Comprehensive guide to managing user accounts in Directus through the Admin App, API, and command line interface.
Adding Users via Admin App
Method 1: Create User Directly
Navigate to Users Module
- Open Directus Admin at
/admin - Click User Directory in sidebar
- Or navigate to Settings → Access Control → Users
- Open Directus Admin at
Create New User
- Click Create Item (+) button
- Fill in required fields:
- Email - Required, must be unique
- Password - Set initial password
- First Name / Last Name - Optional
- Title - Optional job title
- Description - Optional bio
- Avatar - Optional profile image
- Role - Required, select user role
- Status - Active, Invited, Draft, Suspended, Archived
Assign Role
- Select from existing roles
- Role determines permissions
Click Save
Method 2: Invite User via Email
Create User with "Invited" Status
- Set Status to Invited
- Enter Email
- Optionally set Role
Send Invitation
- User receives email with activation link
- User sets their own password
- User account activates upon completion
Adding Users via API
Create User via REST API
# Create new user
curl --request POST \
--url 'https://your-directus.com/users' \
--header 'Authorization: Bearer YOUR_ADMIN_TOKEN' \
--header 'Content-Type: application/json' \
--data '{
"email": "user@example.com",
"password": "SecurePassword123!",
"first_name": "John",
"last_name": "Doe",
"role": "ROLE_UUID",
"status": "active"
}'
Using Directus SDK
import { createDirectus, rest, createUser, authentication } from '@directus/sdk';
const directus = createDirectus('https://your-directus.com')
.with(authentication())
.with(rest());
// Login as admin
await directus.login('admin@example.com', 'password');
// Create user
const newUser = await directus.request(
createUser({
email: 'user@example.com',
password: 'SecurePassword123!',
first_name: 'John',
last_name: 'Doe',
role: 'role-uuid',
status: 'active',
})
);
console.log('User created:', newUser.id);
Invite User via API
import { inviteUser } from '@directus/sdk';
// Send invitation email
await directus.request(
inviteUser('user@example.com', 'role-uuid')
);
Adding Users via CLI
# Using Directus CLI
npx directus users create \
--email="user@example.com" \
--password="SecurePassword123!" \
--role="role-uuid"
User Roles
Assigning Roles
// Update user role
import { updateUser } from '@directus/sdk';
await directus.request(
updateUser('user-id', {
role: 'new-role-uuid',
})
);
Multiple Roles (Directus 10.5+)
Users can have multiple roles:
await directus.request(
updateUser('user-id', {
role: 'primary-role-uuid',
additional_roles: ['role-uuid-1', 'role-uuid-2'],
})
);
Editing Users
Via Admin App
- Go to User Directory
- Click user to edit
- Modify details
- Click Save
Via API
import { updateUser } from '@directus/sdk';
await directus.request(
updateUser('user-id', {
first_name: 'Jane',
last_name: 'Smith',
title: 'Content Manager',
status: 'active',
})
);
Reset Password
import { passwordRequest, passwordReset } from '@directus/sdk';
// Request password reset (sends email)
await directus.request(
passwordRequest('user@example.com')
);
// Reset with token
await directus.request(
passwordReset('reset-token', 'NewPassword123!')
);
Removing Users
Via Admin App
- Navigate to User Directory
- Select User
- Click user to delete
- Delete User
- Click trash icon or Delete button
- Confirm deletion
- User Permanently Deleted
Soft Delete (Archive)
Instead of deleting, archive users:
await directus.request(
updateUser('user-id', {
status: 'archived',
})
);
Via API
import { deleteUser } from '@directus/sdk';
// Permanently delete user
await directus.request(deleteUser('user-id'));
Bulk User Deletion
import { deleteUsers } from '@directus/sdk';
// Delete multiple users
await directus.request(
deleteUsers(['user-id-1', 'user-id-2', 'user-id-3'])
);
User Statuses
Available Statuses
- active - User can login and access system
- invited - User invited but not activated
- draft - User account in draft state
- suspended - User temporarily disabled
- archived - User soft-deleted
Change Status
// Suspend user
await directus.request(
updateUser('user-id', { status: 'suspended' })
);
// Reactivate user
await directus.request(
updateUser('user-id', { status: 'active' })
);
Bulk User Import
Import from CSV
import { createUsers } from '@directus/sdk';
import { parse } from 'csv-parse/sync';
import fs from 'fs';
const csvContent = fs.readFileSync('users.csv', 'utf-8');
const records = parse(csvContent, { columns: true });
for (const record of records) {
await directus.request(
createUser({
email: record.email,
password: record.password,
first_name: record.first_name,
last_name: record.last_name,
role: record.role_id,
status: 'active',
})
);
}
Security Best Practices
1. Strong Password Policy
Configure in Directus settings:
# .env
AUTH_PASSWORD_POLICY="/^.{8,}$/" # Minimum 8 characters
2. Two-Factor Authentication
Enable 2FA for users:
// Users can enable 2FA in their profile
// Admins can require 2FA per role
3. Regular User Audits
// List inactive users
const { data: inactiveUsers } = await directus.request(
readUsers({
filter: {
last_access: {
_lt: '$NOW(-30d)', // Not accessed in 30 days
},
},
})
);
Troubleshooting
Cannot Create User
Checks:
- Admin permissions
- Unique email address
- Valid role UUID
- Password meets policy requirements
User Cannot Login
Checks:
- User status is
active - Correct email and password
- Role has appropriate permissions
- Account not suspended or archived
Lost Admin Access
Recovery:
# Reset admin password via CLI
npx directus users update admin@example.com --password="NewPassword123!"
Next Steps
- Roles & Permissions - Configure user permissions
- Directus Users API - API reference
- Access Control - Security configuration