# User Management -------------------------------------------------------------------------------- title: "Introduction" description: "User Management allows you to directly add end-users to your application and assign them custom roles" last_updated: "2026-03-18T07:41:08.535Z" source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/user-management/introduction/" service: "Cloud Scale" -------------------------------------------------------------------------------- # User Management The *User Management* feature of the Authentication component enables you to manage {{%link href="/en/cloud-scale/help/authentication/user-management/users/implementation/" %}}users{{%/link%}} that have signed up to your application. User Management also enables you to configure and maintain different {{%link href="/en/cloud-scale/help/authentication/user-management/roles/implementation/" %}}roles{{%/link%}} for each user. {{%note%}}{{%bold%}}Note:{{%/bold%}} You will have to enable at least one authentication type to access this section.{{%/note%}} You can add an end-user to your application in four different ways: 1. The application developer or a collaborator of the Catalyst project can {{%link href="/en/cloud-scale/help/authentication/user-management/users/implementation/#adding-a-new-user-from-the-console" %}}add a new user{{%/link%}} from Authentication in the Catalyst console after implementing one of the authentication types- {{%link href="/en/cloud-scale/help/authentication/native-catalyst-authentication/hosted-authentication-type/introduction/" %}}Hosted{{%/link%}}, {{%link href="/en/cloud-scale/help/authentication/native-catalyst-authentication/embedded-authentication/introduction/" %}}Embedded{{%/link%}}, and {{%link href="/en/cloud-scale/help/authentication/third-party-authentication/introduction/" %}}Third-party{{%/link%}}. 2. The application developer or collaborator can also add a user using {{%link href="/en/sdk/java/v1/cloud-scale/authentication/add-new-user/" %}}Java{{%/link%}}, {{%link href="/en/sdk/nodejs/v2/cloud-scale/authentication/add-new-user/" %}}Node.JS{{%/link%}}, {{%link href="/en/sdk/python/v1/cloud-scale/authentication/add-new-user/" %}}Python{{%/link%}}, or {{%link href="/en/sdk/web/v4/cloud-scale/authentication/add-new-user/" %}}Web{{%/link%}} SDKs or the {{%link href="/en/api/code-reference/cloud-scale/authentication/add-new-user/#AddNewUser" %}}API{{%/link%}}s. 3. You can distribute the URL of your application to the user through other mediums and enable them to sign-up to it through the application's sign-up page. 4. You can enable provisions for a {{%link href= "/en/cloud-scale/help/authentication/user-management/roles/introduction/" %}}user to be added by another existing user{{%/link%}} of the application with the necessary privileges, such as a user of the role App admin. You can incorporate this feature in your application's logic. Catalyst will send an email invite to the user who was added containing a URL that will open a sign-up form where they can set up their password, in all four cases. After they set up their password, they will either be redirected to the {{%link href="/en/cli/v1/project-directory-structure/introduction/" %}}default redirect URL of the application{{%/link%}} or the URL you specify while inviting the user from the console. {{%note%}}{{%bold%}}Note:{{%/bold%}} You will be able to add a maximum of 25 users in your application in the development environment. After you deploy your application to production, you can include any number of end-users in it.{{%/note%}} The *User Management* feature includes two sections in the console. 1. {{%link href="/en/cloud-scale/help/authentication/user-management/users/implementation/#adding-a-new-user-from-the-console" %}}Users{{%/link%}}: You can add end-users to your application in this section directly, and they will receive email invites. You also be able to enable or disable their access to the application, view or modify their details, and delete them from the application. <br /> 2. {{%link href="/en/cloud-scale/help/authentication/user-management/roles/implementation/" %}}Roles{{%/link%}}: This section enables you to create and configure user roles, based on your business and organizational requirements. You will also be able to view all the user roles available in the project, along with all their details, and edit them, if required. <br /> <br /> ## Roles -------------------------------------------------------------------------------- title: "Introduction" description: "User Management allows you to directly add end-users to your application and assign them custom roles" last_updated: "2026-03-18T07:41:08.536Z" source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/user-management/roles/introduction/" service: "Cloud Scale" -------------------------------------------------------------------------------- # Roles ### Introduction Roles define a set of permissions and the level of access granted for a user to access your application or modify its data. You can define the scopes and access permissions for certain Catalyst components to each role, and assign a role to every user. This categorization enables the users of your application to only access functionalities that are relevant to them. *Roles* currently apply to the {{%link href="/en/cloud-scale/help/data-store/introduction/" %}}Data Store{{%/link%}} and the {{%link href="/en/cloud-scale/help/file-store/introduction/" %}}File Store{{%/link%}}. You can define the {{%link href="/en/cloud-scale/help/data-store/scopes-and-permissions/" %}}scopes and permissions{{%/link%}} of each table for each user role in the Data Store. These scopes and permissions also apply to {{%link href="/en/cloud-scale/help/search-integration/introduction/" %}}Search{{%/link%}} and {{%link href="/en/cloud-scale/help/zcql/introduction/" %}}ZCQL{{%/link%}} by extension, since these components are tied closely to the Data Store. Similarly, you can {{%link href="/en/cloud-scale/help/file-store/implementation/#set-permissions-for-a-folder" %}}define Folder access permissions{{%/link%}} for each role in the File Store. *Roles* is available as a section of the *User Management* feature in *Authentication*. Two system defined roles are present by default: 1. {{%badge%}}{{%bold%}}App Administrator{{%/bold%}}{{%/badge%}}: The users assigned to the {{%badge%}}App Administrator{{%/badge%}} role essentially have an admin access to the application by default. You can override this and define their access levels to the tables in the {{%link href="/en/cloud-scale/help/data-store/introduction/" %}}Data Store{{%/link%}} and to the folders in the {{%link href="/en/cloud-scale/help/file-store/introduction/" %}}File Store{{%/link%}}. 2. {{%badge%}}{{%bold%}}App User{{%/bold%}}{{%/badge%}}: The users assigned to the {{%badge%}}App User{{%/badge%}} role essentially have an end-user level access to the application by default. You can also override this and define their access levels in the {{%link href="/en/cloud-scale/help/data-store/introduction/" %}}Data Store{{%/link%}} and the {{%link href="/en/cloud-scale/help/file-store/introduction/" %}}File Store{{%/link%}}. {{%note%}}{{%bold%}}Note:{{%/bold%}} * The {{%badge%}}App User{{%/badge%}} role is considered to be the default role. When you create a custom role and do not specify the scopes of the role it needs to follow, the scopes of the {{%badge%}}App User{{%/badge%}} role will apply to the custom role.{{%/note%}} In addition to these roles, you can create your own custom roles and define their permissions. You can also make these custom roles as {{%badge%}}Default{{%/badge%}} roles. When a user role is set as the **default role**, the users who are added to your application are assigned to that role automatically, and the permissions that have been set for that role are made available to them. <br /> -------------------------------------------------------------------------------- title: "Benefits" description: "User Management allows you to directly add end-users to your application and assign them custom roles" last_updated: "2026-03-18T07:41:08.536Z" source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/user-management/roles/benefits/" service: "Cloud Scale" -------------------------------------------------------------------------------- # Benefits * Roles enable you to group your application users based on the access levels and permissions given to them. * Roles help you to prevent unauthorized access to view or modify application data, and boost the resource and data security in your application. * You can configure scopes and grant specific permissions to actions like viewing a table's data, deleting rows from a table, or uploading files in specific folders in the {{%link href="/en/cloud-scale/help/data-store/introduction/" %}}Data Store{{%/link%}} and the {{%link href="/en/cloud-scale/help/file-store/introduction/" %}}File Store{{%/link%}} for custom roles. * They also enable you to control the data flow and the design of your application as per your needs. You can build your application by keeping in mind the multi-level access you can grant to various user groups. -------------------------------------------------------------------------------- title: "Implementation" description: "User Management allows you to directly add end-users to your application and assign them custom roles" last_updated: "2026-03-18T07:41:08.536Z" source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/user-management/roles/implementation/" service: "Cloud Scale" -------------------------------------------------------------------------------- # Implementation ### Create a New User Role When you create a new custom role in Catalyst, you must clone an existing role. This action will clone the set of permissions from the parent role to the new role. You can change the scopes and permissions of your custom role in the {{%link href="/en/getting-started/set-up-a-catalyst-project/profiles-and-permissions/" %}}Permissions{{%/link%}} section of {{%link href="/en/cloud-scale/help/data-store/introduction/" %}}Data Store{{%/link%}} and {{%link href="/en/cloud-scale/help/file-store/introduction/" %}}File Store{{%/link%}}. {{%note%}}{{%bold%}}Note:{{%/bold%}} You will not be able to delete roles from Catalyst currently. The provision to delete roles will be rolled out soon.{{%/note%}} To create a new user role for your Catalyst application: 1. Click the **Roles** tab of the *User Management* section of *Authentication*. Click the **Add Roles** button. <br /> 2. Enter the name and description for the *Role*. <br /> 3. Choose an existing role to clone the scopes and permissions for your custom role from the drop-down selection of **Clone Role**. <br /> 4. You can enable the **Make as Default** toggle option if you want to ensure that when an end-user is added to your application, they will be automatically added to this role by default. Catalyst will automatically apply the permissions defined for this role to the new user. <br /> 5. Click **Add**. <br /> The role will now be displayed in the *Roles* section along with the unique *Role ID* generated by Catalyst, the description of the role, the details of the collaborator that created the role and the date and time the role was created on. ### Edit a Role You can edit the name, description, and choose if you wish to make the role a default role or not using the **Make as Default** toggle. To edit a role: 1. Click the **ellipsis icon** present at the corner of the role you wish to edit and select **Edit**. <br /> 2. Make the required changes and click **Update**. <br /> ### Delete a Role The following points need to be taken note of before you opt to delete a role: * While you can edit a system defined role—{{%badge%}}App Administrator{{%/badge%}} and {{%badge%}}App User{{%/badge%}}, you cannot delete them. * You cannot delete a {{%badge%}}Default{{%/badge%}} role. To delete a role that is marked as {{%badge%}}Default{{%/badge%}}, you need to make another role as {{%badge%}}Default{{%/badge%}} before attempting to delete the intended role. * Before deleting a role you need to transfer its users to a new or a different existing role. To delete a role: 1. Click the **ellipsis icon** present at the corner of the role you wish to delete and select **Delete**. <br /> 2. Transfer the users of the role that you are going to delete to a different role. You can do so by choosing the role from the drop-down. <br /> {{%note%}}{{%bold%}}Info:{{%/bold%}} If there are more roles in the {{%link href="/en/deployment-and-billing/environments/development-environment/" %}}development environment{{%/link%}} than in the {{%link href="/en/deployment-and-billing/environments/production-environment/" %}}production environment{{%/link%}}, and if you choose to migrate your project back to development from production, then: * The additional roles present in the development environment will be automatically deleted. * The users mapped to these roles will be mapped to the {{%badge%}}Default{{%/badge%}} role as listed in the production environment.{{%/note%}} 3. Click **Yes, Delete** to delete the role. <br /> You will get a console notification notifying you that the required role has been deleted and its users have been successfully transfered to the Trasfer Role you selected. <br /> <br /> ## Users -------------------------------------------------------------------------------- title: "Introduction" description: "User Management allows you to directly add end-users to your application and assign them custom roles" last_updated: "2026-03-18T07:41:08.536Z" source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/user-management/users/introduction/" service: "Cloud Scale" -------------------------------------------------------------------------------- # Users ### Introduction It's important to remember the following details to implement and utilize the Users section effectively: * {{%badge%}}{{%bold%}}ZUID{{%/bold%}}{{%/badge%}}: {{%badge%}}ZUID{{%/badge%}} is the unique identification of a Zoho user account for individual application. It is automatically created for an end-user when they sign-up for your application. * {{%badge%}}{{%bold%}}UserID{{%/bold%}}{{%/badge%}}: {{%badge%}}UserID{{%/badge%}} is the unique identification of an end-user, limited to Catalyst alone and not applicable to other Zoho services. This is also automatically created for an end-user when they sign up for your application. * {{%badge%}}{{%bold%}}Org ID{{%/bold%}}{{%/badge%}}: {{%badge%}}Org ID{{%/badge%}} is the unique identification of the organization that an end-user belongs to. This identification is generated when the end-user is added through the {{%link href="/en/api/code-reference/cloud-scale/authentication/add-new-user/#AddNewUser" %}}Add User API{{%/link%}} or through the {{%link href="/en/cloud-scale/help/authentication/user-management/users/implementation/#adding-a-new-user-from-the-console" %}}Add User{{%/link%}} button in the console. If the Org ID is not specified while adding the user, Catalyst will automatically generate a unique Org ID for that particular user. {{%note%}}{{%bold%}}Note:{{%/bold%}}The organization of a user cannot be changed later, once it is associated with their account.{{%/note%}} * An end-user can sign up to any number of Catalyst applications; a unique ZUID and Org ID will be created each time for that user. However, this could also cause inconvenience for the user, as they would have to sign in every time they switch to a different Catalyst application. To prevent this, if you implement a {{%link href="/en/cloud-scale/help/authentication/native-catalyst-authentication/introduction/" %}}Native Catalyst Authentication type{{%/link%}} in all of your Catalyst applications, you can easily set up {{%link href= "/en/cloud-scale/help/authentication/social-logins/introduction/" %}}Social Logins{{%/link%}} that will allow users to sign up to all your applications using credentials of trusted Identity Providers (IdPs). {{%note%}}{{%bold%}}Note:{{%/bold%}} Catalyst's {{%link href="/en/api/introduction/multi-org-support/#Multi-OrgSupport" %}}Multi-Org feature{{%/link%}} enables a Catalyst developer to be a part of multiple organizations, while registered with one Catalyst account. This means that if a user or a {{%link href="/en/getting-started/set-up-a-catalyst-project/collaborators/"%}}collaborator{{%/link%}} signs up for more than one Catalyst organization, they are assigned a different Org IDs under one ZUID for each application.{{%/note%}} <br /> -------------------------------------------------------------------------------- title: "Benefits" description: "User Management allows you to directly add end-users to your application and assign them custom roles" last_updated: "2026-03-18T07:41:08.537Z" source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/user-management/users/benefits/" service: "Cloud Scale" -------------------------------------------------------------------------------- # Benefits * Authentication provides an integrated space to manage application users and handle all end-user activities. The provision to handle user accounts directly from the Catalyst console, rather than creating additional solutions for it, is highly helpful and time saving. * Even if you have included a provision for users to create an account or reset their password from inside your application, you can still perform these activities quickly from the console for your convenience. * You can easily manage applications created for internal usage by your organization's members, or that are made accessible by request only using Authentication. * You can create custom user roles for your end-users, and provide them with more specific permissions. <br /> -------------------------------------------------------------------------------- title: "Implementation" description: "User Management allows you to directly add end-users to your application and assign them custom roles" last_updated: "2026-03-18T07:41:08.537Z" source: "https://docs.catalyst.zoho.com/en/cloud-scale/help/authentication/user-management/users/implementation/" service: "Cloud Scale" -------------------------------------------------------------------------------- # Implementation ### Adding a New User From The Console 1. Navigate to the *User Management* section of **Cloud Scale > Authentication** and click **Add User** in the *Users* section. <br /> {{%note%}}{{%bold%}}Note:{{%/bold%}} To add end-users to your application, you must first enable at least one of the {{%link href="/en/cloud-scale/help/authentication/introduction/" %}}authentication types{{%/link%}}.{{%/note%}} 2. Enter the **First Name**, **Last Name**, **Email ID** of the user. Select the **Role** or the user from the *Roles* drop-down list in the pop-up window. <br /> {{%note%}}{{%bold%}}Note:{{%/bold%}} You can find out more about {{%italics%}}Roles{{%/italics%}} from this {{%link href="/en/cloud-scale/help/authentication/user-management/roles/implementation/" %}}help section{{%/link%}}{{%/note%}} 3. If you wish to add the user under a particular organization, enter the Org ID. If you do not enter one, Catalyst will generate a unique organization ID for the user. <br /> 4. Select the platform of the application that you are inviting the user to access. <br /> {{%note%}}{{%bold%}}Note:{{%/bold%}} Specifying the platform does not prevent the user from accessing other platforms of the application. However, it defines the primary platform that the user will access from their device and sets default values for opening the application in the appropriate medium.{{%/note%}} If you select {{%bold%}}Andorid{{%/bold%}} or {{%bold%}}iOS{{%/bold%}} as the platforms, you can type in the redirect URL. <br /> 5. You can use the default homepage that you have specified in your web app's {{%link href="/en/cli/v1/project-directory-structure/catalyst-json/" %}}{{%badge%}}client-package.json{{%/badge%}}{{%/link%}} file as the redirect URL by checking the {{%bold%}}Use Default Redirect URL{{%/bold%}} checkbox. To use a different redirect URL, type the URL in the textbox. <br /> {{%note%}}{{%bold%}}Note:{{%/bold%}} Specifying the platform does not prevent the user from accessing other platforms of the application. However, it defines the primary platform that the user will access from their device and sets default values for opening the application in the appropriate medium.{{%/note%}} 6. Click {{%bold%}}Create{{%/bold%}}. <br /> The user will now be listed in the *Users* section along with their details. You can search for a particular user by their email address using the search bar. The *Users* section lists all users, including those who have signed up from inside the application. Click **Invite User** to add more users. When a new user is invited, Catalyst will send an automated email to their email address with a URL to set up their password. The content and design of this email template can be configured using the {{%link href="/en/cloud-scale/help/authentication/email-templates/introduction/" %}}Email Template{{%/link%}} feature of Authentication. When the user clicks on the link, they will be authenticated and redirected to a page that requests them to set their password. <br /> Once the user completes the process, they are redirected to the redirect URL that you specified while inviting the user. ### Enable or Disable a User You can enable or disable a user of your application as you need. When a user is disabled for an application, they will no longer be able to login to the application until you enable them again. To enable or disable a user, click the toggle switch in the *Status* column of that user. <br /> ### Reset a User's Password You can easily reset a user's password by sending them a Password Reset email from the Catalyst console. The email will contain a password reset link, which the user can click to create a new password for the application. The Password Reset email can be designed per your preference using the {{%link href="/en/cloud-scale/help/authentication/email-templates/introduction/" %}}Email Template{{%/link%}} feature of Authentication. If you are implementing {{%link href="/en/cloud-scale/help/authentication/native-catalyst-authentication/hosted-authentication-type/introduction/" %}}Hosted Authentication Type{{%/link%}}, you also have the option of designing the Password Reset page of your application directly in the console. {{%note%}}{{%bold%}}Note:{{%/bold%}} The password will be reset for all platforms, irrespective of the platform you choose. Specifying the platform sets default values for opening the application in the appropriate medium.{{%/note%}} To let user reset their password: 1. Click the ellipsis icon at the corner of the particular user, and click **Reset Password**. <br /> 2. Select the platform of the application for which the password is to be reset in the *Redirect Details* <br /> 3. Click **Reset**. <br /> This will automatically send a password reset email to the user's email address for the application platform that you have chosen. When the user clicks on the link, they will be redirected to the Password Reset page of your application where they can create a new password for their account. {{%note%}}{{%bold%}}Note:{{%/bold%}} You can also send a password reset email using {{%link href="/en/sdk/java/v1/cloud-scale/authentication/reset-password/" %}}Java{{%/link%}}, {{%link href="/en/sdk/nodejs/v2/cloud-scale/authentication/reset-password/" %}}Node.JS{{%/link%}}, {{%link href="/en/sdk/python/v1/cloud-scale/authentication/reset-password/" %}}Python{{%/link%}}, {{%link href="/en/sdk/web/v4/cloud-scale/authentication/reset-password/" %}}Web{{%/link%}} SDKs, or the {{%link href="/en/api/code-reference/cloud-scale/authentication/reset-user-password/#ResetUserPassword" %}}API{{%/link%}}.{{%/note%}} ### Modify a User's Details You can modify and update a user's name or the role that they were assigned to. However, you will not be able to change a user's registered *email address*, *Org ID*, or *User ID*. To modify user information in your application: 1. Click the **ellipsis icon** of the user whose information you wish to modify and select **Edit**. <br /> 2. Make any necessary changes in the pop-up widow and click **Update**. <br /> ### Delete a User You can permanently delete a user from logging in to your application. The user will need to re-register in your application if they want to use it again. To delete a user account from your application: 1. Click the **ellipsis icon** for the user you wish to delete and select **Delete**. <br /> 2. Click **Yes, Proceed** in the confirmation window. <br /> <br />