# User Management Frends provides powerful user administration and management features in the Frends Control Panel. Users are Tenant-specific and they are specifically for accessing the Control Panel and performing actions within, and not related to who can access your APIs or HTTP endpoints, those are controlled separately using API Policies. At its basics, users are managed in Frends using RBAC or Role-Based Access Control model, and in addition different authentication methods can be integrated into Frends from the User Management. ## Users & Roles Administering users in Frends is as simple as defining the usernames and the roles connected to that account, to provide the user access to your Frends Tenant and give him permissions to access the necessary areas. Because user account management and handling is not done within Frends, only the username used with your authentication provider is needed to connect your authentication method to permissions for the user.

Picture shows the default view of User Management section in Frends. — Default view of User Management section in Frends.

By default, users can be assigned to Administrator, Editor and Viewer roles, giving different levels of access to the Frends Control Panel. The roles are customizable and new roles can be created to suit your specific needs.

Picture shows the settings for Editor role. — Default values for the Editor role allow creating and editing integrations.

By combining the role-based access rules with Environments and Process tags, it's possible to control what Environments and Processes a user can access or not. As examples, it's possible to restrict developers from accessing the production environment, including pushing changes there, or allow the user to only see Processes with specific tag. Learn more about the user management capabilities in our [Role-Based Access Control](/reference/administration/role-based-access-control.md) reference page. ## Authentication Providers In order to log in to your Frends Control Panel, authentication provider needs to be set up. Out of the box, Auth0 provider by Frends is set up, giving initial access to the Control Panel and to your Frends Portal. Under the OpenID tab of User management view you can set up the authentication providers needed. For example, Microsoft Entra ID can be used to log in to Frends Control Panel, once the app registration for Frends is done in your organisation's Azure Portal and it also has been set up as authentication provider under the OpenID tab in Frends' User management.

Standard authentication providers in Frends Tenant being shown. — Standard authentication providers within a Frends Control Panel.

While the provided authentication by Frends can be used fully to access and use Frends, from account management and security perspective it makes sense to connect your internal SSO solution to your Frends Tenant as well, in order to make sure the Frends Tenant cannot be accessed by users who have already left company through the use of separate credentials.

Picture shows the available authentication methods on the Frends Control Panel login screen. — Configured authentication providers will visible on the login screen for Frends Control Panel.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.frends.com/management-and-operations/user-management.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.