Tutorial 14 · Scale

Admin Options

6 min read

What you'll learn

  • Where the admin controls live in the UI and who can see them
  • How to invite teammates, change their permission level, and remove them
  • How to configure organization-wide settings (domain auto-add, API access policy)
  • How users (including admins) create and manage their own API keys
  • What requires contacting Artifact support vs. what you can do yourself

Prerequisites

  • Complete Tutorial 1: Welcome to Artifact so you understand the role system (Administrator, Editor, Viewer, None).
  • You need the Administrator role on your organization to see the Admin Controls UI. Editors and Viewers cannot complete most steps in this tutorial.

Steps

1Find Admin Controls

There is no dedicated Admin page or /settings route — organization administration lives in a single modal opened from your profile menu in the bottom-left corner of the app.

  1. Click your profile avatar — the small circular user icon on the sidebar footer, to the left of the sync status indicator.
  2. The User Settings popover opens, showing your email, organization, and user level.
  3. Click Admin Controls (only visible if your role is Administrator).
  4. The Admin Controls dialog opens with the description "Manage user permissions and organization settings for your organization."

The modal has two main sections: User Permissions at the top and Organization Settings at the bottom.

Screenshot

User Settings popover with Admin Controls highlighted

2Invite a new teammate

Inviting users happens at the top of the User Permissions table.

  1. In the first row, click the Enter email field and type the new user's email.
  2. Click Add User.
  3. Artifact creates a pending org membership at the Viewer role (the invite role is fixed — change it after they sign in).
  4. The user receives an email with subject "Added to Organization | {OrgName}", body "You have been added to {{ORG_NAME}} on Artifact", and a Get Started button that points them to /auth?defaultEmail={email}.
  5. All existing org administrators are also notified by email.

Until the invitee signs in, their row shows a warning icon with the tooltip Pending user sign up.

Screenshot

User Permissions table with Enter email and Add User button in the first row

3Change a teammate's permission level

Once a user is in the table you can change their role at any time.

  1. Find the user's row in User Permissions.
  2. Click the Permission Level dropdown.
  3. Pick from Admin, Editor, Viewer, or None.
  4. A toast confirms User role updated successfully.

What each role can do, in collaboration terms (see Tutorial 13: Collaboration for the full breakdown):

  • Admin — everything Editor can do, plus admin controls, Restore to Draft on snapshots/releases, and managing other users.
  • Editor — full diagram and library editing, can create drafts and snapshots, can release.
  • Viewer — read-only on diagrams; can leave and resolve their own comments.
  • None — blocked from the app entirely. Sees the Use Not Authorized modal asking them to contact their administrator.

4Remove a teammate

  1. In the user's row, click the trash icon (title Remove User).
  2. Confirm the dialog: "Are you sure you want to remove this user? You cannot undo this action."

Restrictions enforced by the backend:

  • You cannot directly remove a user whose level is Admin — demote them first.
  • You cannot demote the last admin in the organization.
  • You cannot promote someone to Editor or Admin if doing so would exceed your Maximum Number of Users seat limit. The error message points you to info@artifact.engineer.

5Configure organization settings

Scroll past the user table to Organization Settings.

SettingEditable?Notes
Organization NameNoThe field is disabled. Tooltip: "Contact us at info@artifact.engineer to change your organization name."
Maximum Number of UsersNoRead-only seat limit. Tooltip recommends contacting info@artifact.engineer to increase.
Auto Add Users With DomainYesCheckbox. When enabled, any new sign-up with an email matching your organization's domain is auto-added as a Viewer.
Allow User API AccessYesDropdown with Admin, Editor, or Disable API Access. Shows a live count of ({N} active API keys).

Screenshot

Organization Settings section with Auto Add Users With Domain and Allow User API Access dropdown visible

6Manage API keys

API key creation is per user, not org-wide — but you control which roles are even allowed to create keys via Allow User API Access.

  1. Close Admin Controls if it's open.
  2. Click your profile avatar → API Keys & Documentation (Admin and Editor roles see this option).
  3. The API Keys modal opens.
  4. Click View API Documentation to open the docs at /api/v1/docs in a new tab.
  5. Click Create New API Key and fill in:
    • Key Name — minimum 10 characters
    • Expires In — 7, 30, 90, 180, or 365 days
    • Click Create Key and immediately copy the generated key — it's only displayed once.
  6. Existing keys appear in a table with Name, Created, Expires, Uses, and a delete action (Delete API Key confirmation dialog).

The modal description spells out the security model: "API keys are tied to your user account and inherit your permissions." If a user's permission level changes, their keys' effective permissions change with it. Setting Allow User API Access to Disable API Access revokes existing keys for users below the chosen threshold.

Screenshot

API Keys modal with Create New API Key form open

7Watch the limits

The Admin Controls modal exposes today's customer-facing admin surface, but several capabilities are intentionally not in the UI. If you need any of these, contact info@artifact.engineer:

  • Rename the organization
  • Increase the seat limit
  • Configure SSO — providers like Google SSO are wired in server config and shown on the /auth page only when configured by Artifact deployment.
  • Manage billing, subscription tier, or payment method — there is no in-app billing settings page for org admins.

8Apply changes and verify

When you finish in Admin Controls:

  1. Close the modal — there is no separate save button. Changes save as you make them.
  2. Remember the 5 minute propagation note for org settings.
  3. To verify a permission change, ask the affected user to sign out and back in, then confirm the new level in the User Settings popover from the bottom-left profile avatar (User Level: {Administrator | Editor | Viewer}).
  4. To verify an invite, watch for the user to disappear from the Pending user sign up state once they complete the email login flow.

Summary

As an organization administrator you manage your team from a single Admin Controls modal: invite users by email (always as Viewers initially), change roles, remove non-admin users, toggle domain-based auto-add, and set the minimum role allowed to create API keys. API keys themselves are per-user. You can also Restore to Draft on snapshots/releases. Anything beyond that — renaming the org, raising the seat limit, configuring SSO, managing billing or the public library — requires contacting Artifact support at info@artifact.engineer.

What's next

Glow effect