User management

ℹ️For organization owners

Add, remove, and update permissions for users within an Anyscale account. As an organization owner, you can view information and make changes through the console or with an API endpoint.

🔐Looking for SSO?

Anyscale provides Single Sign-On (SSO) built upon the Security Assertion Markup Language (SAML) 2.0 standard. See Configuring SSO to enable IT administrators to manage user access through a single authentication source.

Roles

Two types of users exist in an Anyscale organization:

• Organization owners: Administrators who manage account-level settings like user access, billing, support access, and cloud deployment.
• Organization collaborators: Invited by organization owners. Granted access to resources to interact with the platform, but not edit settings.

See Permissions for more information about organization roles.

Manage users

Organization owners can perform user management actions within the organization, which include:

• User access
• Modifying roles, like converting an existing collaborator to an owner
• Billing
• Support access
• Cloud deployment
• Accessing the Organization settings page in the user's setting dropdown in the top right corner

Add users

Add users to an organization

An organization in Anyscale is a single place for your company and your work.

1. Go to the user menu and select Organization settings. The click the Members tab to view members of the organization.
2. Click the Invite teammates button.
3. Enter the email addresses of the invitees, separated by commas.
4. New members can register with the link sent to their email address.

Add users to an Anyscale cloud

Organization owners must manually add users to each Anyscale Cloud to grant access. Organization collaborators can then view details and create Anyscale clusters like workspaces, jobs, and services using that cloud's resources.

1. Click on the Clouds tab.
2. Select the Cloud you want users to access.
3. Click Grant permission to add users who already exist in the organization.

Auto add users to a cloud

Cloud owners can enable the auto add user feature to grant all organization users cloud collaborator permissions. You can toggle this feature through the UI. From the clouds page, click a cloud name and in the About this cloud section, then toggle the Share with the organization feature. You can also toggle the feature through the CLI with anyscale cloud edit and anyscale cloud update.

Modify user roles

1. Go to the user menu and select Organization settings. The click the Members tab to view members of the organization.
2. Toggle the role to change an existing member to an owner or a collaborator.

Delete users

Remove user from SSO

If your organization set up SSO, remove the user from your SSO Identity Provider's Anyscale integration to fully restrict the user's access.

1. Go to the user menu and select Organization settings. Click the Members tab to view members of the organization.
2. Select the collaborators to remove. To delete an owner, downgrade them to a collaborator first.
3. Confirm deletion.

🗑️ What happens to Anyscale entities created by a deleted user?

Ownership Transfer Table

Note: The following permissions structure applies to organizations created after August 2023. See Permissions.

Entity	Details
Workspaces	Remain running unless you manually terminate them. Duplicate to retain work while assuming ownership.
Jobs	Remain running unless you manually terminate them. Duplicate as Workspaces to submit Jobs and assume ownership.
Services	Remain running unless you manually terminate them. Duplicate as Workspaces to deploy Services and assume ownership.
Schedules	A Schedule terminates when it encounters permission errors. Any user can resume, and they become the new creator of subsequent Jobs. The original schedule creator remains unchanged.
Projects	If the owner deletes the creator, the organization owner becomes the implicit owner. The organization owner can transfer explicit ownership to another user.
Cloud	If the owner deletes the creator, the organization owner becomes the implicit owner. The organization owner can transfer explicit ownership to another user.

💻 Programmatic deletion

Both methods support one-by-one deletion.

• Option 1: Use DELETE /api/v2/organization_collaborators/{identity_id} to remove users with the API endpoint.
• Option 2: Use the Anyscale Python SDK with the following script.

delete_users.py

from anyscale.authenticate import get_auth_api_client

def delete_collaborator():
    api_client = get_auth_api_client().api_client
    collaborators = api_client.list_organization_collaborators_api_v2_organization_collaborators_get()

    email_to_remove = input("Enter the email of the collaborator to remove: ")

    # Filter the list to find the collaborator with the matching email.
    matching_collaborators = [collaborator for collaborator in collaborators.results if collaborator.email == email_to_remove]
    # Ensure only one collaborator matches the provided email.
    assert len(matching_collaborators) == 1, f"Error: Found {len(matching_collaborators)} identities matching {email_to_remove}. Expected 1."

    input(f"Going to delete the following identity:\n{matching_collaborators[0]}\nPress any key to continue...")
    api_client.remove_organization_collaborator_api_v2_organization_collaborators_identity_id_delete(matching_collaborators[0].id)
    print("Collaborator successfully removed.")

delete_collaborator()