Managing organization users
This topic explains how to create and manage organization users. You must be an organization administrator to perform these tasks.
Organization users are given explicit permission by the organization administrator to create, read, edit, and/or delete entities in an Apigee Edge organization. Permissions are role-based, where a role conveys a specific, targeted set of permissions. This permission scheme is also called role-based access control, or RBAC for short.
Organization users are typically members of your API team who develop and test APIs, run reports, and perform other API admin tasks. Do not confuse organization users with app developers, the consumers of your APIs. The process of onboarding app developers and managing their access to your APIs is an entirely separate topic. See Publishing Overview.
Also, note that topic applies to API management, not API BaaS, which has its own user management framework.
Organization users can interact with the following entities. The degree of interaction permitted depends on the role or roles that are assigned to the user by the organization administrator. See also Assigning roles.
- API proxies
- API products
- Developer apps
- Environments (Trace tool sessions and deployments)
- Custom reports (Analytics)
You must be an org administrator
You must be an Apigee Edge organization administrator to create users and assign roles. Only organization admins can see and use the Admin menu, which is for managing organization users.
The Organization Users table on the Admin > Organization Users page lists all of the users attached to the current organization. For each user you can see:
By default, all users associated with an organization can view details about other organization users, such as email address, first name, and last name. Only users with the Organization Administrator role can add or update other organization users.
- Name: The name of the user you entered when you created the user.
- Primary email: The email address you entered when you created the user.
- Role: The role of the user, which determines the degree of access. By default, all users have a user role that gives them full access to all features in Apigee. See also Assigning roles.
To add an organization user:
- In the Edge management UI, while logged in as an organization administrator, select Admin > Organization Users. If you are not an org admin, this menu does not show up.
- Click + User. The "Add a User" screen appears.
- Enter the user's name and email address.
- Select the role you want to offer to the user. You can add more than one role to a user. See also See "Adding roles to a user" below.
- Click Save.
If the user already has an Apigee account, she will see the new organization after logging into Apigee.
If the new user doesn't yet have an Apigee account, she is sent email instructions for account activation, password reset, and logging in. The user can log in with either:
- email address
- username, which is the part of the email address before @.
You can add one or more roles to a user when you create a new user or if you edit an existing user. See also Assigning roles.
If a user has multiple roles assigned, the greater permission takes precedence. For example, if one role doesn't allow the user to create API proxies, but another role does, then the user can create API proxies. In general, it is not a common use case to assign users multiple roles.
- Select Admin > Organization Users.
- Either click + User or click an existing user.
- Click in the Roles field, and a dropdown appears.
- Select a role to add.
- Repeat steps 3 and 4 to add additional roles to the user if you want.
- Click Save.
To remove a user from an organization, you must be an org administrator.
- Select the user in the Organization Users table.
- Click Remove.
This only removes the user from the current account. If the user is a member of multiple accounts, they remain in the system.
To remove a user from Apigee completely, contact Apigee Support.
An org admin can edit the first name, last name, and email address fields in the management UI.
Administrators can also change the user's role.