HomeEngagementContentDiscoveryOther resources
Guides

Unified user management: Common tasks

Suggest Edits

👍

Welcome note

Unified login is in the process of being applied to all users throughout September 2025.

Access the pre-existing documentation here: Administration.

This guide walks you through common user management tasks in the unified administration interface. Before you begin, familiarize yourself with the organizational structure in Unified user management overview.

How to add a new user

Go to Administration > Users > Add users and follow the dialog instructions. Select the application to which you want to add the user.

User addition dialog showing application selection with options for Engagement, Discovery, Data hub, and Administration

For each user in any application, you need to provide:

  • Email address
  • Application (Engagement, Discovery, Data hub, or Administration)
  • Scope
    • Workspace/project for Engagement and Data hub
    • Organization/account/environment for Discovery
  • Roles

Engagement

  1. Enter the user email and select Engagement as the application.

  2. Define the scope by selecting either the entire workspace or specific projects.

    📘

    Note

    If you select the entire workspace, the assigned permissions will apply to all projects within. You can't assign different permissions at the workspace and project levels for the same user.

  3. Select the user roles. The available roles are automatically filtered based on your selected scope (workspaces and projects).

  4. You can also set an expiration date for temporary user access.

  5. Review the details and click Add user.

Completed Engagement user form showing email address, workspace selection with multiple projects, and assigned roles

Discovery

  1. Enter the user email and select Discovery as the application.

  2. Define the scope by selecting the entire workspace/account, specific sites/environments, or a combination of both.

  3. Select the user roles. The available roles are automatically filtered based on your selected scope (workspaces and sites/environments).

  4. Review the details and click Add user.

📘

Note

Discovery doesn't support expiration dates for users.

Data hub

  1. Enter the user email and select Data hub as the application.

  2. Define the scope by selecting the entire workspace, specific catalogs, or a combination of both.

  3. Select the user roles. The available roles are automatically filtered based on your selected scope (workspaces and catalogs).

  4. Optionally, set an expiration date for temporary user access.

  5. Review the details and click Add user.

Administration

  1. Enter the user email and select Administration as the application.

  2. Select the user roles. The available roles are automatically filtered based on your organization's permissions.

  3. Review the details and click Add user.

User management operations

Go to Administration > Users to view all users based on your assigned permissions. From this screen, you can view, filter, and perform operations on users.

User management interface showing list of users with columns for name, email, permissions count, MFA status, and last login date, with filter options on the left sidebar

Available operations

Block and unblock user

Immediately blocks or unblocks user access to the organization.

Terminate user session

Ends the active user session and forces immediate logout.

Enforce password reset

Requires the user to set a new password at next login.

Mark as external user

Exempts the user from organization-level security measures such as SSO authentication, allowing independent login. This action can't be undone.

Add permission

Grants additional permissions to an existing user, similar to the "Add user" process.

Resend invitation

Sends a new invitation and expires any previous pending invitations.

Remove permissions

Removes all permissions for the user in the current scope without deleting the user from the organization.

Delete user

Permanently removes the user and revokes all access to Bloomreach services. Available only for organization administrators.

User status indicators

Users display status icons indicating their current state:

  • Active: User has accepted the invitation and can log in.
  • Blocked: User can't access the organization.
  • Invited: User has a pending invitation.
  • Invitation expired: User's invitation has expired and needs to be resent.
User status indicators showing four states: Active user (Igor Mezenak), Blocked user (Ivana Lomnicka), Invited user (User#56), and Invitation expired user (User#101)

MFA status indicators

Multi-factor authentication status displays three states:

  • MFA enabled: User has MFA configured.
  • MFA enforced: MFA is required by policy.
  • MFA inactive: User doesn't have MFA enabled.
Multi-factor authentication status icons showing three states: MFA enabled, MFA enforced, and MFA inactive

How to export users

Export user lists for compliance, auditing, or reporting purposes.

  1. Go to Administration > Users.
  2. Click the three dots in the top right corner.
  3. Select Export.
  4. Follow the dialog to export the user list in CSV format.
Export users to CSV dialog with checkboxes to select sign-in/login-related users and users with at least one permission, with Cancel and Export buttons

How to set a custom role

Unified user management supports custom roles for both Engagement and Data hub. For detailed information, see Custom role documentation.

📘

Note

The functionality is the same for both products, but navigation differs slightly. You need Cloud Organization Admin role to manage custom roles.

Creating a custom role

  1. Go to Organization > Administration > Users > Roles.
  2. Click +Create custom role in the top right corner.
  3. Select +Add inherited role to base your custom role on an existing role.
  4. Customize permissions as needed.
  5. Save your custom role.

Updated about 6 hours ago