Skip to main content

Managing users

This guide explains how to configure and manage users in Coginiti Team using the three supported authentication methods: manual user creation, LDAP integration, and OAuth OIDC single sign-on. Centralized user control and management is one of the core advantages of Coginiti Team.

Overview

Coginiti Team provides flexible user management options to meet different organizational needs:

  • Manual User Creation - Direct user management within Coginiti Team
  • LDAP Integration - Automated synchronization with corporate directories
  • OAuth OIDC - Single sign-on with identity providers

Each approach offers different benefits for user provisioning, authentication, and ongoing management.

User Management Approaches

Comparison of Methods

FeatureManual CreationLDAP IntegrationOAuth OIDC
User ProvisioningManualAutomated SyncJust-in-Time
Password ManagementLocalLDAP ServerIdentity Provider
Group ManagementManualLDAP GroupsClaims-based
DeactivationManualAutomatedAutomated
ComplexityLowMediumMedium-High
Best ForSmall teamsEnterprise environmentsCloud-first organizations

Choosing the Right Approach

Manual User Creation when:

  • Small team (under 50 users)
  • Simple authentication requirements
  • No existing directory infrastructure
  • Maximum control over user attributes

LDAP Integration when:

  • Existing Active Directory or LDAP infrastructure
  • Need for automated user lifecycle management
  • Group-based access control requirements
  • Traditional on-premises environment

OAuth OIDC when:

  • Cloud-first architecture
  • Integration with modern identity providers
  • Single sign-on requirements
  • Reduced password management overhead

Manual User Creation

Manual user creation gives administrators direct control over user accounts and is ideal for smaller teams or organizations without existing directory infrastructure.

Prerequisites

  • Administrator access to Coginiti Team
  • User information including names and email addresses
  • Role assignments planned for each user

Step-by-Step User Creation

Step 1: Access User Management

  1. Click your account dropdown in the upper right corner of the application
  2. Select "Admin Settings" from the dropdown menu
  3. Choose "Manage Users" from the admin menu

Step 2: Register New User

  1. Click "Register New User" button
  2. Fill in the user registration form with the following information:

Required Fields:

  • First Name: User's first name
  • Last Name: User's last name
  • Email Address: User's email (used as login username)
  • Password: Initial password for the user
  • Confirm Password: Password confirmation

User Role Selection:

  • User: Standard user with access to assigned resources
  • Admin: Administrator with full system access and user management capabilities
Important Role Selection

Make sure you select the correct User/Admin role, as it determines significant feature differences throughout the application. Admin users have full access to system configuration and user management.

Step 3: Complete Registration

  1. Review the information for accuracy
  2. Click "Register" to create the user account
  3. The new user will appear in the "Manage Users" grid

Managing Existing Users

From the "Manage Users" grid, administrators can:

Edit User Information

  • Click the "Edit" button next to a user
  • Modify user details such as name, email, or role
  • Save changes to update the user account

Change User Password

  • Click "Change Password" for the selected user
  • Enter new password and confirmation
  • Save to update the user's password

Disable User Account

  • Click "Disable" to deactivate a user account
  • Disabled users cannot log in but their data remains intact
  • Re-enable users by clicking "Enable" when needed

Delete User Account

  • Click "Delete" to permanently remove a user
  • Confirm deletion in the popup dialog
  • User data and permissions are permanently removed
User Deletion Warning

Deleting a user permanently removes their account and associated data. Consider disabling users instead if you may need to restore access later.

User Groups and Permissions

Creating User Groups

  1. Navigate to "Manage Groups" in Admin Settings
  2. Click "Create New Group"
  3. Enter group name and description
  4. Add users to the group
  5. Assign permissions and resources

Managing Group Permissions

  • Database Connections: Control which data sources groups can access
  • Workspaces: Assign groups to specific workspaces
  • Features: Enable/disable features for specific groups
  • Resource Limits: Set query limits and resource constraints

LDAP Integration

LDAP integration provides automated user synchronization with corporate directory services, eliminating manual user lifecycle management.

Prerequisites

  • LDAP/Active Directory server accessible from Coginiti Team
  • Service account with read access to user directory
  • Network connectivity between Coginiti Team and LDAP server
  • SSL certificate for secure LDAP connections (recommended)

Supported LDAP Directories

  • Microsoft Active Directory
  • OpenLDAP
  • Apache Directory Server
  • Oracle Directory Server
  • IBM Security Directory Server
  • Any LDAP v3 compliant directory

LDAP Configuration Steps

Step 1: Access LDAP Configuration

  1. Navigate to "Administration""User Directory"
  2. Select "LDAP Integration" tab

Step 2: Configure LDAP Server Settings

Basic Connection Settings:

  • LDAP Server URL: ldap://your-ldap-server.company.com:389 or ldaps://your-ldap-server.company.com:636
  • Base DN: dc=company,dc=com (root of your directory tree)
  • Bind DN: cn=coginiti-service,ou=service-accounts,dc=company,dc=com (service account)
  • Bind Password: Password for the service account

Encryption Settings:

  • No Encryption: Plain LDAP (not recommended for production)
  • SSL/TLS: Secure connection using SSL/TLS
  • StartTLS: Upgrade connection to TLS after initial plain connection
Security Recommendation

Always use SSL/TLS encryption for LDAP connections in production environments to protect user credentials and directory information.

Step 3: Configure Connection Settings (Optional)

Advanced Connection Options:

  • Connection Timeout: Timeout for LDAP connection attempts (default: 30 seconds)
  • Read Timeout: Timeout for LDAP read operations (default: 60 seconds)
  • Connection Pool Size: Number of concurrent LDAP connections (default: 10)
  • Retry Attempts: Number of retry attempts for failed connections (default: 3)

Step 4: Configure User Schema Settings

Map LDAP attributes to Coginiti user fields:

User Search Settings:

  • User Search Base: ou=users,dc=company,dc=com
  • User Search Filter: (&(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
  • Username Attribute: sAMAccountName (Active Directory) or uid (OpenLDAP)
  • Email Attribute: mail
  • First Name Attribute: givenName
  • Last Name Attribute: sn
  • Display Name Attribute: displayName

Sample User Schema Configuration:

User Search Base: ou=employees,dc=company,dc=com
User Search Filter: (&(objectClass=user)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Username Attribute: sAMAccountName
Email Attribute: mail
First Name Attribute: givenName
Last Name Attribute: sn

Step 5: Configure Group Schema Settings (Optional)

Configure group synchronization for automated role management:

Group Search Settings:

  • Group Search Base: ou=groups,dc=company,dc=com
  • Group Search Filter: (objectClass=group)
  • Group Name Attribute: cn
  • Group Member Attribute: member
  • Group Description Attribute: description

Group Mapping:

  • Admin Groups: Map LDAP groups to Coginiti admin roles
  • User Groups: Map LDAP groups to standard user roles
  • Resource Groups: Map groups to specific database connections or workspaces

Sample Group Schema Configuration:

Group Search Base: ou=security-groups,dc=company,dc=com
Group Search Filter: (&(objectClass=group)(cn=Coginiti*))
Group Name Attribute: cn
Group Member Attribute: member
Group Synchronization

Group schema configuration is required if you want to recreate LDAP groups in Coginiti for easier user management, such as assigning specific database connections or permissions to groups.

Step 6: Configure Sync Settings

Set up automated synchronization between LDAP and Coginiti:

Synchronization Frequency:

  • Sync Interval: How often to sync users (in minutes)
  • Recommended: 60-240 minutes for most environments
  • High-frequency: 15-30 minutes for rapidly changing environments

Sync Options:

  • Create New Users: Automatically create Coginiti accounts for new LDAP users
  • Update Existing Users: Update user information when LDAP attributes change
  • Disable Removed Users: Disable Coginiti accounts for users removed from LDAP
  • Delete Removed Users: Permanently delete accounts for removed users (not recommended)

Initial Sync:

  • Test Connection: Verify LDAP connectivity and authentication
  • Preview Users: See which users will be imported before running full sync
  • Run Initial Sync: Import all matching users from LDAP

LDAP Synchronization Monitoring

Sync History and Status

Monitor synchronization jobs from the "Sync Settings & History" section:

Sync Job Information:

  • Last Sync Time: When the last synchronization completed
  • Sync Status: Success, failure, or in progress
  • Users Added: Number of new users created
  • Users Updated: Number of existing users modified
  • Users Disabled: Number of users deactivated
  • Errors: Any synchronization errors or warnings

Sync Logs:

  • Detailed logs for each synchronization job
  • User-level details for troubleshooting sync issues
  • Error messages for failed operations
  • Performance metrics for sync operations

Troubleshooting LDAP Sync

Common Sync Issues:

Connection Failures:

  • Verify LDAP server URL and port
  • Check network connectivity from Coginiti server
  • Validate service account credentials
  • Ensure SSL certificates are valid

User Import Issues:

  • Verify user search base and filter
  • Check required attribute mappings
  • Ensure users have required attributes (email, name)
  • Review LDAP permissions for service account

Group Sync Problems:

  • Validate group search base and filter
  • Check group member attribute format
  • Ensure group names don't conflict with existing Coginiti groups
  • Verify group membership attribute syntax

LDAP User Management

User Lifecycle Management

New User Onboarding:

  1. User created in LDAPAutomatically synced to Coginiti
  2. Default permissions applied based on group membership
  3. User can immediately log in using LDAP credentials

User Updates:

  1. LDAP attributes changedSynchronized to Coginiti
  2. Group membership changesPermissions updated automatically
  3. Name/email changesCoginiti account updated

User Offboarding:

  1. User disabled in LDAPCoginiti account disabled
  2. User removed from LDAPCoginiti account deactivated
  3. Sessions terminated and access revoked immediately

Manual Override Options

Local User Modifications:

  • Temporarily disable LDAP users locally in Coginiti
  • Override group assignments for specific users
  • Add local permissions beyond LDAP group assignments
  • Reset passwords for emergency access (bypasses LDAP)
Manual Overrides

Local modifications to LDAP-synced users may be overwritten during the next synchronization. Use with caution and document any permanent local changes.

OAuth OIDC Integration

For comprehensive OAuth OIDC configuration, see the dedicated OAuth OIDC Authentication Guide.

OAuth OIDC Summary

Key Benefits:

  • Single Sign-On: Users authenticate with existing corporate credentials
  • Reduced Password Management: No local passwords to manage
  • Just-in-Time Provisioning: Users created automatically on first login
  • Modern Security: Support for MFA and advanced authentication policies

Supported Providers:

  • Okta
  • Microsoft Azure AD (Entra ID)
  • Google Workspace
  • Auth0
  • Custom OIDC providers

Multi-Method Integration

Combining Authentication Methods

Coginiti Team supports multiple authentication methods simultaneously:

Hybrid Scenarios

LDAP + Local Users:

  • LDAP for employees - Automated management for full-time staff
  • Local users for contractors - Manual management for temporary access
  • Admin accounts local - Emergency access independent of LDAP

OAuth + Local Admins:

  • OAuth for users - Modern SSO experience
  • Local admin accounts - Emergency administrative access
  • Service accounts local - API and automation access

User Priority and Precedence

Authentication Order:

  1. OAuth OIDC - If configured and user attempts SSO login
  2. LDAP - If user exists in LDAP and uses username/password
  3. Local - If user account created locally in Coginiti

User Account Conflicts:

  • Same email address used in multiple methods
  • Priority given to externally managed accounts (LDAP/OAuth)
  • Local accounts merged or disabled when external account found

Migration Scenarios

Migrating from Local to LDAP

  1. Configure LDAP integration following setup steps
  2. Match existing users by email address during sync
  3. Convert local accounts to LDAP-managed accounts
  4. Update authentication method for affected users
  5. Disable local password authentication for converted users

Migrating from LDAP to OAuth

  1. Configure OAuth OIDC with identity provider
  2. Map LDAP users to OAuth identity provider accounts
  3. Test authentication with pilot user group
  4. Gradually migrate users from LDAP to OAuth
  5. Maintain LDAP as fallback during transition period

User Administration Best Practices

Security Best Practices

Password Policies

  • Minimum complexity requirements for local accounts
  • Regular password rotation for service accounts
  • Account lockout policies for failed login attempts
  • Session timeout configuration for inactive users

Access Control

  • Principle of least privilege - Grant minimum required access
  • Regular access reviews - Audit user permissions quarterly
  • Role-based access control - Use groups instead of individual permissions
  • Segregation of duties - Separate admin and user responsibilities

Monitoring and Auditing

  • User activity logging - Track login attempts and data access
  • Permission changes - Log all role assignments and modifications
  • Failed authentication monitoring - Alert on suspicious login patterns
  • Regular user account audits - Review active vs inactive accounts

Operational Best Practices

User Onboarding

  1. Standardized process for new user creation
  2. Role assignment templates based on job function
  3. Training materials for new users
  4. Access verification after account creation

User Offboarding

  1. Immediate access revocation when users leave
  2. Data ownership transfer to remaining team members
  3. Account archival rather than deletion (for audit purposes)
  4. Exit interview regarding data access and responsibilities

Maintenance Tasks

  • Regular user access reviews (quarterly)
  • Cleanup of inactive accounts (monthly)
  • Group membership audits (semi-annually)
  • Authentication method effectiveness reviews

Troubleshooting User Management

Common Issues

Login Problems:

  • Verify user account status (active/disabled)
  • Check authentication method configuration
  • Test network connectivity to auth systems
  • Review login logs for error details

Permission Issues:

  • Verify group membership and role assignments
  • Check resource-level permissions
  • Review inheritance from parent groups
  • Test with admin account to isolate issues

Sync Issues (LDAP):

  • Check LDAP server connectivity
  • Verify service account permissions
  • Review sync logs for specific errors
  • Test LDAP queries manually

Support and Resources

Getting Help

For user management assistance:

  • Coginiti Support: support@coginiti.co
  • Documentation: User management guides and references
  • Community: User forums and knowledge base

Additional Resources

Summary

You have successfully configured user management for Coginiti Team! Key achievements:

Authentication Methods: Understanding of manual, LDAP, and OAuth options ✅ User Lifecycle: Automated or manual user provisioning and deprovisioning ✅ Group Management: Role-based access control and permission assignment ✅ Security: Best practices for user authentication and access control ✅ Integration: Connection with existing identity infrastructure ✅ Monitoring: User activity tracking and access auditing

Your Coginiti Team instance now has comprehensive user management capabilities that scale with your organization's needs and integrate with existing identity infrastructure.