Organisation AdminUsers

User Management

The Users page under Admin → Organisation → Settings is where you invite people to your PebbleAI organisation, assign them roles, and manage their accounts.

User Management page

Find it at Admin → Organisation → Settings → Users.

What you see

A table of every user in your organisation, with columns:

ColumnWhat it shows
Email AddressThe user’s primary email
Assigned RolesOne or more roles from the Roles configuration (e.g. editor, admin)
StatusActive, Invited (not yet accepted), Deactivated
Last LoginWhen this user last signed in
ActionsEdit, deactivate, or delete

Inviting users

Click the Invite User button in the top-right to open the invitation dialog.

Invite Users dialog

The dialog has these fields:

FieldPurpose
Select UsersThe email addresses to invite (one or several)
WorkspaceWhich workspace the new user(s) should be added to
Role to AssignWhich role they get on creation
Optional Initial PasswordIf set, the user is created with this password. If left blank, an email invite is sent instead.
Send InviteSubmit

The two invitation flows

Pay attention to the Optional Initial Password field — it controls which of two very different invitation flows happens:

Flow A: email invite (leave password blank)

  1. Leave Optional Initial Password empty
  2. Click Send Invite
  3. PebbleAI sends an invitation email with a magic-link to the address(es) you entered
  4. The user clicks the link, sets their own password (or signs in via SSO if it’s enabled), and the account becomes active
  5. Status shows Invited until they accept

This is the right flow for most situations — the user controls their own password from the start, and you never see it.

Flow B: password set (fill in the password field)

  1. Type a password into Optional Initial Password
  2. Click Send Invite
  3. PebbleAI creates the account with that password immediately. No email is sent.
  4. Status shows Active
  5. You need to communicate the password to the user out-of-band (in person, in Slack, in a password manager share — never in email)

This flow is useful for:

  • Test accounts you control yourself
  • Service accounts that aren’t tied to a real person
  • Bulk creation for environments where SSO isn’t yet set up and email delivery is unreliable
  • Migrations where you’re seeding a known user list

Important: when you set a password directly, the user receives no email. Make sure they know the account exists, otherwise it’ll sit unused.

Step-by-step: inviting a single user via email

  1. Click Invite User
  2. Type the email address into Select Users
  3. Pick the Workspace they should join
  4. Pick a Role to Assign (typically editor for normal users)
  5. Leave Optional Initial Password blank
  6. Click Send Invite
  7. The user appears in the table with status Invited
  8. They receive an email with a link; once they click it and set a password, status changes to Active

Step-by-step: bulk-inviting via password set

  1. Click Invite User
  2. Paste multiple email addresses into Select Users
  3. Pick a workspace and role
  4. Type a temporary password (e.g. WelcomeToPebble2026!)
  5. Click Send Invite
  6. All accounts are created immediately with that password
  7. Communicate the password to the users via your secure channel
  8. Tell them to change it on first login (Settings → Profile → Security)

Editing a user

Click any row in the table to open the user editor. You can change:

  • Roles — add or remove roles. Multiple roles allowed.
  • Workspace membership — add or remove the user from workspaces
  • Password — set a new password (overwrites the current one; user is not notified)
  • Status — Active or Deactivated

Deactivating a user

Use the deactivate action when someone leaves the team but you might need their data later (their conversations, their owned flows). Deactivated users:

  • Cannot sign in
  • Don’t appear in @-mention lists
  • Don’t count against your seat limit
  • Can be reactivated at any time

Their data and ownership of flows is preserved.

Deleting a user

Use the delete action when you want to fully remove a user. Deletion is permanent — their account, their personal credentials, their personal memories, and their personal API keys are all destroyed.

Things owned by the user (flows, document stores) need to be transferred to another user before deletion, otherwise they become orphaned. The delete dialog walks you through ownership transfer.

Roles

User roles are defined in Configuration → Roles. The default roles are:

  • viewer — read-only access to shared assets and PebbleChat
  • editor — can create and edit flows, document stores, tools, and use PebbleChat with full capabilities
  • admin — full organisation admin access including this page

You can create custom roles in the Roles tab and assign them to users here.

Permissions and scope

User management at this page is organisation-scoped:

  • You can see and manage users in your own organisation only
  • Users from other organisations or the platform itself are not visible
  • Platform admin users (if any) are managed at platform level, not here

Tips

  • Default to email invites. They’re more secure (the user picks their own password) and you don’t have to communicate secrets out-of-band.
  • Use the bulk password-set flow only when you know what you’re doing — it’s powerful but easy to misuse.
  • Audit roles quarterly. Check which users have admin or editor roles and demote anyone who no longer needs that access.
  • Deactivate before delete — gives you time to recover if you change your mind.
  • For SSO orgs, you can enable provisioning in Configuration → SSO Config so users are auto-created on first SSO login. Then this page is mostly for managing roles, not initial creation.

Related

CredentialsModels