Users, Teams & Groups

Manage your organisation's people, teams, and resource groups with role-based access control.

Users

Roles
RoleCapabilities
Viewer Connect to assigned resources, view own sessions
Editor Viewer capabilities plus manage resources and endpoints
Manager Editor capabilities plus manage users, teams, and groups
Admin Full access including security settings, access policies, billing, and audit logs
Adding Users

Navigate to Users → Add User. Enter the user's email, name, and role. A welcome email is sent automatically. User count is subject to your plan limit.

Pending Users

When users sign up with an unverified domain, they appear in the Pending queue. Administrators can approve or reject them. Configure verified domains under Settings → Domains to allow automatic approval.

User Settings
  • Edit profile: email, first/last name.
  • Notification preferences: endpoint alerts, resource health, security, sessions, anomalies.
  • Admin actions: change role, activate/deactivate, reset password, delete.

Teams

Teams group users together for access management. Users can belong to multiple teams, and teams can be granted access to resource groups with different permission levels.

Creating a Team

Navigate to Teams → New Team. Give the team a name and description. After creation, add members and configure group permissions.

Team Members

Add or remove users from the team's update page. Members inherit the team's group permissions.

Group Permissions

Grant teams access to resource groups with one of three permission levels:

  • View — read-only access to the group and its resources.
  • Manage — add and remove endpoints within the group.
  • Admin — full control over the group, including settings and deletion.

Groups

Groups organise endpoints and resources into logical units. Use groups to model environments (production, staging), regions, or business units.

Creating a Group

Navigate to Groups → New Group. Provide a name and description.

Group Contents
  • Endpoints — add or remove agents from the group. You can assign an endpoint at install time by selecting a target group.
  • Resources — add or remove resources. Resources can belong to multiple groups.
  • Team access — administrators can grant teams access with View, Manage, or Admin permissions.
Install Command

Each group has a unique install URL. Use it to enrol agents directly into the group: 

curl -sSL https://onepam.com/install/YOUR_ORG_UUID/GROUP_UUID | sudo bash