User management

What is a user?

A user is someone who can log in to the back-end of your KnowledgeOwl account to create and edit content, customize settings, or view reporting. Users are your admins and authors, and they are different than the people who can view your content, who we call readers.

All users are assigned to specific knowledge bases with a particular role for that knowledge base. That role determines what actions a user can complete in a knowledge base. So an individual user account can have editor permissions on one knowledge base, writer permissions on another, and no access to a third knowledge base. You can create custom roles for your users, too.

In addition to their knowledge base + role assignments, users can have two additional administrative permissions:

  • Full Account Admin: has the ability to edit other users' accounts and other high-level administrative settings; can assign and remove users from knowledge bases (including themselves). This shows the Users, API, and Webhooks menu options under Your Account.
  • Admin access to readers: with this access, users see the Readers option under Your Account, can view all reader accounts across all your knowledge bases, and can create, delete, and edit existing readers.


User permissions

KnowledgeOwl has four levels of user permissions.

You can think of these permissions as answering several questions:

  • Which knowledge bases do I have access to? (Knowledge Base Roles)
  • What actions can I complete in those knowledge bases? (Knowledge Base Roles + Admin Rights)
  • Which content can I complete those actions on? (User Teams)
  • Which content can I see in those knowledge bases? (Reader Groups)
  1. Admin Rights
    Users with Full Account Admin permissions can perform all actions in your account, including adding new users; managing user permissions; creating and deleting API keys; updating account and billing information; creating and managing readers, groups, and reader settings; and cancelling your account. Users can be optionally be given Admin access to readers – which allows them to create and manage reader, groups, and reader settings –  without the other Full Account Admin actions.
  2. Knowledge Base Roles
    Roles determine which actions a user can complete in the knowledge base. You specify what role a user has for each knowledge base in your account. KnowledgeOwl has two default roles, Editor and Writer, as well as the ability for you to create Custom Roles to further restrict what actions different users are able to perform in your knowledge base.  A user with no access will not see the knowledge base.
  3. User Teams
    You can control which content individual users are able to edit using User Teams. When you create a User Team, you can restrict editing access for categories and articles to the team. Only users who are part of the team will be able to edit restricted articles, or articles within a restricted category.
  4. Reader Groups
    You can control what content individual users can see using reader groups. By default, all users have access to see all content. When you create a reader group, you can restrict categories and articles to that group. If you choose to restrict a user to a reader group, the user will only be able to see content that is not restricted or that is restricted to their reader group


Add a user

Users who are full account admins can add new users under Your Account > Users.

When you add a new user, an invitation email will be sent and it includes a temporary password. When the new user first logs in to KnowledgeOwl, they will be asked to update their password.

To add a new user:

  1. Go to Your Account > Users.
  2. Click the + Add User button near the top.
    If you don't see the + Add User button, and instead you see an Upgrade for More User Seats button, you do not have any available user seats. You can add them by clicking that upgrade button or going to Your Account > Account to upgrade the number of user seats in your trial or account.
  3. Clicking the + Add User button will open the Edit User screen. You'll need to:
    • Add the user's account details
    • Add access to at least one knowledge base
    • Optional: assign the user to one or more user teams
    • Optional: assign the user to one or more reader groups
    • Save your changes.

Let's walk through each section in more detail.

User account details

The user account details (top section) establish the login details and admin privileges for this user.

  1. Email Address (required): This email address is where the user welcome email will be sent; it also acts as the user's username.
  2. First Name (recommended, will display for author/log purposes)
  3. Last Name (recommended, will display for author/log purposes)
  4. Login Type (required, defaults to Self administered username and password) -- see User login type for more information
  5. Picture / Icon (optional)
  6. Admin Rights - Full Account Admin (optional) grants access to:
    •  Your Account > Account (Billing)
    • Your Account > Users (create, delete, edit users)
    • Your Account > Readers (create, delete, edit readers)
    • Your Account > API (API keys)
    • Your Account > Webhooks
  7. Admin Rights - Admin access to readers (optional) grants access to Your Account > Readers only

Knowledge Base Access

All users are required to have access to at least one knowledge base.

  1. Click the + Add KB Access button.
  2. Select the Knowledge Base you want this user to access from the dropdown.
  3. Select the Access (role) you want this user to have for this knowledge base. Editor and Writer are built-in roles; additional roles listed here will depend on whether you've created Custom roles. See What is the difference between an editor and a writer? and the custom role permissions breakdown for these roles' permissions.
  4. Click the Add KB button to save these assignments.
  5. Once you click Add KB, you'll see the knowledge base and the role displayed:
    The user's knowledge base(s) and assigned role are displayed
  6. Repeat this process for each knowledge base you'd like to grant this user access to.
  7. Once you've completed this steps, you can Save the user. The last two sections are optional.

User Teams

While roles decide which actions a user can complete, user teams decide which content a user can interact with. By default, No existing user teams will display here.

If you have a list of user teams, check the boxes next to the appropriate teams here and save.

See What are user teams? and Create user teams for more information.

Reader Groups

By default, users have access to all reader groups in your knowledge base, and can see content relating to all readers. If you'd like to limit this user to only see content restricted to particular reader groups, check the boxes next to the appropriate groups here and save.

User login type

By default, users are created with self-administered usernames and passwords. This means that, even when you have SAML/SSO enabled for your knowledge base overall, KnowledgeOwl will store a password for each of your users and allow them to log in using that username/password combination via https://app.knowledgeowl.com/login.

If you would like to prevent this alternate login and force your users to authenticate using SAML/SSO, for each user, change their Login Type from "Self administered username and password" to "SAML login via knowledge base":

This setting basically says: "If the user tries to log in normally (using https://app.knowledgeowl.com/login), don't let them use their username/password and send them to the SAML login page for the KB I choose instead."

This setting does not need to be enabled for your users to be able to log into the application via SAML.

Note: if you set a user to SAML login via knowledge base and your SAML/SSO has an issue, your users will be locked out of KnowledgeOwl. Most customers keep username and password self-administered so that their users have an alternate way to log in in cases of issues with SAML/SSO. Generally only customers with very strict security requirements enable this option.

What is the difference between an editor and a writer?

An Editor can perform all actions in a knowledge base, including customizing any setting.

A Writer does not have access to customize settings but can perform any action related to creating and editing content. 

Here's a full breakdown of each role's permissions:


PermissionEditorWriter
Create any type of new article:
  • From scratch
  • From a template
  • From any existing article
  • Content linked to an existing article
XX
Edit articles that are in draft modeX
X
Edit articles that are publishedX
X
Create new versions of articlesX
X
Publish articles / versions that are in draft modeX
X
Move / re-order articlesX
X
Delete articlesX
X
Create new categoriesX
X
Edit categoriesX
X
Move / re-order categoriesX
X
Delete categoriesX
X
Edit home page contentXX
Create new comments
X
X
Approve submitted commentsX
X
Delete submitted commentsX
X
Add glossary termsX
X
Edit glossary termsX
X
Delete glossary termsX
X
Add snippetsX
X
Edit snippetsX
X
Delete snippetsX
X
Edit filesX
X
Delete filesX
X
Add existing tags to articlesX
X
Edit existing tagsX
X
Add new tagsX
X
Remove tags from articlesX
X
Delete tagsX
X
Create and manage exports - PDFs / HTML ZipX

Import contentX
Update article ratings settingsX
Update basic settingsX
Update comment settingsX
Update contact form settingsX
Update PDF settingsX
Update search settings and synonymsX
Update security settingsX
Update style / themingX
Update subscription settingsX
Update widget settingsX
View Reporting > DashboardXX
View Reporting > Contact FormXX
View Reporting > WidgetXX
View Reporting > CommentsXX

To further restrict what actions a user can perform, create a custom role.

Custom roles

If you need to lock down user permissions, you can create custom roles to control what actions your users are able to perform in your knowledge base. 

Users with full account admin access can create custom roles under Your Account > Users > Roles.

This will open a User Role screen where you can select the permissions you want this role to have.

Once you've finished assigning the appropriate permissions, click the Save Role button at the bottom of the screen.

Once you create a custom role, you can then assign users to the role to further restrict what actions they can perform in your knowledge base.

Use cases

As Linus grows his content creating empire, he might want to have some users who can create and edit draft articles but can't publish or delete them. This role is often called Content Contributor. These contributors would mark something as Ready to Publish but an Editor or Content Reviewer might review it before officially publishing it.

Available custom role permissions

By default, a custom role has no permissions and you choose what each role should be able to do. Here are the categories of permissions available:

  • Article permissions
    • Create any type of new article, or specify any of the four article types (create from scratch, copy existing article, create from template, or link/sync content to an existing article). 
    • Edit draft articles
    • Edit published articles
    • Create new versions of articles
    • Publish draft articles or new versions
    • Move or reorder articles
    • Delete articles
    • Edit articles in bulk (use the Bulk Edit link in Manage)
  • Category permissions
    • Create new categories
    • Edit categories
    • Move or reorder categories
    • Delete categories
  • Internal note permissions
    • Create new internal notes
    • Edit internal notes
    • Remove internal notes
  • Home page permissions
    • Edit home page content
  • Comments permissions
    • Create new comments
    • Approve submitted comments
    • Delete submitted comments
  • Glossary permissions
    • Add glossary terms
    • Edit glossary terms
    • Delete glossary terms
  • Snippet permissions
    • Add snippets
    • Edit snippets
    • Delete snippets
  • File library permissions
    • Edit files
    • Delete files
    • Create file labels
    • Edit file labels
    • Delete file labels
  • Tag permissions
    • Add existing tags to articles
    • Edit tags in the tag library
    • Add new tags
    • Remove tags from articles
    • Delete tags from the tag library
    • (Users with the permission to edit tags and delete tags have the ability to merge tags)
  • Admin permissions
    • Create and manage PDF and HTML exports 
    • Import content
    • Update article ratings settings
    • Update basic settings
    • Update comment settings
    • Update contact form settings
    • Update PDF settings
    • Update search settings and synonyms
    • Update security settings
    • Update style / theming
    • Update subscription settings
    • Update widget settings
  • Reporting permissions

If you'd like to document/audit custom roles, you can use one of these files:

What are user teams?

If users have editing privileges, by default, they can edit all content in your knowledge base.

However, there are times when you'd like to be able to segregate who can edit which content. This is what User Teams are for!

Any content that is restricted to one or more user teams can only be edited by users who are a member of that team.

Any content that is not restricted to any user teams can be edited by all users with editing access on that knowledge base.

Pro tip: If you are a full account admin and you'd like to keep editing privileges for all content, you should assign yourself to ALL user teams.

Use cases for user teams

Editors & Writers from different departments or teams

One of Linus's knowledge bases captures information for multiple departments across different lines of business. He has designated editors for each line of business:

  • Owlbus Dumbledore: Flight & Aerodynamics owns and manages content in the "Feathers & flight", "Aerodynamics", and "Flight Tips for Owlettes" categories
  • Minerva McGonagowl: Nest building & Structural integrity owns and manages content in the "Nest building", "Camouflage", and "Structural integrity" categories
  • Owl Pacino: Defense & Food sources owns and manages content in the "Home defense", "Hunting", and "Food sources" categories

Each of these editors is responsible for different categories in the knowledge base, and might also manage contributions from various writers.

To keep these editors from accidentally or intentionally editing each other's content, Linus has created three User Teams:

  • Flight & Aerodynamics - assigned to Owlbus Dumbledore and all of his writers
  • Nest building & Structural integrity - assigned to Minerva McGonagowl and all of her writers
  • Defense & Food - assigned to Owl Pacino and all of his writers

He's then restricted each of his top-level categories to one of these teams. All subcategories and articles will inherit that user team restriction.

Finally, Linus assigned himself to all three of those user teams, so that he can make any final edits to all content.

Restrict single category

In another knowledge base, all of Linus's editors have access to all content. But his boss would like to add a section for HR staff to add HR materials. This content should only ever be updated by HR staff. HR staff can still update other knowledge base articles, though.

To solve this, Linus has created one User Team called HR. He's assigned this team to the HR category--and nothing else.

All users without user team membership can update all content that isn't restricted, but won't be able to touch the HR content. HR members will be able to update all other content as well as the HR category.

If Linus needs access to edit/oversee that content, he should also add himself to the HR user team.

Prevent contractor from editing other content

In our support knowledge base, Linus would like to give access to an independent security consultant to update our security policies. This user needs to be able to edit only the security policy content and nothing else. All other users should be able to edit both the security content AND the rest of the content.

In this case, Linus needs to create two user teams: 

  • one for his security consultant, called "Security team"
  • one for all other users, called "All content"

He'll restrict all categories to the "All content" team; he'll restrict the Security Policy category to both the "All content" team and the "Security team". He'll add himself to both teams, just to be safe.

Because all content is restricted to a specific team, and all other categories are NOT restricted to the Security team, the security consultant will only be able to edit the security category.

Because all categories--including the security category--are restricted to the All content team, users with that user team will still be able to edit all content.

Create user teams

You must have Full Admin Access to create user teams.

To create a new user team:

  1. Go to Your Account > Users.
  2. Click on the Teams tab.
  3. Click on the + Add User Team button.
  4. In the Create Team pop-up, give your team a Name and click the Create Team  button.


Restrict content to user teams

You can restrict entire categories or individual articles to editing by one or more user teams.

If you restrict a category to editing by specific user teams, all content within that category (subcategories + articles) will inherit the same user team restrictions.

  1. Open the category or article in edit mode.
  2. In the Restrict Editing to Teams section, check the boxes next to the teams you'd like to restrict this content to.
  3. Save your category or article.

Refining inherited restrictions

You'll notice in my screenshot above, that I'm restricting an entire category to my All content and HR user teams.

That restriction is automatically applied to all articles within that category. If I open an article in that category, you'll see that it only gives me All content and HR as options, rather than the full four user teams I have in my knowledge base:

I don't need to select any boxes here for the article to be restricted to both teams--it already is.

But if I do check one of these boxes, it will further restrict the article so that it is only editable by the team I select. So, in these examples, my COVID-19 Updates category is restricted to the All content and HR teams.

All the articles within it will automatically be restricted to those two teams, as well.

But any article within it that I would like to only be editable by the HR team, I could select that checkbox within the article and my All content team would not be able to edit it.

Change the order of user teams

To set a user team order:

  1. Go to Your Account > Users.
  2. Click on the Teams tab.
  3. Use the up arrows next to your team names to reorder the teams.
    Use the arrow in the Actions section to reorder teams

Once you're done making changes, you'll see those changes reflected:

Edit users and permissions

Users with full account admin access can manage all users under Your Account > Users.

The Users page displays all users and permissions along with the date of their last activity in app.knowledgeowl.com.

You can edit an individual user by clicking on their name and editing their user details.

Reset a user password

Users can request a password reset email on the KnowledgeOwl login page. Users can also change their own password under Account > My Settings.

Users with full account admin access can also reset passwords for other users. To do so:

  1. Go to Your Account > Users.
  2. Click on the user whose password you'd like to reset.
  3. Click the Reset Password button.
    Click the Resest Password button
  4. You'll have the option to email the user directions to reset their own password or assign a custom temporary password. 
    • If you select the option to email directions to reset their own password, the user will receive an email with a one-time link that they can click to login and reset their own password. This works well if you want the user to be automatically notified of the password reset. To send the directions and link, select this option and click the Save button.
      Email the user a randomly generated password
    • To assign a custom temporary password, select that option and enter the password of your choice. Then click the Save button. This works well if you'd like to test the reset yourself to troubleshoot login issues, or if you want to notify the user of the temp password yourself directly.
      Choose the temporary password you'd like to use
  5. When the user logs in with the reset link or the temporary password, they will be asked to update their password.

Can users share logins?

Users are allowed to share logins in KnowledgeOwl, meaning that two people can be logged in as the same user at the same time. For security reasons, we highly advise against sharing logins.