Introduction
The User Management page is your central hub for configuring access and ensuring data security.
User Management includes a plethora of different features, so this is an article that you’ll want to take in chunks! Refer back to it whenever you need a refresher on specific features.
To access:
Click your avatar, then User management.
With the page open. click links in the left pane to open each tab.
Profile
The Profile screen shows your personal account details, including email, name, username, phone number, and job title.
Edit your profile
Edit your profile
Click the Edit icon to open up the editor.
Make the changes and click Save.
Privacy & security
The Privacy & Security screen shows authentication and account protection settings for your profile.
Set up passkey
Set up passkey
Click Set up and follow the on-screen instructions. This will depend on the device.
The device will then ask you to confirm that you want to create a passkey. It will ask you to authenticate using your fingerprint, face scan, or screen lock PIN/pattern.
Confirm what you have entered.
Once you’ve authenticated, the passkey is created and saved on your device or in your device’s secure password manager.
Set up Multi-factor authentication (MFA)
Set up Multi-factor authentication (MFA)
Click Set up and follow the on-screen instructions.
Confirm the settings.
The Configuration tab in MFA has three options: Don’t Force, Force (MFA) and Force except enterprise SSO. For more on SSO, check out the article Set up SSO SAML and OIDC.
Add security key
Add security key
Click Set up and follow the on-screen instructions.
Log out all other sessions
Log out all other sessions
It’s not uncommon to have multiple active sessions. However, active sessions may allow access to sensitive data. The log out all other sessions feature terminates connections to your account across all devices and browsers, except for the one you are currently using.
Click Log out all other sessions. A warming message appears.
If you’re sure, click Log out all.
Log in again next time you open Foundational.
Log out
Log out
Simply click Log out!
Users
The Users screen shows all members in your workspace, including their roles, status, and access levels. There are two user roles: Admin and Read Only.
Only admins can add / remove users and edit SSO and authentication configurations.
Add users
Add users
At the top of the screen, click Invite. A new screen opens.
Add the new user’s email, role and full name.
Click Invite.
The person receives an email. When they click a link in the email to accept, the user’s status changes from Pending approval to show the date they joined.
If the person doesn’t see the email in their Inbox, ask them to check their Spam folder.
Delete users
Delete users
From the User screen, select the user, click the 3 dots and select Delete User.
Disable users
Disable users
From the User screen, select the user, click the 3 dots and select Disable User.
Resend invite
Resend invite
From the User screen, select the user, click the 3 dots and select Resend invitation email.
Find users
Find users
Enter a text string in the search bar.
Security
Admins only.
The Security screen shows workspace-level authentication and authorization configurations.
There’s more than one way to manage security features in Foundational.
You can click Manage against each listed vulnerability (1-2 in the screenshot) and follow the on-screen options.
Alternatively, select one of the quadrants in the Security check up section (3-6 in the screenshot), click Manage and follow the on-screen options.
# | Screen Element | Description |
1 | Vulnerability warnings | Click Manage to open up the options to mitigate the vulnerability. |
2 | Show more | Click to ensure you see all identified vulnerabilities. |
3 | Security check up - MFA | Shows the number of affected accounts. |
4 | Security check up - Sessions | Shows the number of affected sessions. |
5 | Security check up - Inactivity | Shows the number of affected users. |
6 | Security check up - Restrictions | Shows the number of affected IPs and domains. |
Force MFA
Force MFA
MFA is the best security measure you can take. By forcing MFA, all users in your account will be required to set up MFA on their next login.
From the Security main screen, at the section Force MFA for all users, click Manage.
A new screen opens with with 2 tabs: Summary and Configuration.
The Summary tab shows which users have MFA.
The Configuration tab gives the options to:
Not enforce
Enforce
Force except enterprise SSO
Control session timeouts
Control session timeouts
Idle session timeout ensures idle sessions don’t become targets for attack.
From the Security main screen, at the section Enable Idle Session, click Manage or click Manage in the Sessions quadrant (#4).
Enable the toggle and set the number of days for the timeout.
Click Save.
Control the maximum number of concurrent sessions
Control the maximum number of concurrent sessions
Max concurrent sessions ensures users don’t open too many sessions, which can be unsafe.
From the Security main screen, at the section Enable max concurrent sessions, click Manage or click Manage in the Sessions quadrant (#4)
Enable the toggle and set maximum number of days.
Click Save.
Enforce relogin
Enforce relogin
Setting a force relogin policy ensures user sessions don't last too long and risk becoming compromised.
From the Security main screen, at the section Enable reforce login, click Manage or click Manage in the Sessions quadrant (#4).
Enable the toggle Force Re-login and set the number of days.
Click Save.
Restrict IPs and domains
Restrict IPs and domains
IP restrictions let you tightly control which IP addresses can access your account. You can control access to IP addresses and domains.
From the Security main screen, at the section Enable IP restrictions, click Manage. A new screen opens with with 2 tabs: IP and Domain.
To restrict IP addresses, on the IP tab, enable the toggle. A new screen opens.
Click Add my IP and save the change.
To restrict domains, on the Domain tab, enable the toggle.
Only users with approved email domains can be invited to / join your account. Adding domains does not affect existing users.
SSO
Admins only.
Setting up SSO in Foundational is a key part of your setup and requires the Admin role in Foundational and admin permissions in your IdP.
Generally, your IT support sets up SSO either as part of the First time login process or very soon after that.
To connect your IdP to Foundational, check out the article Set up SSO SAML and OIDC.
Provisioning
Admins only.
The Provisioning screen shows setup options for automated user account management.
Use this screen to configure your IdP to connect to Foundational.
Generally, your IT support sets up Provisioning either as part of the First time login process or very soon after that.
To set up Provisioning, check out the article Set up SCIM provisioning.
Audit logs
The Audit Logs screen shows a detailed record of user actions, login events, and account changes across your workspace.
Use this screen to:
Monitor user activity and access patterns.
Verify login events and performed actions.
Export logs for security review.
Download audit logs
Download audit logs
Click Download to download to .csv.
Filter audit logs
Filter audit logs
Click the filter icon to open the pane and enter the text string.
API tokens
The API Tokens screen shows all existing tokens used for integrations or automation. Each token includes details such as description, role, type, expiry date, and creator.
From this screen you can add and delete API tokens.
For more details, check out the article Create API Tokens.