# Freemium user management You and your team want **secure** and sustainable access to your IoT solution, with **full insight** and **control**. To achieve this, assigning the right roles and permissions is essential. To achieve this, assinging the right roles and permissions is done in **GRIP**. This **Identity and Access Management** platform is developed by KPN, specifically designed for Business Users. It enables organizations to **securely** and **efficiently** manage access to their applications and services. To assign roles, you must be an **admin** of the account. As an administrator, you can add or remove users and configuratie roles and permissions for your services. {% hint style="success" %} If you’re the one who **created** the Freemium account, you automatically become the account **admin**. {% endhint %} ## Access the User Management section As a **Freemium** user, you always access the user management section through the **Things Portal**. {% stepper %} {% step %} Go to [portal.kpnthings.com/manager](https://portal.kpnthings.com/manager) or go to [KPN Things Portal](https://portal.kpnthings.com/) and click on **My KPN user details** the account details menu in the **top right corner** to display the Services and Roles menu

{% endstep %} {% step %} Click on your **name** in the account details menu in the **top right corner** to display the management overview page

{% endstep %} {% step %} For **documentation** about how to manage users read the next section. {% endstep %} {% endstepper %} ## Managing Users in GRIP The information below explains **how to manage users**, including adding and removing users, and managing roles and permissions. Once you have accessed the **User Management** section in **GRIP**, you can perform several actions to **control access** within your organization. ### **What functionalities do you have** **Review existing users, add and delete users**\ View the list of all users in your organization, including their roles and assigned services. Invite new team members by creating users accounts or deleting users who no longer need access to your services. **Edit or give permissions to an added or existing user**\ Modify user information, roles and permissions to ensure they have the correct level of access to your services. {% hint style="info" %} **Why this matters**\ Managing users and permissions in GRIP ensures that only **authorized** individuals can access your applications and IoT services. This helps maintain **security** and **compliance** across your organization. {% endhint %} ## Review existing users, add and delete users In the User Management table, you can see all current users along with their assigned roles and permissions. This overview helps you quickly check who has access to which services. **Add, Remove or Modify Users** 1. To add a new user, click **Add User** at the top of the page 2. To modify a user, click the **three dots** ⋮ and select **Edit** 3. To remove a user, click the **three dots** ⋮ and select **Deactivate** or **Delete**

{% hint style="info" %} To give you the opportunity to **reactivate** an account without having to create it again, a **deleted user** will remain visible in the overview for **10 days** before it is completely removed. {% endhint %} ## Edit or give permissions to an added or existing user For a **New User** you click on the **Add User** at the top of the page and provide the general information. {% stepper %} {% step %} ### **Provide the general information** 1. Fill in the **general details** of the new user 2. Select the **Send email to set password option** to send a password email immediately. This can also be done at a later time, for example after you’ve configured all roles and permissions. 3. Click the **Add User** button

{% hint style="info" %} For **Freemium** users a phone number is **optional**. {% endhint %} After adding the user, the next screen opens where you can optionally enter **additional** information about the user. This information is **not required** for using your account, but it can be used for your own administration. 4. Add **additional** general details *(optional)* 5. Add even more information like **job title** or **office location** *(optional)* 6. Select the **preferred** language setting 7. Click the **Save Changes** button

{% endstep %} {% endstepper %} ### Assigning Services and Roles {% stepper %} {% step %} ### Select Services and Roles 1. Navigate to the **Services and Roles** tab 2. If the user should be able to **manage** other users, enable the **Admin** role 3. Click **Save Changes** 4. Click **+ Assign services and roles** button to add specific **services**

Select the **appropriate** services and roles based on the user’s **responsibilities**. The example below grants the user **full access** to the features within the KPN Things Portal.

{% hint style="danger" %} The **admin** is **responsible** for assigning the correct permissions to the user. Please note that someone with admin rights can also grant **themselves** additional permissions. {% endhint %} {% endstep %} {% endstepper %} ## Services and Roles explained The below list shows the **available roles** for services that are used within the **KPN IOT solution** and describes what **levels** of access each of the roles gives to the user in **KPN Things portal**.

The central identity solution behind every account

Provides the user with an **Admin** account to access and give **assigned services**.

Role	Description	Access
_Admin	_{Full user management, including own account.}	_{View and manage services and roles of other users; add, modify or remove users.}

The foundation for your IoT applications

The starting point for your IoT service and manage the IoT solution. We advise that every user has a **Things Manager** and **Things Support** role. {% hint style="warning" %} **Make sure to select only one role per item**\ If you choose multiple roles - such as *Thing Manager - Admin* and *Thing Manager - Read Only -* the lowest role will **override** the highest. In this example, you would only have **Read Only** access. {% endhint %} #### **Things Creator** These roles are **only needed** if you manage your devices, decoders and scripts via KPN Things. If only connectivity features are used, these roles are not required.

Role	Description	Access
_{Things Creator - Admin}	_{Full access to Things Creator tab.}	_{Add modify or remove devices types, decoders and scripts.}
_{Things Creator - Read Only}	_{Read-only access to Things Creator tab.}	_{View device types, decoders, and scripts.}

#### **Things Manager** We recommend granting the user at least **KPN Things - Read Only** access. This ensures insights into the IoT solution and enables options such as making exports of **connectivity** items available.

Role	Description	Access
_{Things Manager - Admin}	_{Full access to Things Manager tab.}	_{Add, modify, or remove devices, flows, destinations and manage connectivity.}
_{Things Manager - Editor}	_{Full access except for deleting to Things Manager tab.}	_{Add, modify, or remove devices, flows, destinations and manage connectivity except the right to delete.}
_{Things Manager - Read Only}	_{Read only access to Things Manager tab.}	_{View devices, flows, destinations and connectivity.}

#### **Things Support** We advise that **every** user has access to this role in order to see **documents** and access to links to **contact** information. Assigning this role also **subscribes** you to **service emails.**

Role	Description	Access
_{Things Support - User}	_{Access to the Things Support tab.}	_{View news, release notes, documents, service status, reports and contact info and recieve service emails.}