Send Docs Feedback

Managing organization users

This topic explains how to create and manage organization users. You must be an organization administrator to perform these tasks.

What are organization users?

Organization users are given explicit permission by the organization administrator to create, read, edit, and/or delete entities in an Apigee Edge organization. Permissions are role-based, where a role conveys a specific, targeted set of permissions. This permission scheme is also called role-based access control, or RBAC for short.

Organization users are typically members of your API team who develop and test APIs, run reports, and perform other API admin tasks. Do not confuse organization users with app developers, the consumers of your APIs. The process of onboarding app developers and managing their access to your APIs is an entirely separate topic. See Publishing Overview.

Also, note that topic applies to API management, not API BaaS, which has its own user management framework.

What Edge entities do organization users work with?

Organization users can interact with the following entities. The degree of interaction permitted depends on the role or roles that are assigned to the user by the organization administrator. See also Assigning roles.

  • API proxies
  • API products
  • Developer apps
  • Developers
  • Environments (Trace tool sessions and deployments)
  • Custom reports (Analytics)

Getting started

You must be an org administrator

You must be an Apigee Edge organization administrator to create users and assign roles. Only organization admins can see and use the Admin menu, which is for managing organization users.

Viewing user data

The Organization Users table on the Admin > Organization Users page lists all of the users attached to the current organization. For each user you can see:

By default, all users associated with an organization can view details about other organization users, such as email address, first name, and last name. Only users with the Organization Administrator role can add or update other organization users.

  • Name: The name of the user you entered when you created the user.
  • Primary email: The email address you entered when you created the user.
  • Role: The role of the user, which determines the degree of access. By default, all users have a user role that gives them full access to all features in Apigee. See also Assigning roles.

Adding users

To add an organization user:

  1. In the Edge management UI, while logged in as an organization administrator, select Admin > Organization Users. If you are not an org admin, this menu does not show up. 
  2. Click + User. The "Add a User" screen appears.
  3. Enter the user's email address.
  4. Select the role you want to offer to the user. You can add more than one role to a user. See also See "Adding roles to a user" below. 
  5. Click Save.

If the user already has an Apigee account, she will see the new organization after logging into Apigee.

If the new user doesn't yet have an Apigee account, she is sent email instructions for account activation, password reset, and logging in. The user can log in with either:

  • email address
  • username, which is the part of the email address before @.

Modifying a user's role or profile

You can add one or more roles to a user when you create a new user or if you edit an existing user. See also Assigning roles. You can also edit the user's first name and last name.

If a user has multiple roles assigned, the greater permission takes precedence. For example, if one role doesn't allow the user to create API proxies, but another role does, then the user can create API proxies. In general, it is not a common use case to assign users multiple roles.

  1. Select Admin > Organization Users.
  2. Click an existing user.
  3. Click in the Roles field, and a dropdown appears.
  4. Select a role to add.
  5. Repeat steps 3 and 4 to add additional roles to the user if you want.
  6. Edit the First Name or Last Name fields, if necessary.
  7. Click Save.

Removing users from an organization

To remove a user from an organization, you must be an org administrator. 

  1. Select the user in the Organization Users table.
  2. Click Remove.

This only removes the user from the current account. If the user is a member of multiple accounts, they remain in the system.

To remove a user from Apigee completely, contact Apigee Support.

Help or comments?