Consumer Authentication

/

Guides

/

Management

/

Dashboard

/

Dashboard roles & permissions

Dashboard Roles & Permissions

Roles Overview

Stytch's dashboard can be used for managing your integration configuration, debugging via event logs and DFP analytics, or performing customer support actions like resetting passwords. To support this range of use cases, Stytch offers the following user roles in our dashboard:

  • Admin: Able to perform all actions across the dashboard, including managing Live API Keys
  • Developer: Able to manage project configurations, as well as write access to all core entities. Can view and create API Keys in Test, but not in Live.
  • Support Manager: Read access to project configurations and event logs, and write access to project Users, Members, Organizations (including managing SSO and SCIM Connections) and Device Fingerprint rules.
  • Support Agent: Read access to project Users, Members, Organizations and event logs. Able to take non-destructive write actions on Users/Members, such as resetting passwords and revoking sessions.
  • No Access: No functional access within the dashboard, can view project names and workspace members. Can be used to provision users without yet granting them a higher privilege role.

If you enable Just-in-Time (JIT) Provisioning to allow users from a specific email domain (i.e. stytch.com) to discover and join your worksapce without an explicit invite those users will be assigned the Support Agent role by default. You can override this default by configuring an automatic role assignment for the email domain, which will apply to all workspace members with verified emails from that domain.

Detailed Permissions

Admin

Developer

Support Manager

Support Agent

No Access

Manage Workspace Members

Manage Workspace Settings

Manage Workspace Billing

Manage Live API Keys

Manage Test API Keys

Create Projects

Delete Projects

Manage Project Configurations

View Project Configurations

Manage M2M Clients

View M2M Clients

Manage Users, Members and Organizations

View Users, Members and Organizations

Manage DFP Rules

View DFP Rules

View DFP Analytics

View Event Logs

Trigger Password Resets

Revoke Sessions

Reactivate Emails

Migration from Legacy Roles

Workspace members created prior to our new roles and permissions update had one of 4 legacy roles: Admin, Write, Read and Test. By September 3rd, 2024 these members will be migrated to the new roles, with the following changes:

Legacy Role

New Role

Lost Permissions

Added Permissions

Admin

Admin

Write

Developer

Management of Live API Keys

Read

Support Agent

View Project Configurations

Trigger Password Resets, Revoke Sessions, Reactivate Emails in Test and Live

Test

Support Agent

View Users/Members/Organizations, Event Logs, DFP Analytics in Live. Trigger Password Resets, Revoke Sessions, Reactivate Emails in Test and Live