User management

Transmit Security provides a hosted solution for managing your users and their profiles. Users are organized by tenant, meaning user information is shared with all apps in a tenant.

User identity

In Transmit, user identities are centralized across all applications within a tenant. This not only reduces your data management costs, it allows providing more personalized customer experiences. This goes beyond personalizing a welcome screen. For example, a tenant that provides health and fitness services can make training suggestions in their fitness app based on user purchases in their retail app.

Although user identities are managed on the tenant level, app-specific user information can be added to the user's profile. For example, this can be used to associate a Transmit user with the user's app identity (external_account_id). In addition, any social accounts used to login are automatically linked to the Transmit user through their profile.

A user identity is created when a user logs in to an app for the first time (if you allow authentication flows to create new users) or an administrator creates a new user via the API or UI. Every Transmit user has a unique identifier (user_id), which is automatically generated when the user is created.

User profile

The user profile contains general information about the user, such as their name, email, phone number, and birthday. Additionally, when a user authenticates with a social network (Google, Apple, etc.), the profile stores their social account details. The general information is shared with all apps in the tenants.

The tenant-level data can be enriched to include the user's identifier within your system (external_user_id), and custom data for this user (custom_data). In addition, the user profile contains app-specific data. This is data collected in the context of a specific application, and includes the user's app identity (external_account_id) and any custom data (custom_app_data) you want to store for your users. If the user grants access to a third-party client, the consent will appear along with the other app information.


Tenant-level custom user data is limited to 500 KB per user, and 500 KB per app for app-specific custom user data.

The user profile can be updated and accessed from the Admin Portal or API. In addition, some basic profile information is included in the ID token returned upon successful authentication (see Identity data).

App users

Although user identity is shared across all apps in your tenant, users don’t necessarily have access to all apps. Users can only access apps that they are assigned to. When creating a new user, you’ll need to specify which applications they can access. New or existing users are automatically assigned to the application they’re logging in to (if you allow authentication flows to create new users). You can also add or remove applications for existing users from the Admin Portal or using dedicated APIs.

User status

The user status indicates whether users have logged in to an app. When users are created by an administrator, but have not yet authenticated to an assigned app, their status is set as Pending. After users have logged in, their status is set as Active.

User groups

You can create groups and add users to the groups you created. This enables controlling which users have access to specific application features using group membership. Like users, groups exist on the tenant level. To create and manage groups, see the relevant APIs.

User management

Users can be managed by administrators either in the Admin Portal or via APIs. When using the APIs, you can only manage the users for the application used to create an access token (see Get client access tokens). If a Management Application is used, you can manage users across all applications of the tenant. User management includes the ability to create and delete users, update their profiles, assign users to groups and apps, and update their status.

To streamline user lifecycle management across Transmit and third-party apps, consider using Users SCIM APIs.


After users are deleted, their actions are retained and can be viewed in the audit logs.