User management

Check your docs version

This version of the Anyscale docs is deprecated. Go to the latest version for up to date information.

ℹ️For organization owners

Add, remove, and update permissions for users within an Anyscale account. As an organization owner, you can view information and make changes through the console or with an API endpoint.

🔐Looking for SSO?

Anyscale provides Single Sign-On (SSO) built upon the Security Assertion Markup Language (SAML) 2.0 standard. See Configuring SSO to enable IT administrators to manage user access through a single authentication source.

Roles

Two types of users exist in Anyscale:

Owners: Administrators who manage account-level settings like user access, billing, support access, and cloud deployment.
Collaborators: Invited by owners. Granted access to resources to interact with the platform, but not edit settings.

Add users

Add users to an organization

An organization in Anyscale is a single place for your company and your work.

Go to the user menu and select My organization to view members of the organization.
Click the Invite teammates button.
Enter the email addresses of the invitees, separated by commas.
New members can register with the link sent to their email address.

Add users to an Anyscale Cloud

Organization owners must manually add users to each Anyscale Cloud to grant access. Collaborators can then view details and create Anyscale entities like Workspaces, Jobs, and Services using that Cloud's resources.

Click on the Cloud tab.
Select the Cloud you want users to access.
Click Manage users to add users who already exist in the organization.

Modify user roles

Go to the user menu and select My organization to view members of the organization.
Toggle the role to change an existing member to an owner or a collaborator.

Delete users

Remove user from SSO

If your organization set up SSO, remove the user from your SSO Identity Provider's Anyscale integration to fully restrict the user's access.

Go to the user menu and select My organization to view members of the organization.
Select the collaborators to remove. To delete an owner, downgrade them to a collaborator first.
Confirm deletion.

🗑️ What happens to Anyscale entities created by a deleted user?

Ownership Transfer Table

Note: The following permissions structure applies to organizations created after August 2023. See Access controls.

Entity	Details
Workspaces	Remain running unless you manually terminate them. Duplicate to retain work while assuming ownership.
Jobs	Remain running unless you manually terminate them. Duplicate as Workspaces to submit Jobs and assume ownership.
Services	Remain running unless you manually terminate them. Duplicate as Workspaces to deploy Services and assume ownership.
Schedules	A Schedule terminates when it encounters permission errors. Any user can resume, and they become the new creator of subsequent Jobs. The original schedule creator remains unchanged.
Projects	If the owner deletes the creator, the organization owner becomes the implicit owner. The organization owner can transfer explicit ownership to another user.
Cloud	If the owner deletes the creator, the organization owner becomes the implicit owner. The organization owner can transfer explicit ownership to another user.

💻 Programmatic deletion

Both methods support one-by-one deletion.

Option 1: Use DELETE /api/v2/organization_collaborators/{identity_id} to remove users with the API endpoint.
Option 2: Use the Anyscale Python SDK with the following script.

delete_users.py

from anyscale.authenticate import get_auth_api_client

def delete_collaborator():
    api_client = get_auth_api_client().api_client
    collaborators = api_client.list_organization_collaborators_api_v2_organization_collaborators_get()

    email_to_remove = input("Enter the email of the collaborator to remove: ")

    # Filter the list to find the collaborator with the matching email
    matching_collaborators = [collaborator for collaborator in collaborators.results if collaborator.email == email_to_remove]
    # Ensure only one collaborator matches the provided email
    assert len(matching_collaborators) == 1, f"Error: Found {len(matching_collaborators)} identities matching {email_to_remove}. Expected 1."

    input(f"Going to delete the following identity:\n{matching_collaborators[0]}\nPress any key to continue...")
    api_client.remove_organization_collaborator_api_v2_organization_collaborators_identity_id_delete(matching_collaborators[0].id)
    print("Collaborator successfully removed.")

delete_collaborator()

Roles​

Add users​

Add users to an organization​

Add users to an Anyscale Cloud​

Modify user roles​

Delete users​