Adding users

You can add users using the CLI or Web UI. Generally the process is:

Invite them to your organization.
After they accept, register a new User account on treasury.
Create an invite Credential for the new user. They will use this to enroll their security key.

warning

Invite credentials currently do not have a binding to SSO. Anyone can use this invitation to enroll a credential to the user account.

Invites must be created with care, and in coordination with other approvers.

Adding a user to your organization

Adding a user to your organization allows them to see the Treasury instance. It does not permit the User to use the Treasury instance in any way.

info

If you are not using single-sign-on for this user, you can skip to enrolling.

After confirming they have accepted the invitation, you can register them to your Treasury instance.

You should be able to select the user that just joined your organization, and then select them roles for them.

Depending on your role, this request may need approval and someone may need to approve it.

Inviting user to Treasury

Create the user. If they have an account in your organization, you can copy their sso user name from treasury admin users list.

treasury users create human haden@cordialsystems.com --sso "<copied-sso-name>" --sign-with "<your-cli-credential>"

Create an invite code for the user (e.g. "haden") to use to enroll. This will likely need approvals.

treasury credentials create-invite "<user-name>"

Another admin can approve the operation.

treasury operations approve "<operation-id>"

The user can then enroll to their Treasury User using their invite code.

Enroll

Enroll. This will create a credential locally on your machine called "user-key".

treasury users enroll --invite "<code>" "<user-id>"