Skip to main content
Users and Permissions

How to control user access and permissions in Stack Overflow for Teams Enterprise.

Joel Bradley avatar
Written by Joel Bradley
Updated over 2 weeks ago

Tags | Users | Permissions |

Applies to: Enterprise

ADMIN PRIVILEGES REQUIRED

This documentation is for Stack Overflow for Teams Enterprise. Free, Basic, and Business users can access their documentation here. Find your plan.


Overview

User roles define what individual users are able to do on your Stack Overflow for Teams Enterprise (SOE) site. These roles include regular user, moderator, and site administrator. To learn more about user roles, read our Introduction to user roles article.

User Management

You can access the users and permissions page by clicking Users in the left-hand menu, then Manage users. You can also click Admin Settings then Users and Permissions if you are logged in as a site administrator. You can deactivate, reactivate, and delete users from this page. You can also delete a user and their content.

User controls

Deactivate User If you deactivate a user, they can no longer log in to your SOE site. Their API keys will no longer work, and the site logs them out immediately. The site retains their user data, and all their posts stay attributed to them. A site admin cannot deactivate their own account.

NOTE: If you later reactivate a deactivated user, they will be able to access the site and their API keys will work again.

Delete User Deleting a user permanently removes the user from the site. The site takes their content and attributes it to "User####" (corresponding to their user ID).

Delete User and their content Deleting a user and their content will delete the user and permanently remove any content they posted to the site.

Bulk actions

You can select multiple accounts and take bulk actions on them. This will not affect users that are already in the desired state (for example: deactivating already deactivated users). Just select multiple users and click Actions.

NOTE: You can't bulk delete deactivated users.

You can also deactivate and reactivate users with System for Cross-domain Identity Management (SCIM).

Allow self-reactivation

A deactivated user that tries to log in will get an error message indicating that their account has been deactivated by a site administrator. The Enterprise.AllowSelfReactivation site setting allows automatic reactivation for any user who attempts to log into a deactivated account. To manage this setting:

  1. Go to https://[your_site]/developer/site-settings/edit?name=Enterprise.AllowSelfReactivation.

  2. Change the setting to True.

  3. Save the setting as a New Network Default.

If a deactivated user logs in, the site will automatically reactivate them.

Account history logs

When you deactivate or reactivate users, the site logs these actions as account history events. You can view these events by clicking Admin Settings then Users and Permissions. Click the user's timestamp (in the "Last Seen" column) to view their account history.

Each user's account history log stores many types of events. The main administrative events are as follows.

  • Users deactivated and reactivated by an administrator will have type IsDeactivatedChanged.

  • Users that reactivate themselves will have type DeactivatedAccountSelfReactivation.

CSV export/download

Site admins can download a CSV report of user information on the Admin Settings User Management page by clicking Download CSV in the upper-right corner. The report contains the following information for each user: Name, User Id, Email, Joined (UTC), Last Seen (UTC), Last Login Date, Deactivated Date, Role, and Status.

You can add two optional columns to the CSV, including SAML identifier, with the Enterprise.ExportSsoIdentifierToCsv site setting. To manage this setting:

  1. Go to https://[your_site]/developer/site-settings/edit?name=Enterprise.ExportSsoIdentifierToCsv.

  2. Change the setting to True.

  3. Save the setting as a New Network Default.

Did this answer your question?