User management

The user management area is reached via the user icon in the top navigation. It is only visible to users with the System Manager or System Administrator role. All authenticated identities — local, domain, and OIDC — appear in the same list with their authentication source labelled.

How accounts are created

Auth source	How the account appears
Local	Created here manually — username, password, optional display name and email.
Directory	Auto-provisioned on first successful domain sign-in. Username, display name, and email are populated from Active Directory.
OIDC	Auto-provisioned on first successful OIDC sign-in. Username, display name, and email are populated from ID-token claims.

Note

There is no way to pre-create a Directory or OIDC user — they must sign in at least once for an account to exist. The user management interface only creates local accounts.

Editable fields

Only Display Name and Email are editable after a user exists — for all account types. Username is immutable.

For Directory and OIDC accounts, edits made here are overwritten on the user’s next sign-in by the fresh claim values returned by the identity provider — so manual edits on those accounts are rarely worth making.

Passwords

Local account passwords must satisfy the rules configured in the security policy. Administrators can reset a local user’s password from the user’s row.

Directory and OIDC account passwords are not managed by fDeploy — authentication is delegated to the identity provider, and there is no password reset action for those accounts.

Permissions

What a user can do is governed by their team membership, not by anything on the user management page. To change a user’s access, add or remove them from the appropriate teams.

Lockout and unlock

Repeated failed sign-ins lock a local account per the thresholds configured in the security policy. A locked account unlocks automatically when the configured duration elapses, or an administrator can unlock it immediately from the user’s row.

Directory and OIDC accounts are locked by the identity provider, not by fDeploy.

Deletion

Deleting a user is permanent. The user is immediately removed from all teams; any incoming audit log entries authored by them remain in place with their original username recorded as a plain string.