Management

User Management

If you want to view the SDK documentation for User Management, click here.

User Identity

For each user created in your project, Descope assigns a unique identifier (userId) to the user. You cannot set or change the userId within the Descope UI, your application, or any API call.

Descope also stores an array of login IDs, which are used as the login identifier parameter for all user authentication and update actions. Login IDs can be an email, phone, or username, and must be unique across all users in the project.

The user object also includes additional attributes (which do not have to be unique across users) such as email, phone, name, and custom attributes. Users can have defined access to federated apps and tenants, as well as roles on the project and/or tenant level.

Note

If you're using phone numbers as a login ID, make sure that the phone numbers are formatted properly before adding them, if using the Management SDK or User Management APIs.

User Table

The Users page in the Descope Console provides a comprehensive table view of all users in your project. This interface serves as the central hub for managing and viewing user information.

Managing Users from the Table

From the user table, you can perform various actions:

  • View user details - Click on a user to view their complete profile and information
  • Invite users - Invite users individually or in batches
  • Edit users - Update user information, passwords, roles, and tenant associations
  • Filter and search - Filter users by custom attributes, status, roles, or other criteria
  • Modify user status - Activate, disable, force logout, and delete users
  • Bulk actions - Perform actions on multiple users at once

Custom User Attributes

Descope allows you to create custom attributes that can store further details about your users. You can create custom attributes within the user's page under the custom attributes tab.

Custom attributes can be of the following types:

  • Text - Store text-based information
  • Numeric - Store numeric values
  • Boolean - Store true/false values
  • Single select - Choose one option from a list
  • Multi select - Choose multiple options from a list (utilized as an array)
  • Date - Store date values

Custom attributes can be used to store any data you want for the user. For example, this data could be a user's date of birth, location, etc. You can later utilize these attributes within custom claims or load them for a user and display them within your application.

Inviting Users

Learn more about creating and customizing user invitations to your application in our Inviting Users doc.

User Merging

Descope supports the merging of user accounts. Merging accounts will be based on trusted email addresses.

Within the Authentication Methods page of the Descope UI, Descopers can configure the Social Auth (OAuth) logins to merge with existing users. Within each of the Social Auth (OAuth) methods, Descopers can configure the merging of the users by enabling the toggle for Merge user accounts based on returned email address from provider.

If the email address returned from the Social Auth (OAuth) provider matches an existing user, the Descope service will merge the accounts based on the user's email address.

Associating Multiple Login IDs for a User

Within your application, you may have users signing up or signing in with an email authentication method but also utilizing other methods, such as SMS or Social Login. Descope allows these different auth methods to be nested into the same user by allowing multiple login IDs to be associated with the user.

Storing multiple login IDs enables the user to log in with:

  • Email auth method
  • SMS auth method
  • Social Login

All of the login IDs will be associated with the same user. The user can then log into your application using their email address or phone number as the login ID.

Using API or SDK

When utilizing the API or SDK, if you want to enable this feature, you will use the options AddToLoginIDs and OnMergeUseExisting:

  • AddToLoginIDs: Setting this to true will enable the additional login IDs to be associated with the user
  • OnMergeUseExisting:
    • When set to false, it will merge the users based on the new user's details
    • When set to true, it will merge the users based on the existing user's details

You can also associate multiple login IDs by utilizing the create, batch create, invite, or update functions below, passing the additional login IDs parameter.

If you are utilizing flows, see our doc on linking user identities in flows which covers implementation details.

User Lifecycle

Users within Descope can be in one of three states:

  • Active - Users can log in and interact with your application based on their assigned roles
  • Disabled - Users cannot log into your application, but remain in the Descope project and may be reactivated
  • Invited - Users have been invited but have not yet signed in; once logged in, they become active

Force Logout

A Descoper can force a logout on a user, useful in situations like suspicious activity where you would want to force reauthentication.

Force logout will log the user out from all devices and sessions. This can be done directly via the Users page of the Descope console, or using our Management SDK function.

Was this helpful?

Management Overview

Learn how to manage users, tenants, and access keys, and configure authorization and session settings.

Users with SDKs

Learn how to easily implement user management and authorization for your app with Descope e using the Descope backend SDKs.

On this page