Knogin
[Developers]

User Domain

A security administrator at a regional police force receives a mandate: every officer must have multi-factor authentication enabled before the end of the month. She opens the user dashboard, filters for accounts without

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainscompliance

Overview#

A security administrator at a regional police force receives a mandate: every officer must have multi-factor authentication enabled before the end of the month. She opens the user dashboard, filters for accounts without MFA configured, sees 47 remaining, and sends a bulk reminder. Two weeks later she pulls the same view and sees three outstanding cases, which she can address directly. That kind of focused, actionable oversight is what the User domain provides.

The domain covers user management, authentication settings, and security features for the platform. It includes user listing with pagination and filtering, administrative dashboards with user statistics, multi-factor authentication (MFA) settings management, and passkey (WebAuthn) credential management for passwordless authentication. All user data is stored in PostgreSQL and scoped to the user's organisational tenant.

Key Features#

  • User Management: List, search, and filter platform users with pagination support, enabling administrators to manage the user base efficiently across large organisations.

  • User Search and Filtering: Find users by email, name, or username, and filter by role or active status with configurable sorting for focused user administration.

  • Administrative Dashboard: View user statistics including total users, active and inactive counts, role distribution, pending invitations, and recent signups for organisational oversight.

  • MFA Settings Management: Enable and configure multi-factor authentication for user accounts with support for multiple methods including authenticator apps, SMS verification, and email verification.

  • Passkey Management: Register and manage WebAuthn/FIDO2 passkeys for passwordless authentication, including friendly naming, usage tracking, and credential lifecycle management.

  • Security Information: View security-related user details including MFA status, configured authentication methods, and registered passkeys for security auditing.

  • Role-Based Access: Administrative operations are restricted to authorised roles, ensuring that user management actions are performed only by personnel with appropriate permissions.

MFA Methods#

MethodDescription
TOTPTime-based one-time password via authenticator app
SMSVerification code sent via text message
EmailVerification code sent via email
PasskeyWebAuthn/FIDO2 passwordless authentication

Mermaid Diagram#

Use Cases#

  • Public Safety: Manage organisational users across a large force, searching for specific accounts, reviewing account status, and monitoring authentication configuration to meet security policy requirements.

  • Government & Defence: Review MFA adoption, passkey registration, and authentication method distribution across the organisation to assess security posture and demonstrate compliance with cyber resilience standards.

  • Enterprise Deployments: Monitor recent signups and pending invitations to ensure new users are successfully onboarded with appropriate authentication configured before they access sensitive data.

  • Regulated Industries: Track MFA enablement rates and authentication method usage to ensure compliance with organisational security policies and regulatory mandates such as NIS2 and ISO 27001.

Integration#

The User domain provides foundational identity management across the platform:

  • Authentication: User accounts and credentials support platform authentication.
  • Organisation Management: Users are associated with their organisational context.
  • Tenant Management: User access is scoped to their tenant.
  • Audit and Compliance: User management actions are logged for compliance.

Open Standards#

  • W3C Web Authentication (WebAuthn) / FIDO2: The passkey credential manager registers, names, and revokes FIDO2/WebAuthn authenticators, enabling phishing-resistant passwordless login in accordance with the W3C WebAuthn Level 3 specification.
  • TOTP (RFC 6238): Time-based one-time password generation is supported as an MFA method, allowing users to authenticate via any RFC 6238-compliant authenticator application.
  • OAuth 2.0 (RFC 6749): All API calls on behalf of authenticated users carry OAuth 2.0 Bearer tokens; step-up tokens issued after MFA or password re-verification follow the same Bearer scheme.
  • JSON Web Token (RFC 7519): Access tokens exchanged between the middleware and the authentication service are signed JWTs, validated on every request using the configured issuer and key material.
  • OpenID Connect (OIDC) 1.0: External SSO/OIDC callbacks are handled by the authentication service to provision users into the platform, enabling federated identity from compliant identity providers.
  • SCIM 2.0 (RFC 7643 / RFC 7644): The platform exposes a SCIM 2.0-compatible provisioning integration, allowing enterprise identity providers to create, update, and deactivate user accounts automatically.
  • GraphQL (June 2018 specification): All user management operations, listing, filtering, MFA updates, passkey mutations, and stats queries, are exposed through a strongly-typed GraphQL API.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.