Overview: Identity and Access in Invariant Technology

Effective user management is fundamental to maintaining a secure and productive Invariant Technology workspace. It's about defining who has access and how they prove their identity.

At its heart, user management in Invariant revolves around identity and access.

Identity: Every individual interacting with your Invariant workspace needs a unique digital identity. This identity is typically associated with an email address and allows Invariant to distinguish one user from another. Users can be categorized broadly:
- Managed Users (Domain Users): Individuals whose accounts are tied to a domain that your Invariant workspace "owns" or manages (e.g., user@yourcompany.invariant.tech). Their lifecycle and some behaviors can be more tightly controlled by workspace settings.
- External Collaborators: Users from outside your managed domain (e.g., consultant@externaldomain.com) who are invited to collaborate within your workspace.
Authentication: This is the process by which users prove they are who they claim to be. Invariant supports different authentication methods, which we'll discuss further, to validate a user's credentials before granting access.
Authorization (Access Control): Once a user is authenticated, authorization determines what specific resources, features, or data they can access and what actions they can perform. While this guide focuses on identity and authentication, it's important to remember that roles and permissions are the next layer in controlling user capabilities.

The lifecycle of a user typically involves:

Invitation/Creation: A new user is introduced to the system.
Activation/Onboarding: The user confirms their identity and sets up their credentials.
Active Use: The user accesses and utilizes Invariant according to their permissions.
Deactivation/Deletion: The user's access is revoked.

Understanding these fundamental aspects helps in making informed decisions about how to configure and manage your user base effectively.