# User Management ## Organization Member Status Copia makes a distinction between "Primary" and "Non-primary" organization members. Copia also enables organization administrators to control access to Copia for their Primary Organization members via deprovisioning and reprovisioning. ### Primary Organization Members Every Copia user has one Primary Organization. Users become Primary Organization members when they are created by an organization (via email invitation or Directory Sync). Primary membership in an organization means the following: 1. Primary Organization members use the SSO portal associated with their primary organization. 2. SSO requirements for a user are determined by their Primary Organization's settings. 3. Administrators of an organization can deprovision and reprovision Primary members. If a user needs to be assigned to a different Primary Organization, reach out to customer support. ### Non-Primary Organization Members Non-Primary members are any organization members that are not Primary members - they are Primary members of another organization. These members are not subject to your organization's SSO requirements, so you should more carefully audit them. To make this easier, non-Primary membership is highlighted in team and organization UIs, and non-Primary members are always displayed above Primary members in the members section.

Non-primary member shown in the

Non-primary member highlighted within team

### Deprovisioned Members Organization administrators can "deprovision" Primary members, which prevents them from logging into Copia. As such, deprovisioned members **do not** count towards your seat limit. {% hint style="info" %} Deprovisioned members cannot log in to Copia, but deprovisioning a member does not delete their account - it is both **non-destructive** and **reversible.** {% endhint %} **Non-destructive** means the work (commits, PRs, etc.) of deprovisioned users isn't lost, nor are deprovisioned users removed from teams. **Reversible** means members can be reprovisioned. #### Deprovisioning and Reprovisioning Members {% hint style="info" %} The following methods allow Organization administrators to manually deprovision / reprovision members. Copia recommends setting up [Directory Sync](https://docs.copia.io/docs/git-based-source-control/administration/external-id-mgmt#directory-sync) to enable automatic deprovisioning / reprovisioning of members based on Identity Provider events. {% endhint %} Organization administrators can deprovision and reprovision primary members from the members section:

Deprovision option in the "Members" of the

Reprovision option in the "Deprovisioned Users" pane of the

Organization administrators can also deprovision or reprovision primary members from the "Administrative Actions..." dropdown on the user's profile page:

Option to deprovision a user

Confirmation dialog for reprovisioning a user from the Administrative Actions dialog

## Adding and Removing Users {% hint style="warning" %} If using [Team Mapping](https://docs.copia.io/docs/git-based-source-control/administration/external-id-mgmt#group-team-mapping), your organization membership will be controlled exclusively via your Identity Provider, and you will not have the option to add or remove users in Copia. {% endhint %} ### Adding New Users to Your Organization To add a new user to Copia, you'll need to invite them to a specific team within the organization. First, navigate to the "Members" section of the home page.
Once in the *Members* view, click on the *Invite New Member* button. This option will only be available to users who are part of the Owners team.
Enter the user's email address, Initial Team, and (if not using [Single-Role teams](https://docs.copia.io/docs/git-based-source-control/org-settings#single-role-teams)) team privileges for the new individual. Click *Send Invitation* to continue.
{% hint style="info" %} Copia recommends that you do not invite new users directly to the Owners team until after verifying they have joined your organization, as the Owners team has access to dangerous operations (like deleting the entire Organization). {% endhint %} An invitation email will automatically be sent to the invitee. Their account will appear in the Members tab in a pending state until they complete registration. If you'd prefer to cancel the invitation, simply click the *Cancel Invitation* button. Whenever they complete registration, the new Member will be added to your Organization and their account will move from the *Pending Users* tab to the *All Users* tab.
{% hint style="info" %} There is one other mechanism aside from email invitations for adding new Members to your Organization - Directory Sync (SCIM). See[ the instructions](https://docs.copia.io/docs/git-based-source-control/administration/external-id-mgmt#directory-sync) for more details. {% endhint %} ### Removing Users From Your Organization If you set up [Directory Sync (SCIM)](https://docs.copia.io/docs/git-based-source-control/administration/external-id-mgmt#functionality), users lose access to your organization automatically when you remove them in the Identity Provider. If you have not set up Directory Sync and you need to remove a user's access to your organization (for example, if the employee leaves your company), you should remove the user's access manually. {% hint style="info" %} If you remove a Member's access to an Organization, their work will not be deleted. Everyone who has viewing privileges on the repository they worked on can still see it. So if only one Team of many in your Organization has access to a specific repository, everyone on that Team will still be able to see the removed user’s work on that repository, but users in a separate Team will not. This is the same behavior regardless of whether a user has been removed or not. {% endhint %} #### Primary organization members To remove a Primary member's access to Copia, you should [deprovision them as described above](#deprovisioning-and-reprovisioning-members). {% hint style="info" %} All Copia users (even deprovisioned ones) have a primary organization, which is why you cannot remove primary members from your organization. {% endhint %} #### Non-Primary Organization members Organization admins cannot deprovision non-Primary members of their organization, since the lifecycle of those users is controlled by their Primary organization. Instead, you should remove them from the organization:
Find the user in the list, and click *Remove from Org.*