Skip to main content

Managing Users in Administrate

Updated

Purpose: Use this article to understand how user accounts, roles, permissions, and access management work in Administrate.

This article explains user lifecycle management, including creating users, assigning roles, updating access, managing special roles, working with API users, and troubleshooting account access issues.

Table of contents

This article explains:

  • User account management
  • User types
  • Roles and permissions
  • Special roles
  • API users
  • Sharing Agreements
  • User access behavior
  • Common administrative workflows

Managing users in Administrate means controlling who can sign in to the TMS, what they can access, and what actions they can perform once they are signed in.

This article is the central reference point for user administration. Use it when you need to create a new user, update an existing user’s details, change access, remove access, understand roles and permissions, or troubleshoot whether a user has the correct permissions.

Where user management is located

User administration is managed from the system settings area.

  1. Navigate to Settings.
  2. Select Users.
  3. Use this area to create, edit, suspend, reactivate, or review user accounts.

What a user is in Administrate

A User is a login identity for a person or system that needs access to Administrate. A user account controls authentication and permissions.

A User is not the same thing as every other role a person may have in the platform. For example, a person may also exist in Administrate as a Contact, Learner, Instructor, booking manager, or internal coordinator. Those roles are contextual; a User is specifically the identity used to sign in and operate in the TMS.

Note

Each User represents a single person or system. Sharing login credentials is not permitted and can lead to inaccurate audit history, such as actions appearing under the wrong user.

When to manage users

  • when a new staff member needs access to Administrate
  • when an existing user’s name, email, or other account details change
  • when a user’s responsibilities change and their access must be updated
  • when someone should no longer be able to sign in
  • when a user needs help regaining access to their account
  • when an integration needs API access
  • when you need to review or adjust role-based permissions

User types

There are two types of Users in Administrate:

  • Core Users — people who log in and use the application
  • API Users — system users used for integrations

Billing

Your subscription includes a number of Users. You can increase or decrease this number at any time, with changes applied pro rata on your next invoice.

Suspended Users do not count toward your subscription but are retained for historical and audit purposes.

How access is controlled

User access is controlled by the roles and permissions assigned to the account.

  • Roles and permissions determine what the user can see and do.
  • User details identify the person and support account administration.
  • Active or suspended status controls whether the user can currently sign in.
  • Special Roles provide elevated access that cannot be replicated using permissions alone.
  • Sharing Agreements allow controlled access between Companies.

Always use the least permissive access level that still allows the person to perform their job.

Before you change a user account

  • Confirm what the user actually needs to do in Administrate.
  • Check whether an existing Role already fits the requirement.
  • Be careful when changing admin-level or broad-access permissions.
  • Remember that changing access can affect visibility, workflow actions, and operational responsibility.
  • Confirm whether the user needs access to one Company, multiple Companies, or all Companies.
  • Confirm whether the user needs human login access or API/integration access.

Common user management tasks

  1. Create a user
    Add a new person to Administrate and assign an appropriate level of access.
  2. Edit user details
    Update account information such as name, email address, or other user-level details.
  3. Assign roles and permissions
    Change what the user can access and what actions they can perform.
  4. Deactivate or reactivate a user
    Remove sign-in access without deleting the user record, or restore access later if needed.
  5. Reset a user password
    Help the user regain access when they cannot sign in with their current password.
  6. Review Job Roles setup
    Use Job Roles where you need structured role definitions at the Contact level for reporting and related workflows.
  7. Create or update Roles
    Configure groups of permissions that can be assigned to Users.
  8. Create API Users
    Create system users for integrations that connect to Administrate using the REST API or GraphQL API.

Core Users

Core Users are standard Users who log in and use Administrate.

Add a Core User

Before creating a User, ensure a Contact exists and is marked as Staff.

  1. Go to the Core Users tab.
  2. Click Add Core User.
  3. Enter User details and select the correct Company and Contact.
  4. Select appropriate Role(s) and any Special Roles.
  5. Click Save.

Users can set their password using the “Forgot Password” link or update settings from the user menu.

Edit a Core User

  1. Select the User.
  2. Update the required fields.
  3. Click Save.

Suspend a Core User

Users cannot be deleted due to audit history. Instead, they can be suspended.

Suspending a User:

  • prevents login
  • prevents further actions
  • removes the User from active workflows
  1. Select the User.
  2. Set Suspended to Yes.
  3. Click Save.

Suspending users

Suspended Users are inactive but retained for audit history.

Roles

Roles are groups of permissions that an Administrate User can be assigned to control what they can see and do in the system.

Each User must be assigned at least one Role. Multiple Roles can be combined to reflect a User’s responsibilities across different areas of the application.

For example, a User responsible for both finance and marketing could be assigned both a Finance Role and a Marketing Role.

Create a Role

  1. Click +Add Role.
  2. Select the Company the Role applies to.
  3. Name the Role, for example Finance Department or Marketing Manager.
  4. Add a description explaining its purpose.
  5. Click Save.
  6. Optional: Use the Users tab to assign the Role to Users.
  7. Go to the Permissions tab.
  8. Select the permissions to include in the Role, or use Toggle All.
  9. Click Save.

Caution

Ensure Administrate Login - Edit is enabled so Users assigned to this Role can log in.

Role permissions interface

Preview permissions and use Toggle All for faster configuration.

Edit a Role

  1. Click the Role you want to edit.
  2. Make your changes.
  3. Click Save.

Delete a Role

Note

Users must have at least one Role assigned. Before deleting a Role, ensure affected Users have another Role.

  1. Click the Role you want to delete.
  2. Click Delete Role.
  3. Confirm the action.

Permissions Comparison

The Permissions Comparison tab allows you to compare Roles and quickly see which permissions are assigned to each.

Use the search field to filter by permission and identify which Roles include it.

Permissions comparison interface

Compare Roles and filter permissions for quick analysis.

Special Roles

Special roles in Users

Users can be assigned Special Roles such as Super User or Super Company User.

In addition to standard Roles, Administrate includes two Special Roles that cannot be replicated using permissions alone.

Super User

A Super User has full access to all Administrate functionality, including the Control Panel.

Super Users can:

  • access all Companies
  • manage Users and Roles
  • configure system settings

Super Company User

A Super Company User can access data across all Companies but does not have Control Panel access.

This is useful when Users need visibility across multiple business units without full administrative control.

For more granular access across specific Companies, use Sharing Agreements.

Sharing Agreements

For organizations operating multiple Companies, Sharing Agreements allow controlled access between them.

Unlike the Super Company User Role, which grants access to all Companies, Sharing Agreements allow selective access between specific Companies.

You can also grant additional permissions across Companies, for example allowing another Company to delete Accounts or Contacts.

Create a Sharing Agreement

Sharing Agreements are created from the Company you are currently logged into. You can grant access to your Company’s data, but not configure sharing on behalf of other Companies unless permitted.

  1. Click +Add Sharing Agreement.
  2. Select the Company you want to grant access to.
  3. Add notes describing the agreement. This is optional but recommended.
  4. Open the Permissions tab.
  5. Select the permissions to share.
  6. Click Save.

The agreement will appear under Shared by You.

Sharing agreement permissions

Configure cross-company permissions using Sharing Agreements.

View Sharing Agreements

Sharing Agreements are grouped into two tabs:

  • Shared By You — Agreements you created to share your data
  • Shared With You — Agreements created by other Companies

API Users

API Users are used for integrations via the REST API or GraphQL API.

Each integration requires its own API User and credentials.

Add an API User

  1. Go to the API Users tab.
  2. Click Add API User.
  3. Select the integration method in Product.
  4. Enter required details.
  5. Click Save.

User administration works best when you separate three ideas clearly:

  • Identity: who the person is
  • Access: what they are allowed to do in the TMS
  • Contextual roles: the part they play elsewhere in the platform, such as Contact, Learner, Instructor, or Job Role

If those ideas are mixed together, it becomes much easier to assign the wrong access or misunderstand what a record is supposed to represent.

Related articles