User accounts

A user account represents a user's identity in Chronosphere. Accounts can belong to teams.

Administrative users

A user account that's a member of a team with the SysAdmin role has administrative access to Chronosphere features, including the abilities to create teams and user accounts, assign users to teams, and define team permissions.

Authenticating as a user

To authenticate with Chronosphere, a user typically signs in interactively with their user account.

A user account can also use a temporary personal access token for non-interactive authentication, such as with tools like Chronoctl or for clients that interact with the Chronosphere API.

Chronosphere attributes all actions that a user takes to their user account.

User accounts are distinct from service accounts, which provide identities for services and allow administrators to define what each service can access. Service accounts authenticate non-interactively using a unique API token permanently associated with each account.

For details, refer to Service accounts.

View accounts

You can view accounts in the navigation menu, or by using Chronoctl.

In the navigation menu, click Go to Admin and then select Platform > Users.

For details, see Accounts and teams.

Add a user account

To add user accounts, you must use an account that belongs to a team with the SysAdmin role.

This process applies only to accounts without single sign-on enabled. For details, see Authenticating with Chronosphere.

To add a user account, you must have administrative privileges:

  1. In the navigation menu, click Go to Admin and then select Platform > Users.
  2. Click Add user.
  3. Enter the user's email address into the field.
  4. Click Invite User.
  5. Optional: Add the user to a team. Users without an assigned team receive viewer permissions.

Chronosphere sends an invitation email to the address containing a link to verify and access the user account.

After the user accepts the invitation, they must verify their account, at which point the user's email address appears in the list of accounts with a green checkmark.

Delete a user account

To remove a user account from Chronosphere:

  1. If your environment uses a single sign-on (SSO) provider, remove the user account from the identity provider (IdP) permission group to prevent the user from signing in to Chronosphere.
  2. To remove the user account from display in the Chronosphere app itself, create a ticket with Chronosphere Support and request to have the user account deleted.

Users of Okta with SCIM

If you're using Okta and have SCIM integrated with the Chronosphere connection, removing the user from access in the IdP deprovisions and removes the user from the Chronosphere app.

Service accounts


Ensure a service account isn't being used before you delete it. Service account tokens are used by critical components of Chronosphere (including the Chronosphere Collector), and incorrectly deleting a service account can significantly impact your environment.

Deleted user accounts with access to a service account token can continue to access Chronosphere when using tools like Chronoctl and Terraform. To avoid access by these accounts, delete any service accounts created by deleted user accounts. To find these accounts, in the navigation menu, click Go to Admin and then select Platform > Service Accounts and review the Created By column.