Adding Users
Located under Settings > Account Settings > User Accounts, the Add User button provides a form for the creation of a new user. Simply provide basic account information and assign appropriate roles.

User Accounts Tab
Add New User Form
The Add User button opens a form containing the following configurable fields:
- User Type - Determines where the login for this account is managed; it cannot be modified once the account is created. See the User Types section below for the list of options.
- Username - The username used to log into Sandfly; it cannot be modified once the account is created.
- Password - The initial password; it can be changed later by the associated user or an admin.
- Full Name - An identifying name for the associated user.
- Email (optional) - An email address for the associated user.
- Roles - Determines the level of access that this account has on the Sandfly server. See the Roles section below for the list of options.

Add New User Form
Once all of the necessary fields have been filled in, click the Finish button to submit the form.
User Types
The list of options that can be selected for the User Types field:
- Local - The login process and the password for the account are managed by the Sandfly server.
- SSO - The login process for the account is managed by the Single Sign-On (SSO) service that is configured in the Account Settings section.
Roles
The following options can be selected for the Roles field:
- admin - Provides unrestricted access to the Sandfly server.
- power_user - The same permissions as the admin role minus user management and audit log clearing.
- responder - The same permissions as the user role, plus response actions.
- Can be assigned as an additional role to grant admin/power_user accounts access to response actions.
- user - Provides full access to everything except the following sections:
- Audit Log (users cannot clear the log)
- Settings (users can view public options)
- Response Actions (users can only view the log)
- api_result_read - Provides read / GET access to most non-server configuration API calls.¹
- api_scan - Provides API-only access to initiate scans.¹
Refer to the API Endpoint Role Security Matrix for a detailed list of permissions.
¹ - API-only accounts do not provide access to the web interface.