Overview
Kissmetrics user management allows you to control who has access to your analytics data, reports, and settings. Proper user management is critical for maintaining security, ensuring compliance, and enabling your team to effectively use behavioral analytics for data-driven decision making.
This guide provides a comprehensive overview of user management capabilities in Kissmetrics, including permission levels, best practices, and links to detailed guides for specific tasks.
Why User Management Matters
Security: Limit access to sensitive customer data and business metrics to authorized personnel only.
Compliance: Meet regulatory requirements (GDPR, SOC 2, HIPAA) by controlling and documenting who can access personal data.
Collaboration: Enable team members to access the insights they need without overwhelming them with unnecessary features or data.
Accountability: Track who makes changes to tracking implementation, reports, and settings through audit logs.
Productivity: Ensure team members have appropriate access levels to perform their jobs effectively.
Permission Levels
Kissmetrics offers several permission levels to match different user roles and responsibilities.
Owner
Full Control: Complete access to all features, data, and settings.
Capabilities:
- Manage billing and subscriptions
- Add, edit, and remove team members
- Access all projects and reports
- Configure tracking and integrations
- Modify account settings
- Delete or transfer account
Typical Roles:
- CEO or business owner
- VP of Analytics or Data
- Account administrator
Limitations:
- Usually only one Owner per account
- Cannot be removed by other users
- Must transfer ownership to remove
Admin
Management Access: Can manage users and settings but not billing.
Capabilities:
- Add, edit, and remove users (except Owner)
- Configure tracking implementation
- Create and manage integrations
- Access all projects and reports
- Modify account settings
- Create and modify dashboards
Cannot Do:
- Manage billing or subscriptions
- Remove or modify Owner permissions
- Delete the account
Typical Roles:
- Analytics Manager
- Product Manager
- Engineering Lead
- Marketing Operations
User
Standard Access: Can create and view reports but cannot manage settings or users.
Capabilities:
- View all reports and dashboards
- Create personal reports and dashboards
- Export data
- Comment and collaborate on reports
- Receive report notifications
- Access assigned projects
Cannot Do:
- Manage other users
- Modify tracking settings
- Configure integrations
- Change account settings
- Manage billing
Typical Roles:
- Marketing Analyst
- Product Analyst
- Data Analyst
- Marketing Manager
- Product Manager
Read-Only
View-Only Access: Can view reports but cannot create or modify anything.
Capabilities:
- View existing reports and dashboards
- Access assigned projects
- Comment on reports (if enabled)
- Receive report notifications
Cannot Do:
- Create new reports or dashboards
- Modify existing reports
- Export data
- Change any settings
- Manage users
Typical Roles:
- Executive leadership
- Stakeholders
- Clients (for agencies)
- Occasional viewers
- Contractors with limited needs
Permission Matrix
| Action | Read-Only | User | Admin | Owner |
|---|---|---|---|---|
| View Reports | ✓ | ✓ | ✓ | ✓ |
| Create Reports | ✗ | ✓ | ✓ | ✓ |
| Edit Reports | ✗ | Own Only | ✓ | ✓ |
| Delete Reports | ✗ | Own Only | ✓ | ✓ |
| Export Data | ✗ | ✓ | ✓ | ✓ |
| Create Dashboards | ✗ | ✓ | ✓ | ✓ |
| Share Reports | ✗ | ✓ | ✓ | ✓ |
| Comment on Reports | ✓* | ✓ | ✓ | ✓ |
| View All Projects | ✗ | Assigned | ✓ | ✓ |
| Configure Tracking | ✗ | ✗ | ✓ | ✓ |
| Manage Integrations | ✗ | ✗ | ✓ | ✓ |
| Add Users | ✗ | ✗ | ✓ | ✓ |
| Edit User Permissions | ✗ | ✗ | ✓ | ✓ |
| Remove Users | ✗ | ✗ | ✓ | ✓ |
| Modify Account Settings | ✗ | ✗ | ✓ | ✓ |
| Manage Billing | ✗ | ✗ | ✗ | ✓ |
| Transfer Ownership | ✗ | ✗ | ✗ | ✓ |
| Delete Account | ✗ | ✗ | ✗ | ✓ |
*May be restricted by Admin settings
User Management Tasks
Adding Users
Invite new team members to access your Kissmetrics account:
Process Overview:
- Navigate to Settings → Team
- Click Invite User
- Enter email address
- Select permission level
- Assign to projects (if applicable)
- Send invitation
See Full Guide: Add User Access
Updating User Permissions
Modify existing user access levels as roles change:
Common Scenarios:
- Promoting User to Admin
- Downgrading Admin to User
- Temporary elevated access
- Project reassignments
See Full Guide: Update User Access
Removing Users
Revoke access when team members leave or no longer need access:
Key Considerations:
- Remove access on or before last day of employment
- Transfer ownership of reports and dashboards
- Document removal for compliance
- Handle different scenarios (termination, contractor completion, security incident)
See Full Guide: Remove User Access
Best Practices
Security Best Practices
Principle of Least Privilege:
- Grant users the minimum access needed for their role
- Start with lower permissions and upgrade as needed
- Regularly review and downgrade unnecessary elevated access
Access Reviews:
- Conduct quarterly user access reviews
- Remove inactive users (no login in 90+ days)
- Verify permissions match current roles
- Document review outcomes
Offboarding Process:
- Remove access on or before last day of employment
- For security incidents, remove immediately
- Transfer ownership of reports before removal
- Keep records of access removal
Strong Authentication:
- Enable Single Sign-On (SSO) if available
- Require strong passwords
- Enable multi-factor authentication (MFA)
- Monitor for suspicious login activity
Role-Based Access Control
Assign permissions based on job function:
Marketing Team:
- Permission: User
- Access: Marketing project
- Can create campaign reports and dashboards
Analytics Team:
- Permission: Admin
- Access: All projects
- Can configure tracking and manage integrations
Executive Team:
- Permission: Read-Only or User
- Access: Executive dashboards
- Can view key metrics without creating reports
IT/Engineering:
- Permission: Admin
- Access: Technical implementation
- Can manage tracking code and integrations
Finance:
- Permission: Owner (for billing) or Read-Only (for viewing)
- Access: Revenue and financial reports
Compliance and Governance
Documentation Requirements:
- Maintain list of all users and their permissions
- Document reason for access (job role)
- Keep records of permission changes
- Log user additions and removals
- Track who made changes and when
- Document approvals for access requests
- Maintain records for required retention period
- Be prepared for compliance audits
Data Protection:
- Limit access to personal data to those who need it
- Train users on data protection obligations
- Implement data retention and deletion policies
- Ensure users understand GDPR, CCPA, or other relevant regulations
Separation of Duties:
- Don't grant everyone Admin access
- Separate billing (Owner) from operational access
- Distribute Admin responsibilities among multiple people
- Implement approval workflows for sensitive changes
Multi-Project Management
For organizations with multiple Kissmetrics projects:
Project-Level Access
Benefits:
- Limit users to relevant projects only
- Separate client or brand access for agencies
- Maintain data segmentation
- Simplify user experience
Implementation:
- Create separate projects for different brands/products
- Assign users to specific projects
- Users only see data for assigned projects
- Maintains data isolation
Use Cases:
- Agencies managing multiple clients
- Multi-brand organizations
- Companies with distinct product lines
- Separating production from test environments
SSO and Advanced Authentication
Single Sign-On (SSO)
Benefits:
- Centralized user management
- Automatic provisioning and deprovisioning
- Enhanced security
- Simplified login experience
- Compliance with corporate security policies
Supported Protocols:
Configuration:
- Contact Kissmetrics to enable SSO
- Configure your identity provider (Okta, Azure AD, etc.)
- Map user attributes and permissions
- Test SSO connection
- Enable for all users
Multi-Factor Authentication (MFA)
Why MFA:
- Adds layer of security beyond passwords
- Protects against compromised credentials
- Required for many compliance frameworks
- Industry best practice
Setup:
- Enable MFA in account settings
- Users configure MFA on next login
- Support authenticator apps (Google Authenticator, Authy)
- Backup codes for account recovery
Troubleshooting Common Issues
User Cannot Log In
Possible Causes:
- Invitation not accepted
- Account locked or disabled
- Incorrect password
- SSO configuration issue
Solutions:
- Verify user is in team member list
- Check if invitation is still pending
- Resend invitation if needed
- Reset password or check SSO settings
User Has Wrong Permissions
Issue: User cannot access needed features or data
Solutions:
- Review user's permission level
- Check project assignments
- Update permissions if needed
- Ask user to log out and back in
Cannot Add More Users
Issue: Reached user limit for plan
Solutions:
- Remove inactive users to free seats
- Upgrade to plan with more user seats
- Contact Kissmetrics sales
Removed User Can Still Access
Issue: User access persists after removal
Solutions:
- Verify removal was saved
- Try removing again
- Ask user to log out completely
- Contact Kissmetrics support if issue persists
User Management Workflow
Standard Operating Procedure
New User Request:
- Receive request (email, ticket, form)
- Verify requestor authorization
- Determine appropriate permission level
- Get manager approval if required
- Add user to Kissmetrics
- Document addition
- Notify user and provide onboarding
Permission Change Request:
- Receive change request
- Verify reason for change
- Get appropriate approval
- Update permissions
- Notify user of change
- Document change
User Removal:
- Receive removal request (HR, manager)
- Verify authorization
- Identify reports to transfer
- Transfer ownership
- Remove user access
- Verify removal successful
- Document removal
Automation
Integration with HR Systems:
- Automatic user provisioning on hire
- Automatic deprovisioning on termination
- Sync user attributes (name, email, department)
- Reduce manual work and errors
SCIM Provisioning:
- Centralized user management
- Automated access control
- Real-time synchronization
- Enhanced security
Detailed Guides
For step-by-step instructions on specific user management tasks:
- Add User Access: Complete guide to inviting new team members
- Update User Access: How to modify user permissions and settings
- Remove User Access: Process for revoking access and offboarding
Key Takeaways
- Choose Appropriate Permissions: Assign the minimum access needed for each user's role
- Review Regularly: Conduct quarterly access reviews to ensure permissions remain appropriate
- Onboard Properly: Provide new users with training and documentation
- Offboard Promptly: Remove access immediately when team members leave
- Document Everything: Maintain records for compliance and audit purposes
- Use SSO When Available: Centralize user management and enhance security
- Monitor Activity: Track user actions through audit logs
- Communicate Changes: Notify users when their access is modified
Effective user management in Kissmetrics balances accessibility with security, ensuring your team can leverage behavioral analytics while protecting sensitive data and maintaining compliance.