> ## Documentation Index
> Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage Users in Omni

> Add, update, and remove users in Omni.

This guide explains how to create, update, and remove users in Omni.

Before assigning a role, review the available account roles and their permissions to determine the appropriate level of access for the user. See [Account roles](../security-and-authentication/security-model#account-roles).

## User account creation by authentication method

User account creation in Omni depends on the authentication method being used.

With Auth0 and OIDC, an Omni administrator must first add the user before they can log in.

With SAML, the user account is created automatically on the first login, so no manual setup is required.

## Prerequisites

Before managing users in Omni, add the user to your identity provider (Auth0, OIDC provider, or SAML IdP) and ensure they have permission to access Omni.

## Create a user

<Note>
  If SAML is enabled, skip this step. The user account is created automatically the first time the user logs in.
</Note>

You can create a user in Omni via the CLI or the Omni UI.

<Tabs>
  <Tab title="CLI">
    Run this command to create a user, replacing the placeholders `<user-email-address>` and `<role>` with their actual values:

    ```bash theme={null}
    omnictl user create <user-email-address> --role <role>
    ```
  </Tab>

  <Tab title="UI">
    To create a user via the Omni UI:

    1. Navigate to **Settings > Users**.

           <img src="https://mintcdn.com/siderolabs-fe86397c/XhzdvJz1lh1ZClvA/omni/security-and-authentication/images/manage-users-user-tab.png?fit=max&auto=format&n=XhzdvJz1lh1ZClvA&q=85&s=c5cd4bb02ef3f1c72ab5313a8c86f858" alt="Users Tab" width="3024" height="1180" data-path="omni/security-and-authentication/images/manage-users-user-tab.png" />

    2. Select **Add User**.

           <img src="https://mintcdn.com/siderolabs-fe86397c/XhzdvJz1lh1ZClvA/omni/security-and-authentication/images/manage-users-add-a-user-button.png?fit=max&auto=format&n=XhzdvJz1lh1ZClvA&q=85&s=200014c3b809f381aed749864e830d7c" alt="Add user button" width="3024" height="590" data-path="omni/security-and-authentication/images/manage-users-add-a-user-button.png" />

    3. Enter the user's email in the **Create User** modal.

    4. Select a role from the **Role** dropdown.

    5. Click **Create User**.

           <img src="https://mintcdn.com/siderolabs-fe86397c/XhzdvJz1lh1ZClvA/omni/security-and-authentication/images/manage-users-create-user-modal.png?fit=max&auto=format&n=XhzdvJz1lh1ZClvA&q=85&s=b1a253a7416af3a791dec235634b6f4e" alt="Create User modal" width="1164" height="582" data-path="omni/security-and-authentication/images/manage-users-create-user-modal.png" />
  </Tab>
</Tabs>

## Update a user's role

You can update a user's role in Omni via the CLI or the Omni UI.

<Tabs>
  <Tab title="CLI">
    Run this command to update a user's role, replacing the placeholders `<user-email-address>` and `<new-role>` with their actual values:

    ```bash theme={null}
    omnictl user set-role <user-email-address> --role <new-role>
    ```
  </Tab>

  <Tab title="UI">
    To update a user's role in the Omni UI:

    1. Navigate to **Settings > Users**.

    2. Click the ellipsis menu (**⋯**) next to the user and select **Edit User**.

           <img src="https://mintcdn.com/siderolabs-fe86397c/XhzdvJz1lh1ZClvA/omni/security-and-authentication/images/manage-users-edit-user-dropdown.png?fit=max&auto=format&n=XhzdvJz1lh1ZClvA&q=85&s=70c859d89b181deec9f332907d27af49" alt="Edit User dropdown" width="3024" height="1084" data-path="omni/security-and-authentication/images/manage-users-edit-user-dropdown.png" />

    3. Select a role from the **Role** dropdown: **None**, **Reader**, **Operator**, or **Admin**.

    4. Click **Update User** to save the changes.

           <img src="https://mintcdn.com/siderolabs-fe86397c/XhzdvJz1lh1ZClvA/omni/security-and-authentication/images/manage-user-edit-user-modal.png?fit=max&auto=format&n=XhzdvJz1lh1ZClvA&q=85&s=b0cea87ab75bbf4db239779565effa7c" alt="Edit User modal" width="1114" height="590" data-path="omni/security-and-authentication/images/manage-user-edit-user-modal.png" />
  </Tab>
</Tabs>

<Note> SAML users are assigned the `None` role by default on first login. Update their role to grant the appropriate level of access.</Note>

## Delete a user

Removing a user from the identity provider prevents them from logging in but does not remove their account from Omni. To fully revoke access and clean up orphaned resources, the user must also be deleted from Omni.

<Tabs>
  <Tab title="CLI">
    Run this command to delete a user, replacing the placeholders `<user-email-address>` and `<new-role>` with their actual values:

    ```bash theme={null}
    omnictl user delete <user-email-address>
    ```
  </Tab>

  <Tab title="UI">
    To delete a user:

    1. Navigate to **Settings > Users**.

    2. Click the ellipsis menu (**⋯**) next to the user and select **Delete User**.

           <img src="https://mintcdn.com/siderolabs-fe86397c/XhzdvJz1lh1ZClvA/omni/security-and-authentication/images/manage-user-delete-user-dropdown.png?fit=max&auto=format&n=XhzdvJz1lh1ZClvA&q=85&s=df9facd1d2a30bc153a275f3fa682860" alt="Delete user dropdown" width="3008" height="1080" data-path="omni/security-and-authentication/images/manage-user-delete-user-dropdown.png" />

    3. Click **Delete** to confirm.

           <img src="https://mintcdn.com/siderolabs-fe86397c/XhzdvJz1lh1ZClvA/omni/security-and-authentication/images/manage-user-delete-user-confirmation-modal.png?fit=max&auto=format&n=XhzdvJz1lh1ZClvA&q=85&s=6404275af6c4ca37649dc8e7f6562ede" alt="Delete confirm modal" width="1162" height="488" data-path="omni/security-and-authentication/images/manage-user-delete-user-confirmation-modal.png" />
  </Tab>
</Tabs>