跳转至

Manage users within your enrollment(管理注册内的用户)

:::callout{theme="warning"} Palantir’s self-service passwordless identity provider is currently only available for new commercial and developer tier enrollments and AIP bootcamps.

In most cases, your enrollment administrator will integrate your organization's existing identity provider with the Palantir platform so you can log in with the same credentials you use across other internal systems. :::

This page provides detailed guidance on how to access and manage user accounts within your enrollment when using Palantir's self-service user directory. The following instructions describe how to add new users, manage passkeys, enable or disable existing accounts, and delete user accounts.

Access user management

To begin managing users within your enrollment, you must be an enrollment administrator or an authentication administrator. If you do not have one of these permissions, an existing enrollment administrator can grant you the relevant role. Review the documentation on granting user permission to manage users of the enrollment for more information.

To access the Manage users page, navigate to Control Panel > Manage user directory > Manage users.

The Manage users page within Control Panel.

Add a new user

  1. Navigate to the Manage users page. Review the access user management documentation.

The Manage users page within Control Panel, ready to add a new user.

  1. Select Add new user. From here, you can fill out the prospective user’s name and email address and send them an invitation to join the enrollment.

The add new user option.

Add new user dialog.

  1. The new user will receive an email to complete their user account registration and configure a passkey. Review the authentication documentation for more information.

Manage passkeys

If a user is locked out of their account or needs a passkey added or removed, an administrator can manage their passkeys. This includes deleting specific passkeys, deleting all passkeys to reset an account, and sending an invite for users to register additional passkeys.

To manage passkeys for a user, follow the steps below:

  1. Navigate to the Manage users page. Review the access user management documentation.
  2. Select the user whose passkeys you want to manage.
  3. Select the Manage passkeys option located in the User details pane.

The User details pane with the Manage passkeys option.

  1. The Manage passkeys dialog displays the user’s name, email, and user RID alongside two collapsible panels: Delete passkeys and Add passkey.

Delete passkeys

The Delete passkeys panel displays a checklist of all registered passkeys for the user. You can selectively delete one or more passkeys without affecting the remaining credentials.

The Manage passkeys dialog with the Delete passkeys panel expanded and one passkey selected for deletion.

Select the passkeys you want to remove and then select the Delete passkey(s) button. The behavior of the dialog changes depending on the number of passkeys selected:

  • If some passkeys are selected, only the selected passkeys are deleted. The user retains access through their remaining passkeys.
  • If all passkeys are selected, the action resets the user’s account. The user receives a recovery email and must register a new passkey.

The Manage passkeys dialog with all passkeys selected, showing a warning that removing all passkeys will reset the account.

Add a passkey

The Add passkey panel allows you to send an invite for a user to register an additional passkey without affecting their existing credentials. This is useful when a user is locked out on one device but has valid passkeys registered on other devices.

Each user can register a maximum of four passkeys. The panel displays the number of remaining passkey slots.

To add a passkey, select the Add passkey button.

The Manage passkeys dialog with the Add passkey panel expanded, showing one of four slots remaining.

The user will receive an email with a one-time password and a link to register an additional passkey. If the user has already reached the maximum of four passkeys, the Add passkey button is disabled. You must delete an existing passkey before adding a new one.

Passkey name visibility

Passkey names are visible to administrators when managing passkeys for a user. This visibility helps identify which passkeys to keep or remove during the recovery process. Users are informed during passkey creation and editing that their passkey names are visible to administrators and are advised not to include personal or sensitive information.

Disable user access

To revoke access from a user, an administrator can disable the account. The user will no longer be able to register, login, or have their account reset until the user is re-enabled.

To disable the user account, follow the steps below:

  1. Navigate to the Manage users page. Review the access user management documentation.
  2. Select the user to be disabled.
  3. Use the Disable option located in the User details pane.

Manage user directories user details pane.

  1. Review the information in the pop-up window and confirm by selecting Disable.

Manage user directories disable user dialog.

Re-enable user access

For a disabled user to regain access to the platform, an administrator will need to enable their account. Once enabled, the user’s account is reset and they will be able to register and login.

To enable a user, follow the steps below:

  1. Navigate to the Manage users page. Review the access user management documentation.
  2. Select the user to be enabled.
  3. Select the Enable option in the User details pane.

Manage user directories user details pane.

  1. Review the information in the pop-up window and confirm by selecting Enable.

Manage user directories enable user dialog.

Delete a user

To permanently revoke access from a user, you should delete the user.

:::callout{theme="danger"} This action cannot be undone, and the user will no longer have any access to the platform. Any resources the user owns should be shared or ownership transferred before deleting the user. :::

To delete the user account, follow the steps below:

  1. Navigate to the Manage users page. Review the access user management documentation.
  2. Select the user to be deleted.
  3. Select the Delete option in the User details pane.

Manage user directories user details pane.

  1. Review the information in the pop-up window and confirm by selecting Delete.

Manage user directories delete user dialog.

Grant user permission to manage users of the enrollment

To give other users the ability to manage users within your enrollment, you must grant these users either the enrollment administrator and/or authentication administrator role. For more information on enrollment permissions review Levels of permissions.

Manage user directories user details pane.


中文翻译


管理注册内的用户

:::callout{theme="warning"} Palantir 的自助无密码身份提供商目前仅适用于新的商业版和开发者版注册以及 AIP 训练营。

在大多数情况下,您的注册管理员会将您组织的现有身份提供商与 Palantir 平台集成,以便您可以使用与其他内部系统相同的凭据登录。 :::

本页面提供详细指导,说明在使用 Palantir 的自助用户目录时,如何访问和管理注册内的用户账户。以下说明描述了如何添加新用户、管理通行密钥(passkey)、启用或禁用现有账户以及删除用户账户。

访问用户管理

要开始管理注册内的用户,您必须是注册管理员(enrollment administrator)或身份验证管理员(authentication administrator)。如果您没有这些权限,现有的注册管理员可以授予您相关角色。有关更多信息,请查阅授予用户管理注册用户的权限文档。

要访问管理用户页面,请导航至控制面板 > 管理用户目录 > 管理用户

控制面板中的管理用户页面。

添加新用户

  1. 导航至管理用户页面。请查阅访问用户管理文档

控制面板中的管理用户页面,准备添加新用户。

  1. 选择添加新用户。在此处,您可以填写潜在用户的姓名和电子邮件地址,并向他们发送加入注册的邀请。

添加新用户选项。

添加新用户对话框。

  1. 新用户将收到一封电子邮件,以完成其用户账户注册并配置通行密钥。有关更多信息,请查阅身份验证文档

管理通行密钥

如果用户无法登录其账户,或者需要添加或移除通行密钥,管理员可以管理其通行密钥。这包括删除特定通行密钥、删除所有通行密钥以重置账户,以及发送邀请让用户注册额外的通行密钥。

要管理用户的通行密钥,请按照以下步骤操作:

  1. 导航至管理用户页面。请查阅访问用户管理文档
  2. 选择您要管理其通行密钥的用户。
  3. 用户详情窗格中选择管理通行密钥选项。

包含管理通行密钥选项的用户详情窗格。

  1. 管理通行密钥对话框显示用户的姓名、电子邮件和用户 RID,以及两个可折叠面板:删除通行密钥添加通行密钥

删除通行密钥

删除通行密钥面板显示用户所有已注册通行密钥的清单。您可以选择性地删除一个或多个通行密钥,而不影响其余凭据。

管理通行密钥对话框,展开删除通行密钥面板并选中一个要删除的通行密钥。

选择您要移除的通行密钥,然后选择删除通行密钥按钮。对话框的行为会根据所选通行密钥的数量而变化:

  • 如果只选择了部分通行密钥,则仅删除选中的通行密钥。用户仍可通过其余通行密钥访问。
  • 如果选择了所有通行密钥,该操作将重置用户的账户。用户将收到一封恢复电子邮件,并且必须注册一个新的通行密钥。

管理通行密钥对话框,选中所有通行密钥,显示警告信息:移除所有通行密钥将重置账户。

添加通行密钥

添加通行密钥面板允许您发送邀请,让用户注册额外的通行密钥,而不会影响其现有凭据。当用户在一台设备上被锁定,但在其他设备上注册了有效通行密钥时,此功能非常有用。

每个用户最多可以注册四个通行密钥。该面板会显示剩余的通行密钥槽位数。

要添加通行密钥,请选择添加通行密钥按钮。

管理通行密钥对话框,展开添加通行密钥面板,显示剩余一个槽位。

用户将收到一封包含一次性密码和注册额外通行密钥链接的电子邮件。如果用户已达到四个通行密钥的上限,添加通行密钥按钮将被禁用。您必须先删除一个现有的通行密钥,然后才能添加新的通行密钥。

通行密钥名称可见性

管理员在管理用户的通行密钥时可以看到通行密钥名称。这种可见性有助于在恢复过程中识别要保留或移除的通行密钥。系统会在用户创建和编辑通行密钥时告知用户,其通行密钥名称对管理员可见,并建议用户不要包含个人或敏感信息。

禁用用户访问

要撤销用户的访问权限,管理员可以禁用该账户。在用户被重新启用之前,该用户将无法注册、登录或重置其账户。

要禁用用户账户,请按照以下步骤操作:

  1. 导航至管理用户页面。请查阅访问用户管理文档
  2. 选择要禁用的用户。
  3. 使用用户详情窗格中的禁用选项。

管理用户目录用户详情窗格。

  1. 查看弹出窗口中的信息,并通过选择禁用进行确认。

管理用户目录禁用用户对话框。

重新启用用户访问

对于被禁用的用户,需要管理员启用其账户才能重新获得对平台的访问权限。启用后,用户的账户将被重置,他们将能够注册和登录。

要启用用户,请按照以下步骤操作:

  1. 导航至管理用户页面。请查阅访问用户管理文档
  2. 选择要启用的用户。
  3. 用户详情窗格中选择启用选项。

管理用户目录用户详情窗格。

  1. 查看弹出窗口中的信息,并通过选择启用进行确认。

管理用户目录启用用户对话框。

删除用户

要永久撤销用户的访问权限,您应该删除该用户。

:::callout{theme="danger"} 此操作无法撤消,用户将不再拥有对平台的任何访问权限。在删除用户之前,应共享用户拥有的任何资源或转移其所有权。 :::

要删除用户账户,请按照以下步骤操作:

  1. 导航至管理用户页面。请查阅访问用户管理文档
  2. 选择要删除的用户。
  3. 用户详情窗格中选择删除选项。

管理用户目录用户详情窗格。

  1. 查看弹出窗口中的信息,并通过选择删除进行确认。

管理用户目录删除用户对话框。

授予用户管理注册用户的权限

要赋予其他用户管理注册内用户的能力,您必须授予这些用户注册管理员和/或身份验证管理员角色。有关注册权限的更多信息,请查阅权限级别

管理用户目录用户详情窗格。