Junet.io

User Management

Manage users and groups in Junet - create local users, set up groups, and sync with identity providers

Accessing User Management

  1. Navigate to Admin Panel

    • Click on Admin in the top navigation

  2. Go to User Management

    • You'll see two main sections:
      • Users - Manage individual user accounts
      • Groups - Manage user groups and permissions

Managing Users

Viewing Users

  1. Click on User Management in the admin panel
  2. Select Users
  3. You'll see a list of all users with:
    • Full Name
    • Email Address
    • Position / Department
    • Role
    • Verified
    • 2fa Status

Creating a New User

To create a new local user account:

  1. Click "New User" button
  2. Fill in user details:

Required Fields:

  • Email Address: User's email (used for login)
  • Display Name: Full name shown in the UI
  • Password: Initial password (user should change on first login)

Optional Fields:

  • Role: Admin or User
  • Groups: Assign user to groups
  • Position
  • Department

  1. Set User Permissions:

    • Admin Role: Full access to all settings and configurations
    • User Role: Standard access, permissions controlled by groups

  2. Click "Create User"

    • User receives welcome email with login instructions
    • User must verify email and set password

Best Practice: Create users with minimal permissions initially. Grant additional access through groups as needed.

User Roles

Admin Role:

  • Full access to Admin Panel
  • Can create/modify users and groups
  • Can configure all AI settings
  • Can manage connections and agents
  • Can view all conversations and logs

Manager Role:

  • Access to Admin Interface (retricted to core Features)
  • Can manage Users / Groups
  • Allowed to setup Agents and Connections

User Role:

  • Access to chat interface
  • Limited to assigned agents and connections
  • No admin panel access
  • Permissions controlled by group membership

Editing Users

To modify an existing user:

  1. Click on the user in the Users list
  2. Update any fields:
    • Display name
    • Email address
    • Role (Admin/User)
    • Group membership
    • Status (Active/Inactive)
  3. Click "Save Changes"

Deactivating Users

To temporarily disable a user account:

  1. Open the user's page
  2. Click on the three dots on the User.
  3. Select "Disable"

Effects of deactivation:

  • User cannot log in
  • Active sessions are terminated
  • User data is preserved
  • Can be reactivated anytime

Don't delete users immediately: Deactivate first to preserve conversation history and audit logs.

Managing Groups

Groups control access to agents, connections, and resources. Users inherit permissions from all groups they belong to.

Types of Groups

1. Local Groups

Local groups are created and managed directly in Junet. They are not associated with any external identity provider.

Best for:

  • Small teams
  • Custom permission structures
  • Organizations without SSO
  • Testing and development

Characteristics:

  • Manually created in Junet
  • Manual user assignment
  • Full control over membership
  • No automatic syncing

2. Synced Groups (IDP Groups)

Synced groups are imported from your identity provider (Entra ID or Google Workspace) and automatically synchronized.

Best for:

  • Large organizations
  • SSO-enabled environments
  • Automated user management
  • Reducing administrative overhead

Characteristics:

  • Imported from identity provider
  • Automatic user synchronization
  • Membership managed in IDP
  • Always up-to-date with your organization

Supported Identity Providers:

  • Microsoft Entra ID (formerly Azure AD)
  • Google Workspace

Creating a Local Group

To create a new local group:

  1. Navigate to Groups

    • Admin Panel → User Management → Groups

  2. Click "New Local Group"

  3. Configure Group Settings:

Basic Information:

  • Group Name: Descriptive name (e.g., "DevOps Team", "Support Staff")
  • Description: Purpose of this group

When finished -> Create Group

  1. Add Members:
    • Click the three dota in the Actions Column -> Manage Users
    • Search for users by name or email
    • Select users to add to the group
    • Can add members later

Group created! Users assigned to this group now have the configured permissions.

Importing a Group from Identity Provider

To sync a group from your IDP (Entra ID or Google Workspace):

Prerequisites: You must have SSO configured with Microsoft Entra ID or Google Workspace before importing groups.

  1. Navigate to Groups

    • Admin Panel → User Management → Groups

  2. Click "Import Group from IDP"

  3. Select Identity Provider:

    • Microsoft Entra ID
    • Google Workspace

  4. Select Groups to Import:

    • You'll see a list of available groups from your IDP
    • Search or browse for the group you want
    • Select one or multiple groups

  5. Click "Import and Sync"

  6. Configure Permissions (same as local groups):

    • Navigate to the specific agent the new Group should have access to.
    • Select the Group in the Connection Settings
    • Save Changes

  7. Click "Import and Sync"

Editing Groups

To modify a group:

  1. Click on the group in the Groups list
  2. Update settings:
    • Local Groups: Can change name, permissions, members
    • Synced Groups: Can only change Junet-specific permissions (agent/connection access)

Synced Groups: User membership is controlled by your IDP. Changes to membership must be made in Entra ID or Google Workspace.

  1. Click "Save Changes"

Group Permissions Hierarchy

Users can belong to multiple groups. Permissions are additive:

Example:

  • User is in "Support Team" group → Access to Support Jira agent
  • Same user is in "Documentation Team" group → Access to Confluence agent
  • Result: User can access both Support Jira AND Confluence agents

Permission Strategy: Create focused groups for specific purposes (e.g., "Jira Users", "Confluence Readers", "API Access"). Users can be in multiple groups to get combined permissions.

User and Group Management Workflows

Workflow 1: Small Team (Local Groups)

Scenario: Small startup with 20 employees, no SSO

Setup:

  1. Create local groups:

    • "Engineers" - Access to DevOps agents and GitHub
    • "Sales" - Access to CRM agent
    • "Everyone" - Access to general knowledge agent

  2. Create users manually:

    • Add email and display name
    • Assign to appropriate groups
    • Send invite

Maintenance:

  • Manually add new users
  • Update group membership as roles change
  • Simple and straightforward for small teams

Workflow 2: Large Enterprise (IDP Sync)

Scenario: Enterprise with 500+ employees, using Microsoft Entra ID

Setup:

  1. Configure SSO with Entra ID

  2. Import relevant groups:

    • "Engineering" → DevOps and technical agents
    • "Sales" → CRM and customer data agents
    • "Support" → Ticketing and documentation agents
    • "HR" → HR documentation and policy agents

  3. Configure permissions for each synced group

Maintenance:

  • Zero manual user creation - Handled by IDP sync
  • Zero manual group membership - Handled by IDP
  • Only adjust Junet-specific permissions as needed

Benefits:

  • Scales effortlessly to thousands of users
  • Always reflects current org structure
  • No manual administration

Workflow 3: Hybrid Approach

Scenario: Company with SSO but needs custom Junet permissions

Setup:

  1. Import main groups from IDP:

    • "All Employees" → Basic agents
    • "IT Department" → Technical agents

  2. Create local groups for special cases:

    • "Beta Testers" → Access to experimental features
    • "Admin Team" → Full access to specific test agents
    • "External Consultants" → Limited, temporary access

Maintenance:

  • IDP handles regular employees automatically
  • Manually manage special-purpose local groups
  • Best of both worlds

Best Practices

User Management

Start with Groups: Before creating users, plan your group structure. It's easier to assign users to existing groups than reorganize later.

Security Best Practices:

  • ✅ Use strong password policies
  • ✅ Enable MFA when available
  • ✅ Use SSO for enterprise environments
  • ✅ Regular access reviews (quarterly)
  • ✅ Deactivate users immediately when they leave
  • ✅ Use least-privilege principle (minimal permissions)

Naming Conventions:

  • Use descriptive group names: "Engineering-DevOps" not "Group1"
  • Include purpose in description
  • Use consistent naming across your organization

Group Management

When to Use Local Groups:

  • Small teams (< 50 users)
  • No SSO infrastructure
  • Testing and development
  • Special-purpose groups (beta testers, etc.)

When to Use IDP Sync:

  • Large organizations (50+ users)
  • SSO already configured
  • Frequent organizational changes
  • Need automated user provisioning
  • Compliance requirements

Group Structure Tips:

  1. Create role-based groups: "Engineers", "Support", "Sales"
  2. Create function-based groups: "Jira-Users", "Confluence-Access"
  3. Create project-based groups: "Project-Alpha-Team"
  4. Combine as needed: Users can be in multiple groups

Permission Management

Agent Access:

  • Don't give everyone access to all agents
  • Group agents by domain (DevOps, Support, Sales)
  • Match agents to job functions

Connection Access:

  • Restrict sensitive connections (production databases, customer data)
  • Give read-only access when possible
  • Use IDP sync for automatic compliance

Troubleshooting

Users Can't See Expected Agents

Problem: User logged in but doesn't see agents they should access

Possible Causes:

  • User not in correct group
  • Group doesn't have permission to agent
  • Agent is disabled
  • Connection is disabled

Solution:

  1. Check user's group membership
  2. Verify group has agent permissions
  3. Check agent is enabled
  4. Verify connection is enabled and accessible

IDP Group Sync Not Working

Problem: Changes in Entra ID/Google Workspace not reflected in Junet

Possible Causes:

  • Sync hasn't run yet (runs every 15 minutes)
  • SSO configuration issue
  • IDP permissions insufficient
  • Network connectivity

Solution:

  1. Wait 15-20 minutes for next sync
  2. Check SSO configuration in Admin Panel
  3. Verify admin permissions in IDP
  4. Check Junet can reach IDP endpoints
  5. Manually trigger sync if option available

Users Automatically Removed from Group

Problem: User was removed from Junet group unexpectedly

Cause:

  • For synced groups: User was removed from group in IDP
  • Automatic sync removed them from Junet

Solution:

  1. Check group membership in IDP (Entra ID/Google Workspace)
  2. Re-add user to group in IDP
  3. Wait for next sync (15 minutes)
  4. User will regain access automatically

Can't Edit Group Membership

Problem: Unable to add/remove users from a group

Cause:

  • Group is synced from IDP
  • Membership is controlled externally

Solution:

  1. Verify if group is "Local" or "Synced"
  2. For synced groups: Make changes in your IDP
  3. For local groups: Ensure you have admin permissions

Monitoring and Auditing

User Activity

Track user activity in the admin panel:

  • Last login times
  • Active sessions
  • Query history
  • Agent usage

Group Changes

Audit trail includes:

  • Group creation/deletion
  • Membership changes
  • Permission changes
  • Sync events from IDP

Compliance

Use groups and user management for compliance:

  • Data Access Control: Limit who can query sensitive connections
  • Audit Logs: Track who accessed what and when
  • Automatic Deprovisioning: Users lose access when removed from IDP
  • Regular Reviews: Audit group memberships quarterly

Related Articles

Authentication & SSO
AI Personalization
Configure an Agent
Previous
AI Personalization
Next
Custom CSS
User Management | Junet.io Documentation