User Management
User management in the dashboard lets you view all profiles in a sector, invite new users, and manage access.
Viewing users
Section titled “Viewing users”Navigate to your sector and click Users to see a list of all profiles. Each row shows the user’s email, registration date, and authentication methods enrolled.
Inviting users
Section titled “Inviting users”When self sign-up is disabled, or when you want to pre-provision accounts, use the invite flow:
- Click Invite User
- Enter the user’s email address
- Click Send Invite
SpartanAuth handles the rest — the user receives an email with a one-time link to complete registration.
Bulk importing users
Section titled “Bulk importing users”Use Bulk Import when migrating an existing app onto SpartanAuth with a large existing user base.
Using the dashboard
Section titled “Using the dashboard”- Click Bulk Import in the Users panel.
- Either upload a CSV/TSV file or paste rows directly into the text area.
- Review the parsed row count, then click Import Users.
- A per-row results table shows each user as
✓ created,⚠ skipped(email already exists), or✗ error.
CSV format
Section titled “CSV format”The first row must be a header row. Column names are case-insensitive.
| Column | Required | Description |
|---|---|---|
email | Yes | Login identifier for the user |
name | No | Full display name |
given_name | No | First name |
family_name | No | Last name |
phone_number | No | E.164-formatted phone number |
locale | No | BCP-47 locale tag (e.g. en-US) |
email_verified | No | true or false |
hashed_password | No | Pre-hashed credential from the source system |
password_hash_algorithm | No | Algorithm used (e.g. bcrypt, argon2id); required when hashed_password is set |
send_invite | No | true to email an invite link to this user |
Example:
email,name,email_verified,send_invitePre-hashed passwords
Section titled “Pre-hashed passwords”If your source system stored passwords as bcrypt hashes, you can migrate them directly:
email,name,hashed_password,password_hash_algorithm[email protected],Alice Smith,$2a$12$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX,bcryptNote: Only
bcrypthashes can be verified at login today. If you import users with a different algorithm (e.g.argon2id,scrypt), their accounts will be created but login will fail until that algorithm is supported. Setsend_invite=truefor those users instead so they are prompted to set a new password via the invite flow.
API usage
Section titled “API usage”The endpoint is also available for programmatic imports:
POST /api/v1/sectors/{sectorID}/users/bulk-importAuthorization: Bearer <admin-token>Content-Type: application/json
{ "users": [ { "name": "Alice Smith", "emailVerified": true, "hashedPassword": "$2a$12$...", "passwordHashAlgorithm": "bcrypt" }, { "name": "Bob Jones", "sendInvite": true } ]}The response includes per-user results and summary counts:
{ "results": [ ], "total": 2, "created": 2, "skipped": 0, "errors": 0}User profile details
Section titled “User profile details”Clicking on a user opens their profile, which shows:
- Basic info (email, username, name)
- Enrolled authentication methods (password, passkeys, MFA registrations)
- Account status and creation date
Deleting a user
Section titled “Deleting a user”Deleting a profile is a soft delete — the user’s PII (email, name, etc.) is cleared, but their sub (user ID) is retained for referential integrity in your database. This prevents orphaned records if your backend uses sub as a foreign key.
Admin users
Section titled “Admin users”A user with isAdmin: true in their JWT claims can access administrative API endpoints (e.g., listing all sector users, creating invites programmatically). Admin status is set per sector.