Add User Access | OpsBlu Docs

Add User Access

Add new users and grant access in Umami — role assignment, permission levels, and onboarding steps.

Use this workflow to create new user accounts in your Umami installation and grant them access to analytics data.

Prerequisites

Before creating a user, verify:

  • You have Admin role permissions (only Admins can create users)
  • You've determined the appropriate role: Admin (full system access) or User (analytics viewing only)
  • You've identified which websites this user should access
  • You have a secure method to share the initial password with the user
  • You've documented the business justification for creating this account

Step-by-Step: Create User Account

1. Access User Management

  1. Log into Umami with an Admin account
  2. Click Settings in the navigation
  3. Select Users from the settings menu
  4. Review existing users to ensure you're not creating a duplicate

2. Initiate User Creation

  1. Click Add User or Create User button
  2. The user creation form appears

3. Configure User Details

Username:

  • Enter a unique username (typically firstname.lastname or email format)
  • Usernames cannot be changed later - choose carefully
  • For clients, consider naming convention like "client-companyname"
  • For service accounts, use descriptive names like "reporting-service"

Password:

  • Set a strong initial password
  • Umami has minimal password requirements - enforce your own policy
  • Plan to share this securely (password manager, encrypted message)
  • Instruct user to change password on first login

Role:

  • Select Admin for users who need to manage other users, create websites, and access all data
  • Select User for standard analytics viewers who should only see assigned websites
  • Default to User role unless Admin capabilities are genuinely needed

4. Assign Website Access (For User Role)

If you selected User role:

  1. A list of websites appears
  2. Check the box next to each website this user should access
  3. Only select websites relevant to their responsibilities
  4. For clients, select only their specific website(s)
  5. For contractors, select only projects they're actively supporting

If you selected Admin role:

  • Admins automatically see all websites
  • Website selection is not available for Admin accounts

5. Create the Account

  1. Review all settings: username, role, website access
  2. Click Create, Save, or Add User
  3. The account is created immediately and appears in the users list
  4. User can log in right away with the credentials you set

6. Share Credentials Securely

  1. Never email passwords in plain text
  2. Use secure methods:
    • Password manager with shared vault feature
    • Encrypted messaging app
    • In-person or phone delivery with requirement to change immediately
    • Secure company portal or credential management system
  3. Include login URL for your Umami instance
  4. Instruct user to change password on first login
  5. Provide brief orientation on their role and capabilities

After Creation: Next Steps

Document the account:

  • Record creation date, username, role, assigned websites, and business justification
  • Add to your access control spreadsheet or IAM documentation
  • For temporary access (contractors), set calendar reminder for account removal

Verify access:

  • Ask user to log in and confirm they can access expected websites
  • For User accounts, verify they see only assigned websites, not all websites
  • For Admin accounts, verify they can access user management and website creation

Provide orientation:

  • For Users: Explain which websites they can access and basic navigation
  • For Admins: Brief on responsibilities including user management and website creation
  • Share any organizational policies for Umami usage

Common Creation Scenarios

New Employee Onboarding

Situation: Permanent team member needs analytics access.

Approach:

  1. Create User account with company naming convention (firstname.lastname)
  2. Assign User role (promote to Admin later if needed)
  3. Grant access to websites relevant to their department or role
  4. Set strong initial password and share securely
  5. No removal date needed for permanent employees

Client Dashboard Access

Situation: Client wants to view their own analytics.

Approach:

  1. Create User account (never Admin for external parties)
  2. Use naming convention like "client-acmecorp" for easy identification
  3. Grant access only to client's specific website(s)
  4. Generate strong password and share via secure channel
  5. Provide brief tutorial on reading their dashboard
  6. Document which client contact owns this account

Contractor Engagement

Situation: 3-month contractor hired for analytics implementation.

Approach:

  1. Determine role based on needs: Admin if configuring tracking, User if only analyzing
  2. Create account with contractor company or project name in username
  3. Grant access only to relevant client websites
  4. Document contract end date
  5. Set calendar reminder to delete account when engagement concludes
  6. Brief contractor on scope of access and any restrictions

Service Account for API/Automation

Situation: Need account for automated reporting or API integration.

Approach:

  1. Create User account with descriptive name (e.g., "api-reporting", "automation-exports")
  2. Grant minimal website access required for the automation
  3. Store credentials in secrets management system, not personal password manager
  4. Document which systems/scripts use this account
  5. Never use personal accounts for automation
  6. Rotate password annually or when team members with access leave

Internal Analyst Team

Situation: Marketing team needs access to multiple websites for reporting.

Approach:

  1. Create User accounts for each team member
  2. Grant access to all marketing-related websites
  3. As new websites are added to Umami, remember to grant access manually
  4. Consider creating one Admin for the team lead if they manage analytics
  5. Standard team members should have User role

Troubleshooting Creation Issues

Username Already Exists

Symptoms: Error message that username is taken.

Solutions:

  1. Choose a different username - usernames must be unique
  2. Check if user already exists (may have been created previously)
  3. Use naming conventions that prevent collisions (include department, role, or number)

Cannot Assign Websites to Admin

Symptoms: Website selection checkboxes are disabled for Admin role.

Solutions:

  1. This is expected behavior - Admins automatically access all websites
  2. If user should only see specific websites, create as User role instead
  3. Admins have unrestricted access - limit this role severely

User Cannot Log In After Creation

Symptoms: User reports login failure immediately after account creation.

Solutions:

  1. Verify username and password were communicated correctly (check for typos)
  2. Confirm user is accessing the correct Umami instance URL
  3. Try resetting the password using the update procedure
  4. Verify account actually exists in user list
  5. Check Umami server logs for authentication errors

User Sees No Websites After Login

Symptoms: User account created successfully but user sees no data.

Solutions:

  1. For User role, verify you assigned at least one website during creation
  2. Edit the user and add website access
  3. Have user log out and back in to refresh
  4. Verify the websites you assigned actually exist in Umami

Security Best Practices

Role assignment:

  • Default to User role for 90% of accounts
  • Limit Admin to 2-3 trusted individuals
  • Never grant Admin to external parties (clients, contractors)
  • Document business justification for any Admin role assignment

Password security:

  • Generate strong initial passwords (16+ characters, mixed case, numbers, symbols)
  • Never reuse passwords across accounts
  • Share passwords only through secure channels
  • Require users to change password on first login
  • For service accounts, store in secrets management system

Access scoping:

  • Apply principle of least privilege - minimum websites needed
  • For multi-client agencies, strict website scoping prevents data leaks
  • Review website assignments quarterly
  • Remove access to websites when projects complete

Documentation:

  • Log every account creation with date, creator, role, and justification
  • Maintain mapping of users to websites for audit purposes
  • Set expiration reminders for contractor and temporary accounts
  • Track service accounts separately from human user accounts

Compliance Documentation

For each user creation, document:

  • Creation date and time
  • Username created
  • Role assigned (Admin or User)
  • Websites granted access to (for User role)
  • Business justification (new employee, client access, contractor, etc.)
  • Creator (which Admin created the account)
  • Expected duration (for temporary accounts)
  • Password delivery method

Maintain these records for compliance retention period (typically 7 years for regulated industries). Since Umami is self-hosted with minimal audit logging, external documentation is critical.

Back to top