Roles and Permissions
Login Roles and Permissions
Dropzone AI users are assigned a role that determines what access they have to the Dropzone environment.
The following table describes the roles and permissions available to Dropzone AI users:
Admin
Full write access; create and update integration configuration; create response automation; manage users; create and update custom strategies
Member
Minimal write access; create context memory, add investigation feedback; ask questions of the AI
Restricted Read Only
Read-only access; view investigations and dashboards; view custom strategies; no ad-hoc chat
Role Source
Dropzone AI users get their role from one of two places:
If logging in via a SAML/SSO provider, Dropzone uses the role provided by your IDP (Identity Provider).
If logging in via username/password, federated Google, or Microsoft buttons, Dropzone uses the role set in Team Admin.
Most Dropzone customers who enable SAML/SSO will disable federated Google/Microsoft login and username/password authentication. This is the preferred configuration, as it lets your IDP (Identity Provider) stay in charge of what access an individual has.
Role changes made via Team Admin are overridden by SAML settings when a user logs in.
Managing Users via Team Admin
The following describes how to manage users via the Team Admin interface.
If you are using SAML/SSO, see the instructions for setting up your specific SAML system (for example, Google Workspace or Okta). When using SAML/SSO, you do not need to perform any local Team Admin user management.
Navigate to your Dropzone AI tenant home page (for example,
https://mycompany.dropzone.app).Click your person icon on the far right and select Team Admin.
From the Team Admin page, you can see the users who have accounts in this Dropzone environment.
If you use SAML/SSO, this list may be incomplete. It only shows users you’ve explicitly invited via Team Admin and those who have logged into Dropzone via SAML. Your IDP may allow additional users who have not logged in yet, and they will not appear here.
Adding a User
To add a user:
From the Team Admin page, click the Add User button.
Enter the name and email address of the user you want to invite.
Select the role from the dropdown.
Click Save to invite the user.
First-Time Sign-In
Once you've invited a user via the Team Admin page, the user can log in. Which authentication methods you've enabled determines how the user signs in:
If you allow password authentication, the user will receive an email with a one-time link to accept the invite and set up a password.
If you do not allow password authentication, the user must log in using a federated Google or Microsoft button.
Activating / Deactivating Users
Users appear in one of two states:
Active
Able to log in
Click Deactivate to disable login access
Deactivated
Not able to log in
Click Reactivate to allow login again
Deleting Users
Dropzone does not currently allow you to delete users. Instead, users can be deactivated.
Keeping the user in the system ensures their previous actions remain properly accounted for in audit logs and historical records.
Last updated
Was this helpful?