Fill out the relevant information. Everything in the fields can
be edited after user creation.
The Login ID field should contain an email address for internal users.
If you edit the Login ID field, the user is in pending status until they
sign in again with their new credentials.
Change permission group level
If you select a permission group with edit permissions for
All Environments, you will see that selection here. To change this at permission group level,
select None for All Environments on the Permissions page.
After you make this change, you can select one environment or more
for the user to have access to.
Click Add. The new user appears in the list of users,
and an email invitation is automatically sent.
For internal users, the status remains as 'Pending' until they accept
the invitation to join SOAR and create a password.
The password link is valid for 3 days. If the user hasn't accepted the
invitation by then, the administrator can click Send Invitation on the
User Management page to resend the invitation.
For SAML users the status remains as "Pending" until the first time they login.
They can sign in directly to the platform without the need to use the invitation
email.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis guide explains how to add a new user to the Google Security Operations SOAR standalone platform, involving navigating to the User Management section, inputting user details like email and selecting the appropriate SAML provider if necessary.\u003c/p\u003e\n"],["\u003cp\u003eNew users, upon being added, receive an email invitation that internal users must accept to set their password, whereas SAML users can log in directly without the need to go through the email invite.\u003c/p\u003e\n"],["\u003cp\u003eUser access is controlled through permission groups, which define visible and editable modules, SOC roles, which allow for case or action assignments to roles rather than individuals, and environments or environment groups, which segment data for different business units.\u003c/p\u003e\n"],["\u003cp\u003eUsers can be assigned to multiple permission groups, SOC roles, and environments, with the platform combining permissions from each group and deciding a landing page based on a defined hierarchy upon login.\u003c/p\u003e\n"],["\u003cp\u003eRestricting actions for users requires that the specific action be selected as restricted in every permission group assigned to that user, otherwise they will not be restricted.\u003c/p\u003e\n"]]],[],null,["# Add a new user to the Google Security Operations SOAR platform\n==============================================================\n\nSupported in: \n[SOAR](/chronicle/docs/secops/google-secops-soar-toc)\n\n\u003cbr /\u003e\n\n| **Note:** This document is for customers using the standalone SOAR platform only.\n\n\u003cbr /\u003e\n\n1. Go to **Settings \\\u003e Organization \\\u003e User Management**.\n2. Click **Add**.\n3. Fill out the relevant information. Everything in the fields can be edited after user creation. The **Login ID** field should contain an email address for internal users. If you edit the **Login ID** field, the user is in pending status until they sign in again with their new credentials.\n\n| **Note:** If you're configuring new users for SAML authentication, select the required SAML provider in the **User Type** field, and fill out the **Login ID** field according to the SAML specifications. The **Email** field for SAML/LDAP users is intended for notification purposes.\n[](/static/chronicle/images/soar/adduserstandard.png)\n\n\u003cbr /\u003e\n\nChange permission group level\n-----------------------------\n\nIf you select a permission group with edit permissions for\n**All Environments** , you will see that selection here. To change this at permission group level,\nselect **None** for **All Environments** on the **Permissions** page.\nAfter you make this change, you can select one environment or more\nfor the user to have access to.\n\n1. Click **Add**. The new user appears in the list of users, and an email invitation is automatically sent.\n2. For internal users, the status remains as 'Pending' until they accept the invitation to join SOAR and create a password. \n The password link is valid for 3 days. If the user hasn't accepted the invitation by then, the administrator can click **Send Invitation** on the **User Management** page to resend the invitation. \n For SAML users the status remains as \"Pending\" until the first time they login. They can sign in directly to the platform without the need to use the invitation email. \n [](/static/chronicle/images/soar/addnewuserinvite.png)\nr\n\n\u003cbr /\u003e\n\nt\n\n\nFor information about how to map users with multiple control access parameters,\nsee [Map users with multiple control access parameters](/chronicle/docs/soar/admin-tasks/user-secops/map-users-with-multiple-control-access-parameters).\n\n\u003cbr /\u003e\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
r