Manage Users

Manage your organization's Users in Sym.

Overview

You can use the symflow CLI to manage your organization's Users, and their associations with various Services.

Each User is represented as:

  • The User's ID in the Sym platform
  • A primary login email address for Sym listed under sym:cloud
  • An Identity tuple of [service_type]:[external_id] for each configured Service

In general, Users are managed via a single file, which is accessible via the update command, described below.

πŸ“˜

Don't forget the help command!

When in doubt, -h or --help will tell you everything you need to know.

Commands

Command

What it does

Example

list

Displays all current Sym Users.

symflow users list

create

Creates a single User record and starts a creation wizard for each selected Service.

symflow users create [email protected]
(see below for Options)

update

Opens the Sym Users CSV in your system's default editor.

symflow users update

update-identity

Updates a single Sym User.

symflow users update-identity [email protected]
(see below for Options)

delete

Deletes a User record based on a single Service association.

symflow users delete slack β€”user-id U123456

delete-identity

Deletes a single Service Identity for a User without removing the full User record.

symflow users delete-identity [email protected]
(see below for Options)

Usage details

list

When listing users, you will see one column per configured service_type, with a User's IDs populated only for the systems where they've been given access via the update command.

$ symflow users list
User ID     sym:cloud       aws_iam:1234567890                  slack:T23456789       
----------  --------------  ----------------------------------  ---------------
abcd-1234   [email protected]    arn:aws:iam:[service_id]:user/beth  ABCDEFGH    
abcd-1234   [email protected]     arn:aws:iam:[service_id]:user/ari   ABCDEFGH     
abcd-1234   [email protected]                                       ABCDEFGH

Options and Flags

Option/Flag

What it does

Example value(s)

--output-file
-o

Writes the Users table to a local file.

-o users.csv

create

The create command will create a User for the provided email address.

Option/Flag

What it does

Example value(s)

-s

Picks the Service Types for which the symflow CLI will launch a user_id configuration wizard.

-s aws_sso
-s slack

Note: For each Service Type provided as an option, the symflow CLI will prompt for a user_id for each matching Service.

For example, if you have three Services with a Service Type of aws_sso, and you run the following command:

symflow users create [email protected] -i aws_sso

symflow CLI will prompt for user_ids for all three Service instances.

update

The symflow users update command is your one-stop-shop for editing your User database, which will be launched as a CSV in your system's default editor of choice.

Order of rows does not matter -- for ease, new Users should be entered at the top of the file.

Note: when adding users, simply leave a , in place of the User ID column, and Sym will provision a unique ID on the backend.

Options and Flags

Option/Flag

What it does

Example value(s)

--input-file
-i

Writes the contents of a local file onto the Sym Users table.
Note: this is a full replacement and will overwrite whatever is currently in your Users list (think PUT vs. PATCH).

-i users.csv

🚧

Measure twice, cut once.

We strongly recommend backing up your User list in a separate text file before making any substantial edits. While this method enables you to take bulk actions much faster than a UI, it also means that you need to be careful about things like ,s for empty columns.

delete-identity

This command is the fastest way to remove a single Service Type for a User without destroying the full User record. If you don't provide the --service-type or --external-id flags, you will be prompted for one or both.

Options and Flags

Option/Flag

What it does

Example value(s)

--service-type

Specifies the Service Type that will be used to match the User's Identity.

aws_sso
slack

--external-id

Indicates the specific Identity that will be removed from the User's record.

U123456

delete

The most common way to delete whole Users is to use symflow users update, but sometimes you want to remove a single User without the overhead of editing your file.

In that case, you can use symflow users delete, and then add the service-type and user-id for that one User's presence in that Service, and we'll handle the rest under the hood.


What’s Next
Did this page help you?