Once you have created a Codefresh account, you can add any number of users to collaborate on repositories, workflows, and pipelines, and teams of users. For Codefresh on-premises, see[On-premises account & user setup]({{site.baseurl}}/docs/installation/on-premises/on-prem-configuration/).

You can then create teams in Codefresh to group users who share a common denominator, such as the same permissions, access to the same functionality, or roles. Teams make it easy for administrators to both define and manage items shared by multiple users in an orgranization.

Adding a user to an account requires assigning a role to define access to account resources, and optionally, selecting an SSO provider for the user:

***Role**: Defines the user's access level to the resources in the account.

For guidelines on access control, see[Access control]({{site.baseurl}}/docs/administration/account-user-management/access-control/).

***SSO**: By default, SSO is not enabled for users. If required, explicitly select the SSO provider. For an overview of SSO, see[Single Sign on]({{site.baseurl}}/docs/administration/single-sign-on/).

1. In the Codefresh UI, on the toolbar, click the**Settings** icon and then select**Account Settings**.

1. On the sidebar, from Access & Collaboration select[**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.

1. On the sidebar, from Access & Collaboration select[**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.

1. Select**Users**, and then select**+[Add User]**.

1. Type the**User's email address**, and click**Invite**.

The user receives an email invitation, and in the Users list, the username is set to Pending, and status to Resend.

1. From the**Role** dropdown, select either**User** or**Administrator**.

1. Type the**User's email address**, and click**Invite**.

The user receives an email invitation, and in the Users list, the username is set to Pending, and status to Resend.

1. From the**Role** dropdown, select either**User** or**Administrator**.

1. If SSO is configured for the account,**Select SSO provider**.

Once you add a user to your Codefresh account, you can do the following to manage that user:

Once you add a user to your Codefresh account, you can do the following to manage that user:

* Resend invitations that are pending acceptance: Select**Resend**.

* Edit the user's email address: Select**Edit**.

* Change the role: From the**Role** dropdown, select the new role.

* Change SSO provider: From the**SSO** dropdown, select the new SSO provider.

* Remove the user account: Select**Delete**.

Teams are users who share the same permissions, roles, or requirements defined according to company processes. Teams allow you to enforce access control through ABAC (Attribute Based Access Control).

By default, there are two teams:

* Users

* Admins with users[invited as collaborators](#assign-a-user-to-a-team)

Only Enterprise customers can add new teams. Other Codefresh plans can only use the predefined*Users* and*Admin* teams.[Contact us](https://codefresh.io/contact-us/){:target="\_blank"} to upgrade to an Enterprise plan.

Create a team in Codefresh and then assign users to the team. You can assign the same user to multiple teams, as in most companies, users have overlapping roles.

1. In the Codefresh UI, on the toolbar, click the**Settings** icon and then select**User Management**.

1. From the sidebar, from Access & Collaboration, select[**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.

1. From the sidebar, from Access & Collaboration, select[**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.

1. Select**Teams**, and then select**Create a Team**.

1. Enter the**Team Name**.

See the screenshot below for some sample team names.

%}

1. To assign users to the team, do the following:

1. Hover over the team name and click the**Settings** icon.

1. Hover over the team name and click the**Settings** icon.

1. Click**Invite to team**, type the email address of the user to invite, and then click**Add**.

1. To change the name of the team, click**Edit** and type the new name.

1. To change the name of the team, click**Edit** and type the new name.

As an administrator, you can optionally define session timeouts to automatically log out users who have been inactive for the specified duration, and restrict invitations to specific email domains.

The maximum duration for inactivity is 30 days. Inactive users are warned 15 minutes before they are logged out.

1. In the Codefresh UI, on the toolbar, click the**Settings** icon, and then select**Account Settings**.

1. On the sidebar, from Access & Collaboration, select[**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.

1. On the sidebar, from Access & Collaboration, select[**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}.

1. Select**Security**.

1. For**User Session**, add the timeout duration in minutes/hours/days.

1. To restrict invitations to specific email domains, below User Invitations, turn on**Restrict inviting additional users..** and then in the**Email domains**, type in the domains to allow, one per line.

max-width="90%"

%}

*[Account invitation not permitting login]({{site.baseurl}}/docs/kb/articles/account-invite-not-permitting-login/){:target="\_blank"}

1. For your security and to ensure a smooth process, it's crucial that the email account you're logging in with is the same as the email address used for the invite.

1. Log out of any previous sessions with the relevant identity provider and, if necessary, try a different browser or a private/incognito window.

1. If you can log in but need help finding the inviting account, your user may be under multiple accounts. If this is the case, you can switch between available accounts via the user menu drop-down in the upper right-hand corner.

1. If you are prompted to create an organization, you either logged in before you were invited to the account or logged in with a different email address than the invite.

* Finish the account setup by entering a unique organization name (this creates a personal account).

* Once logged in, click your username on the top right and see if you have access to the invited account.

1. If this issue persists, please know that our support team is here for you.[Contact](https://support.codefresh.io/hc/en-us/requests/new) them with as many details as you have, and they will assist you promptly.

[Access control]({{site.baseurl}}/docs/administration/account-user-management/access-control/)

[Single Sign on]({{site.baseurl}}/docs/administration/single-sign-on/)

[Setting up OAuth authentication for Git providers]({{site.baseurl}}/docs/administration/account-user-management/oauth-setup)

ht:false

common:false

categories:[CLI]

support-reviewed:2023-04-18 LG

support-reviewed:2024-07-24 LG

The API key does not have the correct access permissions, or your user doesnot have access. If the user does have correct access permissions, you may need to refresh the API key.

The API key does not have the correct access permissions, or your user does not have access. If the user does have correct access permissions, you may need to refresh the API key.

If thishappen within a build, builds are ran with the user context of the user who started it. So if any Codefresh CLI commands within a build fails with a 403 error, that means the user who started the build does not have the permissions to run this command.

Contact one of your administrators if your user lacks access.