--- page_title: User Management product: JUSPAY Unified Dashboard page_source: https://juspay.io/in/docs/dashboard/docs/tenant-overview/user-management llms_txt: https://juspay.io/in/docs/llms.txt product_llms_txt: https://juspay.io/in/docs/dashboard/llms.txt --- # Juspay Tenant User Management Guide A guide to managing users, roles, and access across your Juspay tenant. This guide covers creating and managing users at the tenant, reseller, and merchant levels including how to grant merchant access, configure roles and permissions, and switch between merchant contexts. --- ## Understanding the Juspay Hierarchy ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/dashboard/Screenshot%202026-04-08%20at%205.12.21%E2%80%AFPM.png) *Entity and User Hierarchy* ### User Types | User type | Access level | Can create | |---|---|---| | Tenant user | Tenant-wide | Merchants, resellers, all user types | | Reseller user | Reseller-specific | Reseller users, merchants (under reseller), merchant users | | Merchant user | Merchant-specific | Merchant users | ### Context Types When you log in or switch entities, you operate in a specific context. Your context determines what you can see and do in the system. | Context | Description | |---|---| | TENANT | Tenant-level operations across all entities | | RESELLER | Reseller-level operations for a specific reseller | | MERCHANT | Merchant-level operations for a specific merchant | --- ## 1. Creating Merchants Merchants can be created by tenant users or reseller users. ### 1.1 As a Tenant Tenants can create merchants with full configuration control: 1. Navigate to **Merchants** → **Create Merchant** 2. Fill in merchant details (ID, name, email, country, etc.) 3. Configure Juspay settings (2FA, merchant track, integration types, industry) 4. Set access control (initial roles/ACL for the merchant) 5. Configure client platforms and products 6. Create merchant ### 1.2 As a Reseller Resellers have a simplified merchant creation flow: 1. Navigate to **Merchants** → **Create Merchant** 2. Fill in basic merchant details 3. Set access control 4. Create merchant (platform config is auto-set) > **Note** > After creating a merchant, create users for it. See the [Merchant Users](https://juspay.io/in/docs/dashboard/docs/tenant-overview/user-management#5.-Managing-Merchant-Users)section. ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/dashboard/Screenshot%202025-10-13%20at%205.05.42%E2%80%AFPM.png) *Create Merchant from Tenant User* --- ## 2. Creating Resellers Only tenant administrators or tenant users with Resellers RW can create resellers. 1. Navigate to **Resellers** → **Create Reseller** 2. Enter reseller information (ID, name, email, type) 3. Configure security settings (2FA, login limits, password policies) 4. Assign payment gateways 5. Create reseller > **Note** > **After creating a reseller** , a admin user with email mentioned in step 2 is automatically created. --- ## 3. Managing Tenant Users **Tenant Users** have the highest level of access in your organization. #### **What tenant users can do** * Access all merchants (direct and under resellers) * Create and manage resellers and merchants * Manage all user types (tenant, reseller, merchant) * Configure tenant-level settings * Access consolidated analytics ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/dashboard/Screenshot%202025-10-13%20at%205.07.53%E2%80%AFPM.png) *Tenant user management Page* ### 3.1 Creating a Tenant User: ### Step 1. Navigate to User Creation Go to **Users** → **Create User** (while in TENANT context) ### Step 2. Enter User Email Email Address: [user@yourcompany.com](mailto:user@yourcompany.com) * Enter email address * Must be unique across the system * Corporate email recommended ### Step 3. Select Merchant Access (Optional) ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/dashboard/Screenshot%202025-10-13%20at%205.08.59%E2%80%AFPM-iDtMU.png) *Merchant Access* As a **tenant user** , you can grant access to: * **All merchants** (leave empty or select all) * **Specific merchants** (select from dropdown) The **Merchant Access** field appears as a multi-select dropdown: * Searchable list of all merchants * Select one or more merchants * User can access selected merchants only * Can be updated later **When to restrict merchant access:** * User should only manage specific merchants * User is responsible for particular business units * Security requirement to limit scope **Leave empty for:** * Full tenant administrators * Users who need access to all current and future merchants ### Step 4. Assign Role Select a tenant-level role: * Tenant Admin * Tenant Operations * Tenant Finance * Tenant Support * Or any custom role you've created Role automatically assigns all appropriate permissions. ### Step 5. Send Invitation * Click **Create User** * User receives invitation email with setup link * Link is valid for 24 hours (configurable) * User must set password and configure 2FA (if required) ### 3.2 Tenant User Invitation Flow 1. **User receives email** with secure setup link 2. **User clicks link** → Redirected to setup page 3. **User sets password** : * Must meet requirements (length, complexity) * Cannot reuse previous passwords 4. **User configures 2FA** (if required): * Authenticator app (Google Authenticator, Authy, etc.) 5. **Account activated** → User can log in 6. **User status** changes to ACTIVE ### 3.3 Managing Existing Tenant Users ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/dashboard/Screenshot%202025-10-13%20at%205.10.13%E2%80%AFPM.png) *Managing Existing Users* #### 3.4 View Tenant Users 1. Navigate to **Users** → **List Users** #### 3.5 Update Tenant User Email 1. Go to user details page 2. Click **Update Email** 3. Enter new email address 4. User must verify new email 5. **Requirement** : User status must be ACTIVE #### 3.6 Update Tenant User Role 1. Go to user details page 2. Click **Update Role** 3. Select new role 4. User's permissions automatically update to match new role 5. Changes take effect immediately #### 3.7 Update Merchant Access See [[Understanding Merchant Access](https://juspay.io/in/docs/dashboard/docs/tenant-overview/user-management#6.-Understanding-Merchant-Access)]section for detailed instructions. #### 3.8 Enable/Disable Tenant User 1. Navigate to user details 2. Toggle **Enabled** status 3. **Disabled users:** 1. Cannot log in 2. Retain all data and permissions 3. Can be re-enabled anytime #### 3.9 Delete Tenant User **Soft Delete** (Reversible): 1. Go to user details 2. Click **Soft Delete** 3. User status changes to SOFT_DEL 4. User cannot log in 5. Can be restored later **Hard Delete** (Permanent): 1. Go to user details 2. Click **Delete** (requires special ACL permission) 3. Confirm action 4. User permanently removed 5. **Cannot be undone** --- ## 4. Managing Reseller Users ### What are Reseller Users? **Reseller Users** have access limited to their reseller's merchants. They can: * Create merchants under their reseller * Manage merchants assigned to their reseller * Create users for their merchants * Switch between their assigned merchants * **Cannot** access tenant settings * **Cannot** access other resellers' merchants ### 4.1 Creating a Reseller User ### Step 1. Switch to Reseller Context **Using Entity Switcher:** 1. Click entity switcher (usually top-right) 2. Select the reseller 3. Context switches to RESELLER **OR from Reseller Details:** 1. Navigate to **Resellers** → **List Resellers** 2. Click on reseller name 3. Go to **Users** tab 4. Click **Create User** ### Step 2. Enter User Email Email: [reselleruser@partnercompany.com](mailto:reselleruser@partnercompany.com) * Single email address * Must be unique * Partner organization email recommended #### ### Step 3. Assign Merchant Access [Optional or can be mandated] The dropdown shows **only merchants belonging to this reseller** : * Select specific merchants for the user * Or select all reseller merchants for full access **Common patterns:** * **Reseller Admin** : Access to all reseller merchants * **Reseller Support** : Access to all or subset of merchants * **Reseller Account Manager** : Access to specific merchant portfolio ### Step 4. Assign Role or Configure ACL Select from available reseller roles: * Reseller Admin * Reseller Operations * Reseller Support * Reseller Analyst * Or any custom reseller role Roles are pre-configured with appropriate permissions for reseller context. ### Step 5. Create User * Click **Create User** * User receives invitation email * User completes setup (password, 2FA) * User can access reseller dashboard ### 4.2 Managing Existing Reseller Users #### View Reseller Users **Method 1: From Reseller Context** 1. Switch to reseller context 2. Navigate to **Users** → **List Users** 3. See all users with access to this reseller **Method 2: From Reseller Details** 1. Go to **Resellers** → **List Resellers** 2. Click on reseller name 3. Click **Users** tab #### 4.3 Update Reseller User Merchant Access 1. Go to reseller user details 2. Click **Update Merchant Access** (or **Change Merchant Access** ) 3. Modal opens showing: 1. Current list of accessible merchants (searchable table) 2. Multi-select dropdown to modify access 4. Add or remove merchants 5. Click **Update Merchant Access** **Validation:** * Cannot update own merchant access * User must be ACTIVE status * Must actually change access (not same as before) * Can only assign merchants within the reseller See [[Understanding Merchant Access](https://juspay.io/in/docs/dashboard/docs/tenant-overview/user-management#6.-Understanding-Merchant-Access)] for more details. #### 4.4 Update Reseller User Role/Permissions The process for managing reseller users is the same as for tenant users. * **Update Role/Permissions** Edit the reseller user and assign the required role or permissions. Changes take effect immediately after saving. * **Enable/Disable Reseller User** Use the status toggle to enable or disable the reseller user account. * **Delete Reseller User** Reseller users can be deleted in the same way as tenant users: * **Soft Delete** – The user is marked as deleted but can be restored later. * **Hard Delete** – The user is permanently removed from the system. --- ## 5. Managing Merchant Users **Merchant Users** have access limited to their specific merchant(s). They can: * View and manage transactions for their merchant * Process refunds (if permitted) * Access merchant analytics * Configure merchant settings (if permitted) * **Cannot** access other merchants * **Cannot** access tenant or reseller settings ### 5.1 Creating a Merchant User ### Step 1. Switch to Merchant Context **Option A: Using Entity Switcher** 1. Click entity switcher 2. Select the merchant 3. Dashboard switches to MERCHANT context **Option B: From Merchant Details** 1. Navigate to **Merchants** → **List Merchants** 2. Click on merchant name 3. Go to **Users** tab 4. Click **Create User** or **Add User** ### Step 2. Enter User Email Email: [merchantuser@merchantcompany.com](mailto:merchantuser@merchantcompany.com) * Single email address * Must be unique * Merchant team member email ### Step 3. Assign Role or Configure ACL Select a merchant-appropriate role: * **Merchant Admin** : Full merchant management * **Merchant Operations** : Day-to-day operations * **Merchant Finance** : Financial reporting and analytics * **Merchant Support** : Customer support operations * **Merchant Analyst** : Analytics access only ### Step 4. Create User * Click **Create User** * User receives invitation email * User completes setup * User can access merchant dashboard ### 5.2 Managing Existing Merchant Users #### View Merchant Users **Method I: From Merchant Details** 1. Navigate to merchant details 2. Click **Users** tab 3. View all users with access to this merchant **Method II: From User List (with Filter)** 1. Navigate to **Users** → **List Users** #### 5.3 Update Merchant User Same process as other user types: * Update email * Update role * Enable/disable * Delete --- ## 6. Understanding Merchant Access **Merchant Access** is a multi-merchant authorization system that allows users to access multiple merchants. Each user has a `merchantsAccess` field containing an array of merchant IDs they can access. ### 6.1 How Merchant Access Works #### For Tenant Users * **Default** : Can access ALL merchants under the tenant * **Restricted** : Can be limited to specific merchants via merchant access * **Scope** : Can see direct merchants and reseller merchants **Example:** * User A: `merchantsAccess = []` → Access to all merchants (implicit) * User B: `merchantsAccess = ["merchant_1", "merchant_2"]` → Only these two merchants #### For Reseller Users * **Default** : Can ONLY access merchants assigned to their reseller * **Restricted** : Can be limited to specific merchants via merchant access * **Cannot** : Access other resellers' merchants or tenant settings **Example:** * Reseller has 50 merchants * Admin user: Access to all 50 merchants under the Reseller * Support user: Access to 10 specific merchants #### For Merchant Users * **Default** : Single merchant access (their own merchant) * **Cannot** : Can’t be granted access to multiple merchants ### 6.2 Granting Merchant Access #### During User Creation 1. When creating a user (especially for tenant/reseller) 2. Look for **Merchant Access** field 3. Multi-select dropdown appears 4. Select one or more merchants 5. User gets access to all selected merchants **Field appearance:** * Searchable dropdown * Shows merchant IDs and names * Multi-select supported * Only shows merchants within user's scope (tenant: all, reseller: reseller's only) #### 6.3 Updating Merchant Access ### Step 1. Navigate to User Details Go to the user's detail page. ### Step 2. Click "Update Merchant Access" Button appears for tenant and reseller users (not for merchant users in merchant context). ### Step 3. Update Merchant Access Modal Opens The modal shows: **Current Merchant Access Table:** - Searchable list of currently accessible merchants - Displays merchant IDs - Shows serial numbers - Pagination (5 merchants per page) - Empty state if no access: "No accessible merchants is present" **Merchant Selection Dropdown:** - Multi-select dropdown - Add or remove merchants - Searchable - Only shows merchants within scope ### Step 4. Modify Access * Use dropdown to add new merchants * Remove merchants from selection to revoke access * Search for specific merchants ### Step 5. Save Changes Click **Update Merchant Access** **Validation:** ✗ Cannot update your own merchant access ✗ User must be in ACTIVE status ✗ Must actually change access (not same as before) ✓ Must select at least one merchant (if configured as mandatory) ### 6.4 Switching Between Merchants Users with access to multiple merchants can switch between them: ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/dashboard/Screenshot%202025-10-13%20at%205.12.06%E2%80%AFPM.png) *Switching User* #### Using the Entity Switcher Users who have access to multiple merchants can switch between them using the Entity Switcher. 1. **Locate the Entity Switcher** The Entity Switcher is usually available in the top-right corner of the header or navigation bar. 2. **Open the Entity Switcher** Click the switcher to view the current entity, for example: * Merchant View with merchant ID * Reseller View with reseller ID * Tenant View with tenant name 3. **Select a Merchant** The dropdown displays all merchants the user can access, including: * Merchant ID * Merchant name, if available 4. **Merchant Context is Updated** After selecting a merchant: * System calls switch API * New token generated with merchant context * Page redirects to merchant dashboard * Success notification: "Switched to MERCHANT Successfully!" * User now sees data for selected merchant only. The system calls the merchant switch API. ### 6.5 Merchant Access Restrictions | Who | Can Update Merchant Access | Restrictions | |---|---|---| | Self | ✗ No | Cannot update own merchant access | | Tenant Admin | ✓ Yes | Can update any user's access to tenant merchants | | Reseller Admin | ✓ Yes | Can update reseller users' access to reseller merchants only | | Merchant Admin | ✗ No | Typically cannot update merchant access (no button in merchant context) | **Required ACL:** * **Tenant context** : `tenants: ReadWrite` * **Reseller context** : `resellers: ReadWrite` ### 6.6 Common Scenarios #### Scenario 1: Tenant Support Agent Across All Merchants **Requirement** : Support agent needs to help customers across all merchants. **Setup:** 1. Create user in TENANT context 2. Assign "Tenant Support" role 3. Leave merchant access empty OR select all merchants 4. User can switch between any merchant to view orders, process refunds #### Scenario 2: Reseller Manager for Specific Portfolio **Requirement** : Reseller has 100 merchants, manager handles 20. **Setup:** 1. Create user in RESELLER context 2. Assign "Reseller Operations" role 3. Select only the 20 specific merchants in merchant access 4. User can only switch between those 20 merchants --- ## 7. Roles and Permissions ### 7.1 Understanding Roles **Roles** are predefined permission sets that simplify user management. **Benefits:** * **Consistency** : Same permissions for all users with the role * **Easy Management** : Assign role instead of configuring individual permissions * **Scalability** : Update role once to affect all users * **Maintainability** : Central permission management ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/dashboard/Screenshot%202025-10-13%20at%205.15.15%E2%80%AFPM.png) *Role Management* ### 7.2 Role Structure Each role contains: | Attribute | Description | |---|---| | Role Name | Display name of the role, for example Merchant Admin. | | Description | Explains the purpose and scope of the role. | | ACL Dictionary | Complete set of permissions for the role, organized by module. | | Is Enabled | Indicates whether the role is active and available for assignment. | | Active Users Count | Number of users currently assigned to the role. | ### 7.3 Permission Levels | Level | Code | Description | |---|---|---| | No Access | NA | User cannot access the module. | | Read | R | User can view the module but cannot make changes. | | Read-Write | RW | User has full access to create, view, edit, and delete. | | Checker | CHECKER | User can approve or reject requests in maker-checker workflows. | ### 7.4 Creating a Custom Role ### Step 1. Navigate to Role Management Go to **Users** → **Roles** → **Create Role** ### Step 2. Enter Role Information **Role Name:** Custom Operations Manager * Descriptive, unique name * Example: "Merchant Operations Manager", "Finance Analyst" **Description:** Manages day-to-day merchant operations with approval rights * Clear description of role purpose * Include scope (tenant/reseller/merchant level) **Is Enabled:** Active * Set to Active to make role immediately available * Set to Inactive to create but not allow assignment yet. ### Step 3. Configure Permissions Select permission level for each module: #### Example: Operations Manager Role | Module | Permission | Reason | |---|---|---| | orders | RW | Full order management | | transactions | RW | View and manage transactions | | refunds | RW | Process refunds | | payment_links | RW | Create and manage payment links | | analytics | R | View reports only | | gateways_configuration | CHECKER | Approve gateway changes in maker-checker workflow | | merchants | R | View merchant information only | | users | RW | Manage users | | settings | R | View settings but cannot modify them | #### **Example: Finance Analyst Role** | Module | Permission | Reason | |---|---|---| | orders | R | View orders only | | transactions | R | View transactions only | | refunds | R | View refunds only | | analytics | R | View all reporting and analytics | | settlement_reports | R | View settlement information | | everything_else | NA | No access to configuration or management modules | #### Example: Support Agent Role | Module | Permission | Reason | |---|---|---| | orders | R | View customer orders | | transactions | R | Check transaction status | | refunds | RW | Process customer refunds | | payment_links | R | View payment links | | analytics | R | Access basic reporting | | configuration_modules | NA | No access to configuration settings | ### Step 4. Review & Create Role * Review the complete permission matrix * Ensure permissions align with role purpose * Verify no unintended access granted * Click **Create Role** * Role is now available for assignment to users ### 7.5 Cloning an Existing Role To create a role based on an existing one: 1. Navigate to **Roles** → **List Roles** 2. Find the role to clone 3. Click **Clone** action 4. System creates "[Original Name] - Copy" 5. Edit the cloned role: * Rename appropriately * Modify permissions as needed 6. Save the role **Use case** : Creating "Senior Support Agent" based on "Support Agent" with additional permissions. ### 7.6 Managing Roles ## View Role Details 1. Navigate to **Roles** → **List Roles** 2. Click on role name 3. View: * Role description * Complete permission matrix (all modules) * List of users assigned to this role * Active users count ## Update Role 1. Go to role details page 2. Click **Edit Role** 3. Modify: * Role name * Description * Individual module permissions 4. Save changes > **Note** > All users with this role immediately get the updated permissions. No separate action needed. > **Warning** > Be careful when updating roles - changes affect all assigned users instantly. ## Enable/Disable Role #### Enable/Disable Role To temporarily disable a role: 1. Go to role details 2. Toggle **Is Enabled** to OFF 3. Confirm action #### **Effects of disabling:** * Users with this role lose access immediately * Role cannot be assigned to new users * Users remain in the system with role attached * Re-enabling the role restores access ## Delete Role **Requirements:** * Role must have 0 active users * All users must be reassigned to other roles first **Steps:** 1. Go to role details 2. Reassign all users to different roles 3. Verify active users count = 0 4. Click **Delete Role** 5. Confirm deletion 6. Role is permanently removed > **Warning** > Role deletion is permanent. ### 7.7 Best Practices for Roles 1. **Principle of Least Privilege** * Grant minimum permissions needed for the job * Start restrictive, expand only when necessary 2. **Clear Naming Conventions** * Use descriptive role names * Include scope in name: "Tenant Finance Analyst", "Reseller Support Agent" 3. **Thorough Descriptions** * Document role purpose clearly * Note intended user types * List key responsibilities 4. **Regular Reviews** * Review role permissions quarterly * Remove unused roles * Update permissions to match business needs 5. **Separation of Duties** * Don't combine maker and checker permissions in one role * Separate operational and approval permissions * Keep financial reporting separate from operations 6. **Role Hierarchy** * Create roles for different seniority levels * Junior, Senior, Manager tiers as needed * Clear permission escalation path --- ## 8. Frequently Asked Questions ### User Creation and Management ## FAQs: ### Can a tenant user or reseller user access multiple merchants? Yes! Users can be granted access to multiple merchants via the **Merchant Access** field. They can switch between merchants using the entity switcher. ### How long are user invitation links valid? By default, 24 hours. This is configurable at the tenant level via the "Email Link Timeout" setting. ### What happens if a user doesn't complete setup within 24 hours? The invitation link expires. User can click on forgot password on login page. ### Can I change a user's email address? Yes, but the user must have ACTIVE status and must verify the new email address. ### What's the difference between disabling and deleting a user? * **Disable** : User cannot log in, but all data is retained. Reversible. * **Soft Delete** : User marked as deleted but can be restored. Reversible. * **Hard Delete** : User permanently removed. Irreversible. ### Merchant Access ## FAQs: ### What happens when a user switches merchants? The system generates a new authentication token with the selected merchant's context. The page refreshes and the user sees data for the selected merchant only. ### Can reseller users access merchants outside their reseller? No. Reseller users are restricted to only the merchants belonging to their reseller. The system enforces this restriction. ### Roles and Permissions ## FAQs: ### What's the difference between R, RW, and CHECKER permissions? * **R (Read)** : View-only access, cannot modify * **RW (Read-Write)** : Full access - create, view, edit, delete * **CHECKER** : Can approve/reject maker-checker workflow requests * **NA (No Access)** : Cannot access the module ### What happens when I update a role's permissions? All users assigned to that role immediately get the updated permissions. There's no delay or separate action needed. ### Can I customize permissions for a user who has a role assigned? Generally no. Role permissions override individual ACL configurations. To customize: * Update the role (affects all users with that role) ### Can I delete a role that has users assigned to it? No. You must first reassign all users to different roles, then delete the role. ### What happens if I disable a role? All users with that role immediately lose access. The role cannot be assigned to new users. Re-enabling restores access. ### Security ## FAQs: ### What should I do if a user account is compromised? Immediately: 1. Disable the user account 2. Review audit logs for suspicious activity 3. Force password reset 4. Enable/verify 2FA 5. Revoke any API keys 6. Investigate scope of breach 7. Report to security team ### How often should users change passwords? Recommended every 90-180 days. This is configurable at the tenant level through password policy settings. ### Can I require 2FA for only certain users (e.g., admins)? 2FA is mandatory in production environment ### Troubleshooting ## FAQs: ### User didn't receive invitation email. What should I do? 1. Check user's spam/junk folder 2. Verify email address is correct (no typos) 3. Check if email link has expired (>24 hours) 4. Resend invitation from user management 5. Verify email service is working 6. Contact Juspay support if issue persists ### User is locked out after failed login attempts. How do I unlock? 1. Navigate to user details page 2. Click **"Unlock Account"** (if available) 3. User can now attempt login again 4. Consider sending password reset if user forgot password ### I can't see the "Update Merchant Access" button. Why? The button only appears for: * Tenant users (in TENANT context) with `tenants: ReadWrite` ACL * Reseller users (in RESELLER context) with `resellers: ReadWrite` ACL * Not shown in MERCHANT context Also check with Juspay if `showMerchantAccessEnabled` config is true. ### Why can't I update merchant access for a user? Check: * User must be in ACTIVE status (not INACTIVE, DORMANT, or SOFT_DEL) * You cannot update your own merchant access * You must actually change access (not same as current) * You need appropriate ACL permissions ### User can't switch to a merchant even though they have access. Why? Verify: * Merchant is in user's `merchantsAccess` array (check user details) * Merchant is enabled (not disabled) * User has active status --- ## See Also - [Slack Notifications](https://juspay.io/in/docs/dashboard/docs/notifications/slack-notifications)