Skip to main content
Users generally represent you and your team and can be assigned to various roles and tasks within the platform. Users may also represent MindBridge Customer Support staff who are active in customer assistance requests, as well as portal users when connecting integrations and API Token Users.

User roles

User roles determine which actions a user can perform within MindBridge.
Role IDUser RoleDescription
ROLE_ADMINApp AdminApp Admins have full access to the MindBridge tenant. They can invite and manage users, and view/edit all organizations and engagements.
ROLE_USER_ADMINUser AdminUser Admins can invite and manage tenant users, and create new organizations.
ROLE_ORGANIZATION_ADMINOrganization CreatorOrganization Creators have the same privileges as users, but can also create new organizations.
ROLE_USERUserUsers can be invited to existing organizations and engagements, but they cannot create new organizations.
ROLE_CLIENTClientClients must be invited to connect to MindBridge. Once the client account has been activated via email, access is limited to the page that allows them to set up a data source.
ROLE_MINDBRIDGE_SUPPORTMindBridge SupportMindBridge Support accounts have limited access to engagements, enabling them to assist with specific support requests.
* ROLE_ADMIN and serviceAccount equals trueAPI Token UserAPI Token Users are non-human user accounts linked to unique API tokens. Any action that an API takes will be attributed to this user account.

Enabling and disabling users

The enabled property can be used to enable and disable user accounts within a single tenant. If a user’s account is disabled, they will no longer have access to the tenant until they are enabled. Note: A user who is disabled in one tenant will still be able to access other tenants where they are enabled.

Account activation emails

When a new user is created, they will be sent an account activation email. This email contains a link they must use to activate their account. Until the account is activated, the user will not be able to sign in. Activation links expire after 7 days, but additional account activation emails can be sent using the Resend Activation Link endpoint. When a user who is disabled becomes enabled again, they will be sent an activation email. These users must use the account activation link before they can sign in.

API token permissions

The following table details the actions that users of the API may be permitted to take:
RoleReadQueryCreateUpdate user enabled statusUpdate user roleCan update role toDeleteCan be sent account activation emails
App Admin
User Admin
Organization Manager
User
Client
MindBridge Support
API Token
App Admins cannot be deleted, nor have their roles updated. This restriction prevents an API token from accidentally locking out a legitimate administrator, resulting in the loss of administration to the entire tenant. MindBridge Support and API Token Users cannot be created, updated, deleted or sent account activation emails to. These accounts are automatically managed by support access requests and API tokens accordingly. Client users serve a special purpose and cannot be created, nor have their roles updated. These users can only provide access to an integration service.