# Manage team members Use the Team Members page to view all team members, manage their access, and perform bulk user management actions. Use it to: - Invite new users to the team - Ensure consistent identity policy enforcement across accounts, teams, and login methods - Enforce SSO by restricting non-admin users from logging in with Coralogix credentials. - Remove users from the team, one-by-one or in bulk, for onboarding and offboarding cycles - Reset user passwords ## Access the Team Members page All users have access to the Team Members page. To access it: 1. Sign in to Coralogix. 1. Open the team you want to manage. 1. In the main menu, select **Settings**, then **Team Members**. Select one of the following tabs: - **Current members**: Table of all existing members of the team - **Pending invites**: Users who have been invited but have not yet joined ## Work with the Current members tab ### Understand the Current members table The **Current members** tab shows one row per user in the team, including your own account. Each column gives specific information: | Column | Description | | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | User | User’s email address. | | Join date | Date the user was added to the team. | | Last login | Date and time the user last logged in. | | Expiry | Date when the user’s access to this team expires, if temporary access has been granted. | | Login mode | How the user is allowed to sign in. Can be local credentials, SSO, both, or undefined. | | Roles | User’s assigned [permission role](https://coralogix.com/docs/user-guides/aaa/access-control/permissions/index.md) or roles in this team (for example, Observability Lead or Data Admin). | | Groups | User’s [group membership](https://coralogix.com/docs/user-guides/account-management/user-management/assign-user-roles-and-scopes-via-groups/index.md). | Click a row to open a side panel with the user’s access details, including last login, sign-in method, IP address, and IdP platform. To edit a user’s details, select the pencil icon in that user’s row. ### Sort and filter the table You can sort and filter the table to find specific users: - Select a column header to sort by that column. - Use filter controls above the table to narrow the list by group. You can combine filters. For example, you can show only users in a specific group whose access expires soon and who still have local sign-in enabled. ### Search for members Use the **search** above the table to find members by: - Full name - Partial name - Email address Search results respect any filters you have already applied. ## Manage a single user On the **Current members** tab, find the user and select the pencil icon in that user’s row. ### Manage group memberships Add the user to one or more groups, or remove them from existing groups. Group changes affect a user’s [role-based permissions](https://coralogix.com/docs/user-guides/account-management/user-management/create-roles-and-permissions/). Note You can edit your own group memberships from this page. This is the supported way for a Platform admin to grant themselves additional permissions: by joining a group that already carries those permissions. Self-assignment is not available from the [group members editor](https://coralogix.com/docs/user-guides/account-management/user-management/assign-user-roles-and-scopes-via-groups/create-and-manage-groups/#modify-a-group) — use this page instead. ### Configure allowed sign-in methods Update the user’s sign-in options. Select one of the following login modes: - Local: Allow local Coralogix credentials only. - SSO: Allow sign-in only through your identity provider. - Both: Allow both local credentials and SSO. Note Once SSO is attached to a user, it follows the user across all teams. ### Reset a user’s password Password reset applies to users who are allowed to sign in with local credentials. 1. Select **Reset password**. 1. Confirm the reset. The user receives instructions to set a new password. The row also shows the last password change date, so you can verify when the password was last updated. Once a password for a user is reset, it follows the user across their team memberships. ### Set or update an access expiry date The ability to invite temporary users to your team provides you with greater control of access management capabilities and increased security measures. Temporary access is ideal for contractors, auditors, or short-term employees who only need access for a limited period. Instead of manually tracking access and dates, you can define them in advance using the built-in expiration date feature. This helps ensure that your data is not accessible beyond the user’s active engagement with your organization. Warning Team and Send-Your-Data API keys remain valid even after the user’s access expires. Delete the personal API keys of expired users to prevent unauthorized API usage. If you have not already done so, select **Enable temporary access**. Then, do any of the following: - Set a new expiry date. - Update the existing date. - Clear the expiry to give the user ongoing access. The Expiry column updates with: - The selected date - The appropriate badge (Expired, X days, or No expiry) ### Remove a user from the team Removing a user from a team stops their access to that team. It does not affect their membership in other teams or organizations. 1. Select the trash icon and then select **Remove from team**. 1. Review the confirmation message. 1. Confirm the removal. The user no longer appears in the **Current members** table for this team. Some users (for example, certain organization-level admins) might not be removable directly from the team. ## Manage users in bulk Bulk actions help you manage onboarding and offboarding cycles, as well as enforce policy changes for multiple users at once. ### Select users for bulk actions You can select multiple users based on filters and groups. 1. On the **Current members** tab, filter the table to show the users you want to manage. 1. Use group-based filtering and sorting as necessary. 1. Select the check boxes next to each user you want to include, or select the header check box to select all users in the current view. After you select users, use the bulk actions menu to update login mode, set expiry dates, or remove users. ### Enforce SSO-only access in bulk 1. Filter the table to show the users who must use SSO only. 1. Select the users. 1. From the bulk actions menu, select **Change login method**. 1. Set Login mode to [SSO](https://coralogix.com/docs/user-guides/account-management/user-management/sso-with-saml/index.md). 1. Save your changes. All selected users will inherit SSO-only sign-in, helping you enforce your identity policy consistently. Note SSO can only be enforced for team members. If a user has not been assigned a sign-in method, it will appear as **Undefined**. The default enabled method will be determined by the initial invitation and the user's subsequent entry. ### Set expiry dates in bulk 1. Select the users whose access should be time-limited. 1. From the bulk actions menu, select **Change expiry**. 1. Set a common expiry date for the selected users. 1. Save your changes. The Expiry column shows the new date and the appropriate badges for each user. ### Remove multiple users from the team Use bulk removal for onboarding and offboarding cycles when entire groups of users no longer need access. 1. Filter the table to show the users you want to remove (for example, a project group that has finished its work). 1. Select the users. 1. From the bulk actions menu, select **Remove from team**. 1. Review the confirmation message. 1. Confirm the removal. All selected users are removed from the team. ## Invite new users On both the **Current members** and **Pending invites** tabs, use the **+ Invite users** button to add new people to the team through a guided flow that supports quick actions: 1. Select **+ Invite users**. 1. Enter the user’s email address. 1. Assign the user to one or more groups. 1. Optional: Select **Temporary access** and set an initial access expiry date. 1. Optional: Select **+ Add new** to invite additional users. 1. Select **Send**. Coralogix sends an invitation email to each user with instructions to join the team. ## Work with the Pending invites tab Take quick and bulk actions vis-à-vis pending invitees. ### Understand the Pending invites table The **Pending invites** tab shows one row per invited user in the team. Each column gives specific information: | Column | Description | | -------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | | User | Invitee’s email address. | | Invite date | Date the user was invited to the team. | | Groups | Invitee’s [group membership](https://coralogix.com/docs/user-guides/account-management/user-management/assign-user-roles-and-scopes-via-groups/). | | Invited by | Date when the user’s access to this team expires, if temporary access has been granted. | | Invite channel | The method by which an invitee was invited. | ### Cancel invites To cancel invites: 1. Select a user or users. 1. Select **Cancel invite** from a single user row or the bulk actions menu. 1. Review the confirmation message. 1. Confirm the removal. ### Resend invites To resend invites: 1. Select a user or users. 1. Select **Resend invite** from a single user row or the bulk actions menu. 1. Review the confirmation message. 1. Confirm the removal. ## Common scenarios ### Enforce SSO-only access for non-admin users 1. On the **Current members** tab, filter by Login mode to find users who still have Local or Both configured. 1. Select all matching users. 1. Use the **Change login mode** bulk action. 1. Set Login mode to SSO and save. All selected users must now sign in using your identity provider. Note Consider allowing a few users to maintain their local sign-on method at all times, such as break-glass administrators or users who require a fallback in the event that your identity provider is unavailable. ### Grant time-bound access to external users using expiry 1. Using the **+ Invite users** button, invite external users by email. 1. Assign them to a group with limited scope. 1. Set an **access expiry date** that matches the contract or engagement period. 1. Choose the appropriate login mode (for example, SSO if they are federated through your identity provider). 1. Send the invitations. Later, you can: 1. Return to the **Current members** tab. 1. Filter by Group or Role to find these external users. 1. Extend or shorten their expiry dates, or remove them from the team when the engagement ends. This flow helps you keep access aligned with real-world contracts and reduces the risk of forgotten accounts. ## Permissions To view and manage team members and SSO settings, your role needs the following permissions: | Capability | Permission | | --------------------------------------------------------- | ------------------------- | | Create groups and control user membership and permissions | `TEAM-GROUPS:MANAGE` | | View groups, group membership, and permissions | `TEAM-GROUPS:READCONFIG` | | View team members | `TEAM-MEMBERS:READCONFIG` | | Configure and modify team SSO settings | `TEAM-SSO:MANAGE` |