Users

Creating and managing users

title: Creating and managing users description: Adding new team members, managing roles and performing user actions in Tidal Control sidebar_position: 2

Creating and managing users

Creating a new user

Adding new team members to Tidal Control happens through a simple process where you can directly assign the appropriate role.

User addition steps

  1. Go to Settings → Users in the left navigation
  2. Click "Add User" button at the top right of the Users page
  3. Fill in user information in the creation form
  4. Select appropriate role for the new user
  5. Click "Create" to add user

Add User dialog

Filling in user information

Required fields:

FieldExplanation
First NameFirst name
Last nameLast name
EmailBusiness email address
Role- Regular User - Default choice for most team members
- Read Only User - For users who only need access
- Super User - For administrators with full rights
Invite to Tidal Control after creationSend invitation email directly to user
Planning tip

You can create users and assign them to compliance objects before inviting them. This allows you to set up the entire system in preparation for team onboarding.

Assigning and changing roles

After creating users, you can easily adjust roles via the Role dropdown in the user table.

Role change process

  1. Go to the Users overview page
  2. Find the desired user in the table
  3. Click on Role dropdown in the user row
  4. Select new role from available options
  5. Change is saved immediately without confirmation

Role dropdown change

Warning

Security consideration: Granting Super User rights means full system access. Only assign this role to trusted administrators.

Inviting users

If you haven't invited users to Tidal when creating them, you need to do this later before login is possible. The invitation enables account activation and password setup.

Invitation process

  1. Go to Users overview page
  2. Find the new user in the table
  3. Click Actions menu (three vertical dots) in the user row
  4. Select "Send invite" from the dropdown menu
  5. Invitation is sent immediately to user email

Actions menu with Send invite

What happens after invitation?

User receives email with:

  • Welcome message with introduction to Tidal Control
  • Password setup link via Keycloak interface
Info

Invitations are valid for 7 days.

If the user hasn't activated their account within this period, a new invitation must be sent.

Invitation troubleshooting

Invitation not received:

  • Check spam folder of user email
  • Verify email address for typos in Users table
  • Resend invitation via Actions menu
  • Contact IT support for email delivery problems

User management tasks

The Actions menu provides various management options for existing users, from password help to account deletion.

Resetting password

When to use:

  • User forgot password
  • Suspected password compromise
  • New user didn't receive activation email

Reset process:

  1. Go to Users overview page
  2. Click Actions menu of relevant user
  3. Select "Reset password" from dropdown
  4. Confirm action in popup dialog
  5. User receives reset email with instructions

What the user receives:

  • Password reset email with secure reset link

Deleting user

When to use:

  • Employee left organization
  • Account no longer needed
  • Security reason requires access revocation

Deletion process:

  1. Go to Users overview page
  2. Click Actions menu of relevant user
  3. Select "Delete user" from dropdown
  4. Confirm deletion in warning dialog
  5. User is immediately removed from system

Impact of user deletion:

  • Access blocked - Immediate logout and future login blocked
  • Data preserved - Controls, tasks, evidence remain in system
  • Ownership changed - Assignments show "Unknown user"
  • Audit trail intact - Historical activities remain visible
Warning

Permanent action: User deletion cannot be undone. Consider first changing role to "Read Only User" for temporary access restriction.

Keycloak profile configuration

Users can manage their personal account information via the integrated Keycloak interface accessible from their profile.

Updating personal information

Users can adjust themselves:

  • Email - Contact address for system communication
  • First name / Last name - Names as displayed in interface

Not adjustable:

  • Username - Login identifier (often email address)

Access to Keycloak profile:

  1. Log in to Tidal Control
  2. Click profile icon top right (user avatar)
  3. Select "My Account" from dropdown menu
  4. Keycloak interface opens in new tab
  5. Adjust desired information and click "Save"

Keycloak personal information

Configuring authentication options

Setting up two-factor authentication:

  1. Go to Account Security in Keycloak menu
  2. Select "Signing in" section
  3. Click "Set up Authenticator application" link
  4. Scan QR code with authenticator app (Google Authenticator, Authy)
  5. Enter verification code to activate 2FA

Keycloak authentication settings

Available security options:

  • Password management - Change password and strength control
  • Two-factor authentication - Authenticator app configuration
  • Device activity - Overview of active login sessions
  • Applications - Linked services and access rights

Strict mode

Organizations using Tidal Control in Strict Mode have an additional layer of role-based access control per compliance object.

Is Strict Mode on?: You can see if your organization uses Strict Mode via the green "Strict Mode" indicator at the top right of the interface.

Strict mode indicator

How Strict Mode works

Additional role assignment required:

  • Regular Users start without access to specific controls or assets
  • Object-level roles must be explicitly assigned per control/asset
  • Owner role - Can create, modify and delete compliance objects (controls, risks, assets).
  • Contributor role - Can contribute to tasks and upload evidence, and also create own tasks and issues.

Impact on user management:

  • More granular control over what users can see
  • Explicit assignment required for each compliance object
  • Increased security but more administrative overhead
  • Suitable for large organizations with strict access control
Turn on Strict Mode?

Send an email to support@tidalcontrol.com and we'll set it up for you. Additional license costs apply to using Strict Mode.

Bulk user management strategies

Group invitations

Efficient onboarding for teams:

  1. Create all users with correct roles
  2. Assign responsibilities to controls and assets
  3. Test configuration with one pilot user
  4. Send all invitations simultaneously for consistent process
  5. Organize onboarding session for simultaneous account activation

Practical tips for user management

New employee onboarding

Efficient onboarding checklist:

  • Create user with correct name and email
  • Assign appropriate role based on function
  • Link responsibilities to controls/assets
  • Send invitation and confirm receipt
  • Guide first login and provide system explanation
  • Support 2FA configuration if required

Employee departure handling

Safe offboarding procedure:

  • Immediately revoke access via user deletion
  • Transfer responsibilities to other team members
  • Check ongoing tasks and change ownership
  • Perform access audit for related systems
  • Document in HR and compliance administration

Periodic user reviews

Monthly/quarterly checks:

  • Identify inactive accounts and evaluate
  • Check role appropriateness for function changes
  • Monitor 2FA adoption and encourage
  • Analyze access patterns for security risks

Next steps

Now that you can create and manage users:

  • Start with pilot group for system configuration and testing
  • Develop onboarding process for new team members
  • Plan role management for future organizational changes
  • Configure authentication policy for optimal security
Next
Strict Mode and granular access control