Identity & Access Management (IAM)

New
  • Updated on Feb 4, 2026
  • Published on Feb 4, 2026
  • 6 minute(s) read
  • KD
 Prev Next

Identity & Access Management (IAM) in the Graphiant Portal provides centralized control over who can access your enterprise environment and what actions they are permitted to perform.

Through IAM, administrators can manage users, define roles and permissions, and enforce authentication requirements to ensure secure, appropriate access across the organization.

This capability is designed to balance strong security practices with operational flexibility as teams grow and responsibilities evolve.

IAM is updated as of Feb 2026 to V2 with the release of 26.1.x:

All existing roles will still be recognized.

Should you upgrade to this updated version, any new users or roles will need to follow the new process.

Locating Identity & Access Management in the Graphiant Portal

From the Graphiant Portal Home Page, click the caret  at the bottom left, to the right of your profile name.

Select ‘Settings’ from the dropdown menu.

Dashboard overview displaying usage statistics, services, and quick access options.

Ensure that the toggle for "IAM V2” is on.

User account settings showing name, email, and IAM V2 feature toggle.

Choose the ‘IAM’ tab.

Settings page showing user account details and options for changing password.

This will open the landing page for Identity & Access Management.

Identity and Access Management settings page showing no user data available.

Managing Users

The IAM page will open directly to the Users tab.

Here, you can see the following information for each user:

  • Status:  Whether the user is

    • Active:  Can log in to the system

    • Pending:  Not validated yet;  cannot log in

  • First Name

  • Last Name

  • Email

  • Role:  Role to which they are assigned

  • MFA Type:  Which level of sign-on they must perform

  • Last Active:  Date and time of their last activity

Adding a User

To add a new user, click ‘Invite New User’.

User management interface showing options to invite new users and view user details.

A modal will appear to enter the information for the new user:

  • First Name

  • Last Name

  • Email

  • Role:  Select the appropriate role from the drop-down menu of existing roles

Form to invite a new user with fields for name, email, and role selection.

Click ‘Send Invite’.

Form to invite a new user with fields for name, email, and role selection.

A green banner will appear stating that the invitation has been sent, and the user will appear in the table with Status of “Pending”.

User management interface showing pending invitation for John Smith in IAM settings.

Once the user has accepted the invitation and confirmed their account, the status will read “Active”.

User management interface displaying active user details and options for inviting new users.

Should the invitation need to be resent, click the ellipses and select ‘Resend Invite’.

User management interface showing active user details and options to resend invite.

Force Logout

To remove a user’s session, click the ellipses;  select ‘Force Logout’.

User management interface showing active user details and options for logout and deletion.

This will open a modal allowing you to confirm this action by clicking ‘Force Logout’.

Forcing Logout will cause:

The user to be immediately logged out of the Graphiant Portal.

They must log in again to regain access.

Warning message indicating immediate session logout with options to cancel or proceed.

Deleting a User

To delete a user, click the ellipses;  select ‘Delete User’.

User management interface showing active user details and options to invite or delete.

This will open a modal allowing you to confirm this action by clicking ‘Delete User’.

Deleting User will cause:

The user to be immediately logged out of, and lose access to, the Graphiant Portal.

They will not be able log in again nor have future access.

Warning message about deleting a user from the Graphiant portal with confirmation options.

Transferring the Enterprise Owner

If you are the admin Owner of your enterprise, you can transfer the ownership to another admin.

Note:

  • Only the current Owner can see this option and transfer ownership.

  • Only other admins within the enterprise can be named “Owner” in the transfer.

Transferring Owner will cause:

The selected user to be the new admin Owner for your enterprise.

You will lose access to all Owner-only permissions.

Warning!

This action cannot be undone.

To transfer ownership, click the ellipses to the right of your owner user;  select ‘Transfer Owner’.

User management interface displaying active and pending users with transfer ownership option.

This will open a modal to select the new owner.

Complete the following fields:

  • New Owner:  Select from the admins in the dropdown list

  • Confirm Action Box:  Check to confirm

Warning:

This action cannot be undone.

Click ‘Transfer Owner’ to confirm.

Transfer ownership process with confirmation checkbox and selection dropdown for new owner.

A green banner will appear stating that the owner transfer has been successful, and “(Owner)” will now appear in the table next to that user.

User management interface displaying roles, statuses, and last active timestamps for users.

Managing Roles

To get to the roles within your enterprise, click the ‘Roles’ tab at the top of the IAM page.

Identity and Access Management settings page showing user roles and no data available.

Here, you can see the following information for each role:

  • Role:  Name of the role

  • Description:  What the role covers (owner admin-entered)

  • Permissions:  What the users in the role can do

  • Scope:  Whether the role is for:

    • Only your enterprise

    • For other enterprises in an MSP

Note:

The “Default Read Only” and “Default Admin” roles are automatically present, and cannot be edited or deleted.

Settings page displaying Identity & Access Management roles and permissions overview.

Adding a New Role

To add a new role, from the IAM Roles landing page, click ‘Add New Role’.

Settings page showing Identity & Access Management with roles and permissions options.

Complete the following fields:

  • Role Name:  Name you would like to label the new role

  • Role Description:  Description of the role for your convenience

  • Permissions by Service:  Choose one of the following

    • Read Access:  Read-only access for every category

    • Full Access:  Read and edit access for every category

    • Custom:  A combination of no access, read-only access, and full access depending on your needs per category for that role; select each checkbox accordingly

Creating a new role with permissions settings for documentation and access levels.

Once your selections are complete, click ‘Create Role’.

Creating a new role with specific permissions for documentation and user management.

A green banner will appear stating that the role has been successfully created, and the new role will be in the table.

Settings page displaying user roles with a new Documentation role highlighted.

Adding a New Role for MSP (Managed Service Provider) Enterprises

If you are a Managed Service Provider for other enterprises, you will also have an option to impersonate those enterprises to assign role access.

Toggle the ‘Impersonation Enabled’ to on.

Settings for enterprise impersonation with enabled toggle and tenant selection options.

After you have configured the roles as desired, click ‘Save Changes’.

Permissions settings for tenants with options to save changes highlighted.

The new roles are successfully created for your MSP enterprises.

Editing a Role

Should you need to change a role, click the ellipses to the right of that role, and select ‘Edit Role’.

Settings page showing Identity & Access Management roles with options to edit roles.

Make the desired changes;  click ‘Edit Role’.

Editing role permissions for the Documentation role with various access options displayed.

A green banner will appear stating that the role has been successfully edited.

Settings page displaying user roles, permissions, and a successful edit notification.

Adding Users to a Role

To add users to a role, click the ellipses to the right of that role, and select ‘Add Users to Role’.

Settings page showing Identity & Access Management roles and permissions options.

Select the users you wish to add to this role.

Caution:

Every user can only be under one role.

Assigning the user to a new role will replace the prior role of that user.

Click ‘Add Users’.

User management interface showing selected user details and role assignment warning message.

A green banner will appear stating that the user(s) has been successfully added.

Settings page showing user roles, permissions, and a success message for adding a group member.

Removing a User from a Role

To remove users from a role, click the ellipses to the right of that role, and select ‘Remove Users from Role’.

Settings page showing Identity & Access Management roles and options for user management.

Select the users you wish to remove from this role.

Click ‘Remove Users’.

User removal interface showing selected user John Smith for role documentation.

A green banner will appear stating that the user(s) has been successfully deleted.

Settings page displaying user roles, permissions, and options to add new roles.

Deleting a Role

Should you need to delete a role, click the ellipses to the right of that role, and select ‘Delete Role’.

Settings page showing Identity & Access Management roles and options to manage them.

Before deleting the role:

Any users still assigned must be moved to one of the following:

  • Default Read-Only

  • Default Admin

Select the role that current users to which current users will be changed.

Select ‘Delete Role’.

Prompt to delete a user role with reassignment options displayed.

A green banner will appear stating that the role has been successfully deleted, and the role will no longer appear in the table.

Settings page showing roles, permissions, and a successful deletion message.

Managing Authentication

To get to the authentication page within your enterprise, click the ‘Authentication’ tab at the top of the IAM page.

Settings page showing Identity and Access Management with user details and authentication tab.

This will open the Authentication landing page, where you can determine authentication method for your enterprise.

Settings page for Identity and Access Management with Two-Factor Authentication options.

You have the choice of three Authentication options:

Note:

The method of authentication chosen will be the authentication for your entire enterprise.

Basic Authentication

Basic authentication is selected by default, and requires your users only to use their email and a password.

No further action is necessary to enable Basic authentication.

Settings page showing Two-Factor Authentication options with Basic selected.

Basic with Multi-Factor Authentication (MFA)

You can add further security for your users and add Multi-Factor Authentication to your Basic authentication by toggling ‘MFA Enabled’ to on.

Settings page showing Multi-Factor Authentication option enabled for security management.

Select the MFA Type from the dropdown.  

Currently Graphiant supports Google Authenticator.

Click ‘Save Changes’.

Settings page for two-factor authentication with Google Authenticator option highlighted.

You will receive a warning stating that all users in your enterprise will now be required to authenticate via an identity provider.

Click ‘Confirm’.

Warning message about enabling MFA for the enterprise with confirm and cancel options.

Your users will now be required to use both their email and password, along with Google Authenticator to login to the Graphiant portal.

Resetting Multi- Factor / Two-Factor Authentication (2FA)

To allow a user to change their method of Two-Factor Authentication, go to the ‘Users’ tab of IAM;  click the ellipses for that user;  select ‘Reset 2FA’.

User management interface showing active user details and options for account actions.

This will open a modal allowing you to confirm this action by clicking ‘Reset 2FA’.

Resetting 2FA will cause:

The user’s authentication method to be removed.

They must set it up again upon the next login.

Warning message about resetting two-factor authentication for a user account.

The user will no longer have their former multi-factor authentication login, and will need to set it up again upon the subsequent login.

Single Sign-On (SSO)

If you’d like your users to be able to long in once for convenience, and still have access to multiple applications, click ‘SSO’.

Graphiant uses Okta SAML for SSO authentication.

Settings page showing Two-Factor Authentication options with highlighted SSO method.

Complete the following fields:

  • Issuer:  Uniquely identifying the Okta tenant

  • Entry Point:  Login URL where users are redirected to authenticate

  • x509 Certificate:  That contains the public key used to verify the SAML response

Click ‘Save Changes’.

Settings page for Two-Factor Authentication with highlighted URLs and save changes button.

You will receive a warning stating that all users in your enterprise will now be required to authenticate via an identity provider.

Click ‘Confirm’.

Warning message about enforcing SSO authentication for enterprise users and identity provider.

Your users will now be required to use Okta SAML to login to the Graphiant portal.

Related articles