Adding and Deactivating Users

The methods you use to add and deactivate users depend on what kind of Hyperscience instance you’re using.

On-premise / private cloud instances

You can add and deactivate users by following the processes below.

Adding new users

There are two ways to add users to Hyperscience, neither of which can be done through the main user interface:

  • Directly in Hyperscience

    • Native, or local, users can be added in /admin/auth/user/add/.

    • Additionally, users can be added in bulk via CSV upload in /admin/auth/user/import-csv/.

      The CSV file must be in the following format:

      username,password
      user1,password1
      user2,password2
      ...
  • Through an external authentication provider: New users will be created in Hyperscience the first time they log in after being authenticated by your provider.

External authentication methods and API users

If you are using an external authentication method, you have the option of periodically revalidating API tokens for your users. If this feature is enabled, users can revalidate their tokens by signing in to the application through a browser. API-only users and users who cannot readily access the application through a browser should be added to a list of exempted users. For more information, see External Authentication Methods and API Users

To learn about automatic token revalidation’s effect on your trainer user, see Trainer Installation (Production).

Deactivating users

Users cannot be deleted from Hyperscience. To revoke a user’s access, you must change their permissions so that they are no longer an active user. Deactivation is required regardless of how the user was created or what version of Hyperscience you’re using.

To deactivate a user:

  1. If the user was created through an external authentication provider, delete the user in that system.

  2. In Hyperscience, go to /admin/auth/user/.

  3. Click on the ID of the user you would like to deactivate.

  4. Under "Permissions," deselect the Active option.

  5. Click Save.

Deactivation and API tokens

If you have an exempted user list as described above, you will need to remove users from the list in order for the system to deactivate their API tokens.

Resetting a user's password

The process for resetting a user’s password depends on how they log in to Hyperscience: 

  • External authentication: A user who accesses the Hyperscience platform through an external authentication method (e.g., LDAP, SAML, ODIC) must reset their password through their authentication provider. These users’ passwords cannot be reset in Hyperscience. 

  • Local authentication: A user who logs in through Hyperscience’s built-in authentication can have their password reset by their system administrator.

Users with system admin permissions can reset a local user’s password by following these steps:

  1. Go to /admin/auth/user/

  2. Click on the user’s ID, which appears to the left of their username.

  3. Click on the link that appears in “Raw passwords are not stored, so there is no way to see this user's password, but you can change the password using this form.”

    blobid0.png

  4. Enter the new password in the boxes provided, and click Change Password.

SaaS instances

Depending on the authentication method you have set up for your instance, you may need Hyperscience’s assistance to add or deactivate users.

Adding users

The process for adding users depends on whether you are using our built-in user management system or an external authentication provider.

Built-in user management

If you need to add users to your instance, contact your Hyperscience representative for assistance. They will ask you to provide a CSV file with the users’ information in the following format:

email,first_name,last_name,hs_group
address_1,first_1,last_1,group_1
address_2,first_2,last_2,group_2
...

Here, hs_group is the permission group that the user should be added to. To learn more about permission groups, see Permission Groups.

External authentication provider

If you need to grant access to new users, you can add those users to your authentication provider’s system. When they log in to Hyperscience through your authentication provider for the first time, they will be automatically added to the user list in Hyperscience.

Deactivating users

Depending on your authentication method, you may need Hyperscience’s assistance to deactivate users.

Built-in user management

If you need to revoke a user’s access to Hyperscience, contact your Hyperscience representative for assistance. Hyperscience will remove the user from Okta on your behalf.

External authentication provider

To deactivate users, you can remove them from your authentication provider’s system. They will not be able to log in to Hyperscience, but their user information will remain in the application. You can contact your Hyperscience representative to have this information removed.