# User Management

Manage users, roles, and permissions in Windshift.

## User Roles

### System Roles

| Role | Description |
|------|-------------|
| System Admin | Full access to everything, including system settings |
| User | Regular user, access based on workspace membership |

### Workspace Roles

| Role | Description |
|------|-------------|
| Admin | Manage workspace settings, members, and all work items |
| Member | Create and edit work items, limited settings access |
| Viewer | Read-only access to work items |

## Inviting Users

### By Email

1. Go to Workspace Settings > Members
2. Click "Invite Member"
3. Enter email address
4. Select role
5. Send invitation

### By Link

1. Go to Workspace Settings > Members
2. Click "Create Invite Link"
3. Set role and expiration
4. Share the link

## Managing Users

### View All Users

System Admins can view all users:

1. Go to System Settings > Users
2. Search or filter by role
3. Click a user to view details

### Edit User

- Change display name
- Update email
- Reset password
- Enable/disable account

### Deactivate User

Deactivated users:

- Cannot log in
- Keep their work item history
- Can be reactivated later

## Password Policies

Configure in System Settings > Security:

- Minimum length
- Require uppercase/lowercase
- Require numbers/symbols
- Password expiration

## Session Management

- **Timeout** - Automatic logout after inactivity
- **Single session** - Allow only one active session per user
- **Force logout** - End all sessions for a user

## Audit Log

Track user actions (Pro feature):

- Login/logout events
- Permission changes
- Work item modifications

## SSO Integration (Pro)

Connect to your identity provider:

- SAML 2.0
- Okta, Azure AD, Google Workspace
- Auto-provisioning with SCIM

See [SAML Setup](/docs/admin-guide/saml) for configuration.