User Management
LumoAuth provides comprehensive user management capabilities within each tenant. Users can be created, invited, managed, and deprovisioned through the tenant portal or API.
User Lifecycle
Invited / Registered → Email Verified → Active → Suspended / Deleted
| State | Description |
|---|---|
| Pending | User created but email not verified |
| Active | Email verified, can authenticate |
| Suspended | Temporarily disabled, cannot authenticate |
| Deleted | Account removed (subject to GDPR retention) |
Managing Users
Portal
Navigate to /t/{tenantSlug}/portal/access-management/users:
- User List - Search, filter, and browse all tenant users
- User Detail - View profile, roles, groups, sessions, MFA methods, audit log
- Create User - Manually create a user account
- Edit User - Update profile fields, reset password, manage MFA
- Suspend / Delete - Disable or remove a user
User Profile Fields
| Field | Description | Editable |
|---|---|---|
| Primary identifier | Yes | |
| First Name | Given name | Yes |
| Last Name | Family name | Yes |
| Phone | Phone number (used for SMS MFA) | Yes |
| Email Verified | Verification status | Admin only |
| MFA Enabled | Whether MFA is active | Admin can reset |
| Roles | Assigned roles | Admin only |
| Groups | Group memberships | Admin only |
| Created At | Account creation timestamp | No |
| Last Login | Most recent authentication | No |
Creating Users
Manual Creation
- Go to
/t/{tenantSlug}/portal/access-management/users - Click Create User
- Enter email, name, and optionally set a temporary password
- Optionally assign roles and groups
- Choose whether to send a welcome email
Self-Registration
If self-registration is enabled in auth settings (/t/{tenantSlug}/portal/configuration/auth-settings), users can register at the tenant login page.
SCIM Provisioning
Users can be provisioned automatically from external identity providers using SCIM 2.0.
JIT Provisioning
When a user authenticates via Social Login, SAML, or OIDC Federation for the first time, their account is automatically created (just-in-time provisioning).
Customer 360 View
Each user has a Customer 360 page that consolidates everything about them in one place:
- Linked identities — connected social accounts, SAML, and OIDC logins
- User traits — custom key-value attributes (string, number, boolean, JSON)
- Consent preferences — what the user has consented to, with timestamps
- Activity log — the 20 most recent audit events for this user
Access it at /t/{tenantSlug}/portal/users/{userId}/360.
User Traits
User traits are custom attributes you can attach to any user to store application-specific data. Traits are editable from the Customer 360 view and can be used in ABAC policies for attribute-based authorization decisions.
See Progressive Profiling & User Traits for full details.
Progressive Profiling
Progressive profiling lets you collect user information incrementally during the login flow — asking for one or two fields per session rather than a long upfront form. Configure profiling rules in the Authentication Settings.
See Progressive Profiling & User Traits for full details.
Organizations
Users can belong to one or more organizations within your tenant. Organizations model multi-company or multi-team structures, each with their own member roles.
See Organizations for full details.
In This Section
| Guide | Description |
|---|---|
| Invitations | Invite users to join your tenant |
| Sessions | Manage user sessions and tokens |
| Account Self-Service | Password reset, profile updates, MFA enrollment |
| Organizations | Manage multi-organization structures |
| Progressive Profiling & User Traits | Incremental data collection and custom user attributes |