Manage users
To collaborate with others on projects in Astra DB, you can add users to your Astra DB organization.
To manage users, you need an application token or user role with the necessary permissions, such as the Organization Administrator role.
Add a user
-
Astra Portal
-
DevOps API
-
In the Astra Portal navigation menu, click Settings, and then click Users.
-
Click Invite User.
-
Enter the email address of the user you want to invite. The user must use this email address to sign in to Astra DB. If the user has an Astra DB account, make sure this email address matches the user’s existing account.
-
Select the roles that you want to assign to the user.
After the user accepts your invitation, you can edit their roles as needed.
-
Click Invite User.
To invite a user, use PUT /v2/organizations/users
:
curl -sS --location -X PUT "https://api.astra.datastax.com/v2/organizations/users" \
--header "Authorization: Bearer APPLICATION_TOKEN" \
--header "Content-Type: application/json" \
--data '{
"email": "USER_EMAIL",
"orgID": "ORGANIZATION_ID",
"roles": [
"ROLE_ID",
"ROLE_ID"
]
}'
Replace the following:
-
APPLICATION_TOKEN
: Your application token. -
USER_EMAIL
: The user’s email address. -
ORGANIZATION_ID
: Your organization ID. -
ROLE_ID
: One or more roles to assign to the user. To get role IDs, useGET /v2/organizations/roles
.
The user receives an email with a link to accept the invitation. Until the user accepts the invitation, the user’s status remains Invited.
Accept the invite
To accept an organization invitation, the invited user must sign in to Astra DB with the same email address that received the invitation.
The user can log in through SSO, as long as their SAML IdP profile, Google account, or GitHub account has the same email address as the organization invitation. Alternatively, the user can create a new account with the same email address, and then log in to accept the invitation.
Sign in with a SAML IdP
You can sign in to the Astra Portal through your SAML IdP if your Organization Administrator has enabled SSO. DataStax supports any SAML-compatible IdP, including Entra ID, Okta, OneLogin, Google Identity Platform, and Ping Identity. For more information, see Configure single sign-on.
Sign in with Google
You can use your Gmail or Google Workspace account to create an Astra DB account and sign in to the Astra Portal.
Sign in with GitHub
You can use your GitHub account to create an Astra DB account and sign in to the Astra Portal.
To use GitHub for Astra DB authentication, you must have a public email address in your GitHub profile. If you are a new user, make your email public before you create an Astra DB account. If you are an existing user and you selected keep my email address private in your GitHub profile, you must make your email address public, and then change your password to switch to Astra DB local authentication. Alternatively, you can use another SSO option with the same email address as your GitHub account. If you don’t want to make your email address public, you must use a different SSO option or username and password authentication. |
Sign in with a username and password
If you can’t use SSO, you can sign in with a username and password.
If you don’t already have an Astra DB account under the email address that you were invited with, you must create a new account with that email address:
-
Navigate to the Astra Portal.
-
On the Sign In page, click Sign Up.
-
Follow the prompts to create your account. Make sure to use the same email address that received the invitation.
-
After you create your account, follow the link in the invitation email to accept the invitation.
-
After you accept the invitation, you can switch to the organization that you were invited to.
Remove a user or revoke an invitation
Removing a user removes their access to your organization, but it doesn’t delete their account. The user retains their personal Astra DB account under their associated email address, including access to their default (personal) organization and any other organizations they belong to. The user can still access their personal Astra DB account, if they have access to the associated authentication method. If your organization uses SSO, make sure that you also remove the user from your IdP, if necessary. |
-
Astra Portal
-
DevOps API
-
In the Astra Portal navigation menu, click Settings, and then click Users.
-
Find the user you want to remove, click
More, and then select Delete.
-
Use
GET /v2/organizations/users
to get the user ID of the user you want to remove:curl -sS --location -X GET "https://api.astra.datastax.com/v2/organizations/users" \ --header "Authorization: Bearer APPLICATION_TOKEN" \ --header "Content-Type: application/json"
The response includes information for all users in the organization. Copy the
UserID
of the user you want to remove.{ "OrgID": "ORG_ID", "OrgName": "ORG_NAME", "Users": [ { "UserID": "a891c81c-4520-8318-88b6-4813c78da26e", "Email": "USER_EMAIL", "Status": "active", "Roles": [ { "ID": "ROLE_ID", "Name": "ROLE_NAME" } ] } ] }
-
Use
DELETE /v2/organizations/users
to remove the user:curl -sS --location -X DELETE "https://api.astra.datastax.com/v2/organizations/users/USER_ID" \ --header "Authorization: Bearer APPLICATION_TOKEN" \ --header "Content-Type: application/json"
-
Use
GET /v2/organizations/users/USER_ID
to verify the user was removed:curl -sS --location -X GET "https://api.astra.datastax.com/v2/organizations/users/USER_ID" \ --header "Authorization: Bearer APPLICATION_TOKEN" \ --header "Content-Type: application/json"
A
404 Not Found
status code indicates that the user was removed.
Edit user roles
-
Astra Portal
-
DevOps API
-
In the Astra Portal navigation menu, click Settings, and then click Users.
-
Find the user you want to edit, click
More, and then select Edit User. -
Select the default and custom roles to assign to the user, and then click Update User.
A user’s role list is a desired state list. When you use the DevOps API to edit a user’s roles, you must include all roles that you want the user to have. This includes all currently assigned roles you want to keep plus any new roles you want to add. |
-
Use
GET /v2/organizations/users
to get the user ID of the user you want to edit:curl -sS --location -X GET "https://api.astra.datastax.com/v2/organizations/users" \ --header "Authorization: Bearer APPLICATION_TOKEN" \ --header "Content-Type: application/json"
The response includes information for all users in the organization. Copy the
UserID
of the user you want to edit.{ "OrgID": "ORG_ID", "OrgName": "ORG_NAME", "Users": [ { "UserID": "a891c81c-4520-8318-88b6-4813c78da26e", "Email": "USER_EMAIL", "Status": "active", "Roles": [ { "ID": "ROLE_ID", "Name": "ROLE_NAME" } ] } ] }
-
Use
GET /v2/organizations/users/USER_ID
to get the roles currently assigned to the user:curl -sS --location -X GET "https://api.astra.datastax.com/v2/organizations/users/USER_ID" \ --header "Authorization: Bearer APPLICATION_TOKEN" \ --header "Content-Type: application/json"
The response includes information for the specified user. In the
Roles
object, copy theID
of each currently assigned role that you want to keep. You don’t need theID
for roles that you want to remove from the user.{ "UserID": "USER_ID", "Email": "USER_EMAIL", "Status": "active", "Roles": [ { "ID": "ad0566b5-2a67-49de-89e8-92258c2f2c98", "Name": "Organization Administrator" } ] }
-
If you want to assign new roles to this user, use
GET /v2/organizations/roles
to get the IDs for those roles:curl -sS --location -X GET "https://api.astra.datastax.com/v2/organizations/roles" \ --header "Authorization: Bearer APPLICATION_TOKEN" \ --header "Content-Type: application/json"
The response includes information about all default and custom roles in your organization. Copy the
id
for each role that you want to assign to the user.Response
The following example is truncated for clarity.
[ { "id": "b4ed0e9e-67e8-47b6-8b58-c6629be961a9", "name": "R/W Svc Acct", "policy": { "description": "R/W Svc Acct", "resources": [ ... ], "actions": [ ... ], "effect": "allow" }, "last_update_date_time": "0001-01-01T00:00:00Z", "last_update_user_id": "" }, { "id": "43745b73-ad46-46e4-b826-c15d06d2cea0", "name": "Admin User", "policy": { "description": "Admin User", "resources": [ ... ], "actions": [ ... ], "effect": "allow" }, "last_update_date_time": "0001-01-01T00:00:00Z", "last_update_user_id": "" }, ]
-
Use
PUT /v2/organizations/users/USER_ID/roles
to edit the user’s assigned roles. The body is aroles
array containing a comma-separated list of role ID strings.The
roles
array is a desired state list. You must include all roles that you want the user to have, including currently assigned roles and new roles.curl -sS --location -X PUT "https://api.astra.datastax.com/v2/organizations/users/USER_ID/roles" \ --header "Authorization: Bearer APPLICATION_TOKEN" \ --header "Content-Type: application/json" \ -- data '{ "roles": [ "ROLE_ID", "ROLE_ID" ] }'
A successful request returns a
204 No Content
status code. -
(Optional) To review the user’s updated role list, use
GET /v2/organizations/users/USER_ID
.