User Management

This article covers how to create and manage user accounts on the SenseOn platform, including role assignment, account lifecycle operations, and the permissions model.

Who can manage users? User management actions require the Admin role. Manager-level users can view the team list but cannot create or delete accounts.

Accessing User Management

Navigate to Settings > Team to view and manage all user accounts in your organisation.

User Roles

SenseOn uses a role-based access model with three standard roles. Each user is assigned exactly one role.

Role	Capabilities
Analyst	View and work cases, run Hunt Lab queries, access Experience, Dashboards, and Digital Estate. Cannot manage users or platform settings.
Manager	Everything an Analyst can do, plus access to reporting and team-level metrics. Cannot create or delete user accounts.
Admin	Full platform access including user management, segment configuration, integration setup, and API token administration.

Active Response is a separate permission. The Active Response role is granted independently of the above roles and can be added to any user by an Admin. See Active Response for details.

Creating a User Account

Go to Settings > Team.
Click Invite User.
Enter the user's email address, full name, and job title.
Select their role (Analyst, Manager, or Admin).
Click Send Invite.

SenseOn will send an invitation email to the address you provided. The user must click the link in the email to set their password and activate their account.

Invitation link expiry: Invitation links expire after 7 days. If the user does not activate in time, you can resend the invitation (see below). To prevent abuse, resending is rate-limited to once every 30 seconds per user.

Resending an Invitation

If a user has not received or has not acted on their invitation:

Go to Settings > Team.
Find the user in the list (they will show a Pending status).
Click the three-dot menu next to their name.
Select Resend Invite.

Updating a User Account

To update a user's name, job title, or email address:

Go to Settings > Team.
Find the user and click the three-dot menu.
Select Edit User.
Make your changes and click Save.

To change a user's role, use the same three-dot menu and select Change Role.

Disabling and Re-enabling a User

Disabling a user prevents them from logging in without deleting their account or its history. This is recommended for temporary access suspension (for example, during a leave of absence).

Go to Settings > Team.
Find the user and click the three-dot menu.
Select Disable User.

The user's account will be marked as inactive. To re-enable the account, follow the same steps and select Enable User.

Deleting a User Account

Deleting a user permanently removes their account. Audit records and case history associated with the user are retained.

Go to Settings > Team.
Find the user and click the three-dot menu.
Select Delete User.
Confirm the deletion in the popup.

This action cannot be undone. If you only need to revoke access temporarily, disable the account instead.

Password Management

Resetting a user's password (Admin)

If a user cannot log in, an Admin can trigger a password reset email:

Go to Settings > Team.
Find the user and click the three-dot menu.
Select Reset Password.

The user will receive an email with a password reset link.

Changing your own password

Click your profile icon in the top-right corner.
Select Change Password.
Enter your current password and your new password.
Click Save.

Multi-Factor Authentication

SenseOn supports time-based one-time password (TOTP) multi-factor authentication. See the Multi-Factor Authentication article for setup instructions.

MFA is mandatory for Active Response users. Any user assigned the Active Response role will have MFA enforced, regardless of the organisation-level MFA setting.

Single Sign-On

If your organisation uses Okta, users can authenticate via SSO instead of a username and password. See Single Sign-On for setup details.