Edit users

You can edit a user’s information and their access rights in their user account in 10Duke SysAdmin.

You can also disable a user’s access from there if needed.


You cannot edit a new user’s information immediately after inviting them. 10Duke Enterprise only creates a user account for them when they have accepted the invitation and signed up.

If you cannot find a user, check the status of their invitation.

View and edit a user account

  1. In the left sidebar, go to IDENTITY > Users.

  2. Select the user. The user’s details open below the table.

See below how to view and edit the user’s information on the tabs.

Edit the user’s personal details

  1. On the Personal Details tab, view and edit the user’s personal details, such as their name and contact phone number.

    The email address displayed is the user’s contact email address. If 10Duke Enterprise is used for user authentication, this is typically the same as the email used as the username. You cannot edit the email address.

    The Id shows the user’s universal unique identifier (UUID). The UUID must be included in the request path when calling some of the 10Duke API endpoints.

  2. Click Save.

Edit the user’s account status

  1. On the Account State tab, view and edit the user account validity and other settings:

    • Validity: Define when the user can access the system and consume licenses.

      • Valid from: By default, the start date is the date when the user completed their sign-up into the system.

        If you set a start date in the future, the user’s access is disabled and they can access the system starting from that date.

      • Valid until: By default, no end date is defined, which means the user’s access is valid indefinitely.

        If you set an end date, the user’s access is disabled after that date.

    • Email verification: The Email verified field shows whether the user has verified their email address.

      Depending on your 10Duke Enterprise configuration, users may not be able to access the system if they haven’t verified their email.

      To manually mark the email as verified, click Mark valid. This may be needed, for example, if the user wasn’t able to verify their email during sign-up.

      Note: The email verification is intended to prove that the user is the owner of the email account and has access to that email. If you validate the email manually for them, this requires some other checks or a degree of trust in the user.

    • MFA: The 2-step verification field shows whether the user has activated two-factor authentication (2FA) for their user account.

      If needed, you can deactivate 2FA for the user by disabling the toggle.

      You cannot activate 2FA for the user.

    • System Administrator: Define whether the user has system administrator access.

  2. Click Save.

Define the user’s user groups

On the User Groups tab, view and define which user groups the user belongs to.

The user’s groups determine which organization licenses they can consume.

  • To add the user to an organization’s user groups, select Actions > Add to group(s). Search and select the organization, select the user groups, and click Save.

    The user can now start consuming the licenses that those groups are authorized to use.

  • To remove the user from user groups, select the user groups in the table, select Actions > Remove from group(s), and click OK to confirm.

    If the user is currently consuming an organization license they no longer have access to, they are able to continue consuming the license until the license lease expires or the client application tries to refresh the lease, whichever comes first.

For more information on defining a user’s user groups and the effects on the user’s access, see more about adding and removing users in groups.

Define the user’s roles

The user’s roles determine their access rights to the data of the organizations they belong to.

The changes to the roles take effect immediately.

On the Organization Roles tab:

  • View and define the user’s organization roles. Organization roles are typically used to control organization administrator access to 10Duke OrgAdmin.

  • To add organization roles, click Add. Search and select the organization, select the roles, and click Save.

  • To remove an organization role, click Remove next to it. To remove all organization roles, click Remove all.

On the Internal Roles tab:

  • View and define the user’s internal roles. Internal roles control access to SysAdmin, and you typically assign them to your own system administrators.

  • To add internal roles, click Add. Select the roles and click Save.

  • To remove an internal role, click Remove next to it. To remove all internal roles, click Remove all.

On the Client App Roles tab:

  • View and define the user’s client roles, if additional role-based access control has been implemented in the client applications that users use to consume licenses.

  • To add client roles, click Add. Select the roles and click Save.

  • To remove a client role, click Remove next to it. To remove all client roles, click Remove all.

View the user’s active license leases and sessions

On the Active license leases tab:

  • View the leases for the licenses that the user is currently consuming. The table shows:

    • The licensed items that the user is consuming

    • The entitlement where the license to the licensed item has been granted

    • The owner of the license (an organization or the user)

    • The lease ID; the unique identifier for the license consumption

    • The hardware ID of the machine (such as a laptop, desktop, or mobile device) where the client application is running and for which the lease was created

    • The date and time when the license lease starts and ends

  • To release a license lease, click Release next to it. See more on how to release licenses currently in use.

    This may be needed, for example, in a situation where the user’s device is broken, and you need to release the license seat that the user was consuming so that they can start consuming the license on another device.

On the Active sessions tab:

  • View whether the user has active user sessions in client applications or in the SysAdmin or OrgAdmin tools.

  • To end all of the user’s active sessions, click Delete sessions.

    This may be needed, for example, in a situation where the user’s device has been stolen and a user session was active, and you want to prevent their device from refreshing the lease and continuing to consume the license. Another use case is that users have been removed from the system and you want to remove login access and close all their user sessions.

Click Refresh to update the information on the tabs.

Edit the user’s custom properties

On the Custom properties tab, view and edit the user’s custom properties.

You can use custom properties to attach external metadata to user accounts.

Define a custom property as a key-value pair:

  1. Enter the key in the first field. The key must be unique across the user’s properties.

  2. Enter the value for the field, and click Add.

You cannot edit custom properties. If changes are needed, delete the old custom property and create a new one.

To delete a custom property, click Delete next to it. To delete all custom properties, click Delete all.

The API client is responsible for defining and managing the property key namespace.