Home  /  Manage Materialize

User and service accounts

As an administrator of a Materialize organization, you can manage the users and apps (via service accounts) that can access your Materialize organization and resources.

Organization roles

During creation of a user/service account in Materialize, the account is assigned an organization role:

Organization role Description
Organization Admin

  • Console access: Has access to all Materialize console features, including administrative features (e.g., invite users, create service accounts, manage billing, and organization settings).

  • Database access: Has superuser privileges in the database.
Organization Member

  • Console access: Has no access to Materialize console administrative features.

  • Database access: Inherits role-level privileges defined by the PUBLIC role; may also have additional privileges via grants or default privileges. See Access control control.
NOTE:

  • The first user for an organization is automatically assigned the Organization Admin role.

  • An Organization Admin has superuser privileges in the database. Following the principle of least privilege, only assign Organization Admin role to those users who require superuser privileges.

  • Users/service accounts can be granted additional database roles and privileges as needed.

User accounts

As an Organization admin, you can invite new users via the Materialize Console. When you invite a new user, Materialize will email the user with an invitation link.

NOTE:

  • Until the user accepts the invitation and logs in, the user is listed as Pending Approval.

  • When the user accepts the invitation, the user can set the user password and log in to activate their account. The first time the user logs in, a database role with the same name as their e-mail address is created, and the account creation is complete.

For instructions on inviting users to your Materialize organization, see Invite users.

Service accounts

💡 Tip: As a best practice, we recommend you use service accounts to connect external applications and services to Materialize.

As an Organization admin, you can create a new service account via the Materialize Console or via Terraform.

NOTE:

  • The new account creation is not finished until the first time you connect with the account.

  • The first time the account connects, a database role with the same name as the specified service account User is created, and the service account creation is complete.

For instructions on creating a new service account in your Materialize organization, see Create service accounts.

Single sign-on (SSO)

As an Organization admin, you can configure single sign-on (SSO) as an additional layer of account security using your existing SAML- or OpenID Connect-based identity provider. This ensures that all users can securely log in to the Materialize Console using the same authentication scheme and credentials across all systems in your organization.

To configure SSO for your Materialize organization, follow this step-by-step guide.

See also

Back to top ↑