Every app has an Admin Portal where the end-user can manage each aspect of their personal profile and where the more privileged admins can also manage their organizational account settings. One of the main screens within this Admin Portal would usually be User Management (a.k.a “team management”, “users”, “members” etc).
In the age of self-service and PLG (Product-Led Growth), SaaS user management capabilities are becoming one of the most important features within your SaaS application for guaranteeing your users happiness. You want to ensure an easy experience for your users in order to increase the usage of your SaaS application within the organization. In most cases, when you start to notice accounts moving from single-user usage to the inviting of more team members within the organization, this is a sign of stickiness and true adoption of your product.
That is exactly why creating the ultimate experience around your users’ team management is crucial. We can learn about those necessary features by looking at some examples of products that have done it right.
List of Users
For starters, seeing a list of members in the organization (or tenant, or account, etc.) is basic. The list should be clear and, for every user, at least include these properties:
- Name of the user
- Profile picture (or gravatar)
A good practice is to show your users the “last login.” In some product cases, one can interact with the system “offline”, e.g. through APIs, in which case we would want to call it “last activity” instead.
This capability provides your customer’s admins with a full picture of the “inactive users” within their account. This information is crucial for two main reasons:
- Security and access management — Your customers are wary of unwarranted access to their accounts since it could (a) increase a potential surface attack by hackers (b) expose their information to users who no longer have access rights or authorization.
- Billing — In cases of “seat-based pricing” your customers don’t want to pay monthly fees for users that are no longer active within their organization.
Allowing your users to assign roles for other users is not just basic, it’s critical. The most basic approach would be to assign each user a specific role within your SaaS application. There are also several more advanced approaches for handling assignment of roles for your users:
- Multiple Roles — Some apps allow you to add multiple roles for users. In case those roles include a set of permissions, then the user would be allowed to perform any of the actions that exist in any or all of the roles assigned to them.
- Custom Roles — More advanced, enterprise-facing apps will allow admins of customers, to create their own custom role sets and even override existing, pre-defined roles.
- Specific Access — Some apps let you choose the specific module/section access for each user. This can be achieved by taking a pure role-based access approach as well, although it sometimes allows for higher granularity on the allowed actions within the product.
The most trivial of functions you must have within your user management is the ability to invite new members. This is important in order to enable full self-service in today’s Product Led Growth movement. There are a lot of mini-features you will need to provide in this seemingly basic functionality. There are also a lot of variations in the user-experience aspect:
- Single user invitation —Permission to add one user at a time (usually can add emails and some info on the user, like the assigned roles)
- Bulk user invitation — Allowing you to add multiple users at a time. This is usually done by adding a single user email per row or with a separated comma.
The full flow of new user invitations will be covered in a future post since there are a lot of nuances to take care of from the moment a user is invited, to the moment they are able to login to their accounts.
Shareable Invite Link
A popular approach is to allow users to easily invite other users to their account. Simply publish a link through which new users will be able to connect to an account, or to specific resources within the account. This new feature is becoming quite popular, mainly due to the increase of popularity for seat-based revenue models. Instead of needing to invite specific members to an organization, just share the link and anyone holding this link will be able to join the account. If you choose this path, there are two important aspects you should consider:
- Do the users joining need to be approved? In this case, the link will be used to allow users to request access to join but will not immediately provide them with the final authorization to join.
- Don’t forget to allow revocation of the links. For security matters, you should always allow admins to revoke those links to prevent “lost access passes” to your users. I would even advise taking extra security measures here and automatically revoke those links every short period of time.
The ability to add temporary users to accounts is becoming very popular these days. Guests are users that have very limited access to an account and your customers will not need to pay for them as part of their seat-based pricing. Usually, you would allow these users to access only specific parts of the account.
There should be a convenient user experience that allows converting guests into normal users in case they need or decide to. You might want to add an automatic expiry timeline for a guest user in order to avoid having forgotten guest users that continue to have access to your customer’s account.
The ability to assign users to groups and teams is becoming more and more popular these days. Usually, there are two reasons for adding this capability within your SaaS product:
- Teams — Some products would want to enable certain product features around teams that were created by their users. Take an example of a developer-platform product that wants to allow users to simulate a real-life mirror of the teams within an R&D organization. Then provide different teams with different views and metrics based on that segregation.
- Privileged groups — In many cases certain groups would have predefined roles assigned to them and members that are assigned to a group would automatically inherit the roles assigned to that group. Of course, a member could usually be assigned to multiple groups at once.
Another advanced capability that is getting more and more popular, especially in enterprise-facing products is the ability to control the devices connected to each and every one of the users. Besides having the user control the devices they are connected to, in some cases, we would want to allow the admin to control which devices have access to the organizational accounts and have information on the activity from each one of the devices.
Allowing a full self-service experience within your SaaS product includes having many capabilities you would want to enable for your end-users. The ability for powerful user-management is important to all aspects of making your product enterprise ready; starting from being a great growth-driver for Product-Led Growth, to becoming a crucial-self-service enabler.
Frontegg provides a full user-management experience with the most advanced & powerful capabilities for end-users. The kicker? Takes only a few minutes to integrate!