User Management
Manage users, groups, roles, and permissions in the Zero management console.
User List
View all users with:
- Name: Display name
- Email: Primary email address
- Groups: Assigned groups
- Devices: Number of enrolled devices
- Status: Active, suspended, or pending
Adding Users
Manual Creation
- Navigate to Users → Add User
- Enter name and email
- Select groups
- Set role and permissions
- Send invitation email
SSO Integration
Users are automatically synced from your identity provider:
- Azure AD: Sync users and groups
- Google Workspace: Google directory sync
- Okta: SCIM provisioning
- LDAP: Active Directory sync
CSV Import
# CSV format
name,email,groups
John Smith,john@company.com,"Engineering,Developers"
Jane Doe,jane@company.com,"Marketing"Groups
Groups organize users for policy assignment:
Creating Groups
- Navigate to Users → Groups → Create Group
- Enter group name
- Add members
- Assign default policy
Nested Groups
Groups can contain other groups for hierarchical organization:
Company
├── Engineering
│ ├── Frontend
│ └── Backend
├── Marketing
└── SalesRoles & Permissions
Built-in Roles
| Role | Permissions |
|---|---|
| Super Admin | Full access to all features |
| Admin | Manage devices, users, policies |
| Help Desk | View devices, basic actions, user support |
| Auditor | Read-only access, view reports and logs |
| User | View own devices only |
Custom Roles
Create custom roles with specific permissions:
name: "Device Manager"
permissions:
- devices.view
- devices.edit
- devices.actions
- users.view
# No policy or settings accessUser Actions
- Suspend: Temporarily disable user access
- Delete: Remove user and unenroll devices
- Reset Password: Send password reset email
- Revoke Sessions: Force logout on all devices
User Self-Service Portal
Users can access a self-service portal to:
- View enrolled devices
- Request device enrollment
- View applied policies
- Report lost/stolen device
- Download work apps
CLI Management
# List users
zero users list
# Get user details
zero users get user_abc123
# Create user
zero users create --email john@company.com --name "John Smith"
# Add to group
zero users add-group user_abc123 --group "Engineering"