How Personal Accounts Work
This page explains how Personal Accounts work in Qualytics — from provisioning and authentication to team-based access control.
How Users Are Provisioned
Personal Accounts are created automatically when a user authenticates for the first time. There is no manual user creation in the Qualytics UI or API.
| Method | How It Works |
|---|---|
| SSO (First Login) | User authenticates via your identity provider (Okta, Microsoft Entra, etc.) and Qualytics creates the account on the first API request. |
| Directory Sync (SCIM) | Users are pre-provisioned from your identity provider before they log in, allowing team and role pre-assignment. |
New users are assigned the Member role by default and added to the Public team. An Administrator can update their role and team assignments after the account is created.
Info
For details on SSO configuration, see the SSO documentation. For automated provisioning, see Directory Sync.
User Roles
Every user is assigned a role that controls their platform-level permissions: Admin, Manager, or Member.
Info
For detailed capability tables per role, see the User Roles page.
| Role | Access Level |
|---|---|
| Admin | Full platform access — manage users, teams, datastores, connections, and all settings. Not subject to team permissions. |
| Manager | Limited admin access — create datastores, manage tags, notifications, and connections. Subject to team permissions for datastore content. |
| Member | Standard access — inherits permissions from team membership. Can generate personal tokens and view library/tags. |
Team-Based Access
Access controls in Qualytics are assigned at the datastore level through Teams. A non-administrator user can have one of the following levels of access to any datastore:
- Editor: Full datastore management — enrichment, scoring, computed fields, operations, and field status.
- Author: Manage checks — activate, validate, change status, and edit metadata.
- Drafter: Create and save checks as drafts without activating them.
- Viewer: Read-only access to anomalies with the ability to add comments.
- Reporter: Read-only access to all report information including dashboards, overviews, and anomalies.
Note
Permissions are assigned to Teams rather than directly to users. Users inherit the permissions of the teams to which they are assigned.
All users are part of the default Public team, which provides access to all Public Datastores. Admins can create and manage additional teams, assigning both users and datastores to them.
Info
For detailed permission matrices per team role, see the Teams — How It Works page.