  • Invitation-Based Onboarding: Invite users via email with pre-assigned roles and department placement. Invitations include customisable messages, expire after a configurable period, and can be resent with updated details. Users complete their profile setup on accepting the invitation.

  • Role-Based Access: Assign users to predefined roles that control access to platform capabilities. Each role provides a clear set of permissions enforced by the RBAC system. Administrators can view permission comparisons when changing roles to understand what access is gained or lost.

  • User Activity Monitoring: Track login history, session counts, feature usage, investigation participation, and API activity per user. Engagement metrics including daily and monthly active users, feature adoption rates, and session duration provide operational insight into platform usage.

  • Department Management: Organise users into hierarchical departments with department-specific permissions, cost allocation, and designated managers. Cross-department collaboration is supported while maintaining appropriate access boundaries.

  • Account Suspension and Deactivation: Suspend accounts temporarily with configurable durations and documented reasons, or deactivate accounts permanently with ownership transfer options for investigations and documents. All actions revoke active sessions immediately and are fully auditable.

  • Bulk Operations: Perform bulk invitations from CSV, bulk role changes, bulk deactivation, and bulk permission updates for efficient management of large user populations during team changes.

  • Security Controls: Password policy enforcement, MFA management, session controls, failed login tracking, and suspicious activity detection work together to maintain account security across the organisation.

Use Cases#

  • Law enforcement agencies onboarding new officers with batch invitations that assign appropriate roles and team placements, so new staff are productive from their first login.
  • Government departments conducting regular access reviews that identify inactive accounts and ensure all users have roles appropriate to their current responsibilities.
  • Intelligence organisations responding to security incidents with immediate account suspension, session revocation, and documented audit trails that support investigation and remediation.
  • Financial institutions managing team restructuring efficiently with bulk operations that update roles, departments, and permissions across large groups without individual manual changes.
  • Healthcare providers maintaining HIPAA-compliant access controls through activity monitoring that tracks who is accessing what, with alerts for behaviour outside established patterns.

Open Standards#

  • Role-Based Access Control (ANSI INCITS 359 / NIST SP 800-207): All user lifecycle operations, permission assignments, and administrative actions are enforced through an RBAC engine that maps users to predefined roles with explicitly scoped capabilities.
  • SCIM 2.0 (RFC 7643 / RFC 7644): User provisioning and group synchronisation interoperate with SCIM-compliant identity providers, enabling automated account lifecycle management and bulk onboarding from external directories.
  • JSON Web Token (RFC 7519): Every admin API request is authorised via JWT carrying organisation and role claims; session revocation takes effect by invalidating tokens independently of their expiry time.
  • OAuth 2.0 (RFC 6749): SSO-enabled tenants provision users via an OAuth 2.0 / OIDC authorisation code flow, allowing corporate identity providers to drive account creation and role assignment automatically.
  • FIDO2 / WebAuthn (W3C WebAuthn Level 3): MFA management supports passkey registration and assertion via the WebAuthn protocol, enabling phishing-resistant second factors for privileged administrative accounts.
  • TOTP (RFC 6238): Time-based one-time passwords are supported as an MFA method alongside WebAuthn, interoperating with standard authenticator applications during account login and step-up authentication.
  • GraphQL (GraphQL June 2018 Specification): All user administration queries and mutations are exposed through a typed GraphQL API, enabling precise field selection and consistent schema contracts for front-end and integration consumers.

Getting Started#

  1. Review Roles: Understand the available roles and their permissions to plan appropriate access levels for your team.
  2. Invite Users: Send invitations with appropriate role assignments and department placement.
  3. Monitor Onboarding: Track invitation acceptance and first-time login activity to ensure smooth onboarding.
  4. Establish Reviews: Set up regular access reviews to maintain appropriate permissions and identify inactive accounts.
  5. Configure Security: Set password policies, MFA requirements, and session controls appropriate for your organisation.

Availability#

  • Enterprise Plan: Included (all features, advanced activity monitoring, bulk operations, anomaly detection)
  • Professional Plan: Core user management included; advanced monitoring and bulk operations available as add-on

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.