Navigation

Managing User Accounts

On the Users page, you can mangage user accounts. The Stitch console makes it easy to create test user accounts, delete user accounts, and revoke sessions.

Creating an Email/Password User

In most cases, you do not need to manually create MongoDB Stitch users. If, for example, the Email/Password authentication provider is enabled, users will be prompted to create their own accounts the first time they connect to your Stitch application. For all other authentication providers, the user object is created when an end user authenticates for the first time.

However, for testing and debugging with the Email/Password authentication provider, you can create new users from within the MongoDB Stitch admin console.

Use the following procedure to manually create a new user:

  1. Select Users from the left-side navigation.

  2. Click either the Add New User button.

  3. Specify an email address and password for the new user.

    Note

    The Email/Password authentication provider requires passwords to be between 6 and 128 characters long.

  4. Click Create.

Note

You can also create API keys that applications use to connect to your MongoDB Stitch application. While these are not associated with a single user, they are listed in the Users tab. To learn more about API keys, see API Key Authentication.

Deleting or Disabling a User

There may be a situation when you need to disable or completely remove a user from your MongoDB Stitch application. To do so, use the following procedure:

  1. Select Users from the left-side navigation.
  2. Under the Users tab, find a user in the list and click on the ellipsis (...).
  3. Choose either Disable User or Delete User. Both options invalidate all access tokens and refresh tokens for the user, and the user can no longer log in. Delete User also removes the account from your Stitch application.

Note

Deleting a user will not automatically delete any data in your MongoDB database that you have associated with that user. For example, if you have a todo_items collection with an "owner_id" field, deleting a user will not automatically delete all of their ToDo items. You will need to manually remove those documents from your database if you want to fully remove all traces of that user.

Revoking User Sessions

Situations may arise where you need to log a particular user out of all of their sessions, and prevent them from making further requests until they reauthenticate. The MongoDB Stitch admin console makes this a straightforward process.

Use the following procedure to revoke all the sessions for a particular user:

  1. Select Users from the left-side navigation.
  2. Under the Users tab, find a user in the list and click on the ellipsis (...).
  3. Click Revoke all sessions. This invalidates all access tokens and refresh tokens for that user. This means that to perform any further requests in any of their sessions, they will need to reauthenticate.