To be able to work with Keboola Connection, each user needs to have the following:
Each user is, system-wide, identified by their email address. This means that you need to enter correct email addresses for existing users. Be especially careful about company aliases; from Keboola Connection’s point of view, they are different users.
All operations performed by a user are technically done using the master token. This is important for tracing operations done by that user.
There are four user roles available:
Note: The ReadOnly role is currently available on all stacks for projects with feature
If you want to add a new user to the project, go to Users & Settings in the project and click the Invite User button:
Enter the user’s email and grant them a role in the project:
The user is listed among the project users with a pending invitation.
If you delete an invitation before it is accepted by the invitee or if the invitee declines it, they will never become a member of the project. The steps that follow an invitation differ depending on whether the user already exists or is new.
If the user does not have a platform-wide Keboola Connection account yet, their name in the user list will be
Not activated yet:
They will receive an invitation email:
When they click the Activate Your Account button, they will be taken to the activation form:
After filling it in, the login form appears. They can immediately login to Keboola Connection and see their invitation to the project they have been invited to. Once they accept it, you will see their chosen screen name in the user list:
If the added user already has a Keboola Connection account, you will see their screen name in the user list right away:
Note: If you intend to invite an existing user, it is a good idea to verify the screen name.
If you see
Not activated yet instead of the screen name, it means that there is no Keboola Connection account associated with the email address.
The user will receive an email invitation:
The link leads to the account settings where the user can see their pending invitations:
Invitations are also shown on the welcome screen with the project list:
Until the user accepts the invitation, they are not allowed to enter the project:
Once the invitation is accepted, the user becomes a member of the project:
You may remove a user from a project by clicking the Remove button in the user list. The user will receive a notification email about being removed from the project. The removal is effective immediately. Any following operations will be unauthorized, regardless of whether the user will be logged in at the moment or not. Removing a user from a project has no effect on the data in it; everything the particular user did there stays untouched. You can also leave a project voluntarily by pressing the Leave button.
Important: However, you will not be able to re-join the project unless someone invites you again or unless you are a member of the project organization.
It is important to understand the concept of organizations to asses what persons might be able to access a specific project. For a quick overview, here is a complete list of persons able to access a given project:
No other user can enter the project. If Auto Join is disabled, maintainer users and Keboola Support staff can see the name of the project and request access which must be approved by a current member of the project.
There are three options for authenticating a Keboola Connection account:
The options are described in detail below.
If you have a Google Account (Gmail), you can use it to authenticate to Keboola Connection. Click the respective button on the login page:
Then follow the Google instructions to authorize Keboola Connection. No configuration in Keboola Connection is necessary to enable Google Account login. Bear in mind, however, that the Google Account email must match the email you are using in Keboola Connection.
Enable multi-factor authentication (MFA) in your account settings. You can review the state of MFA for any user in the user list:
All users listed on the Users & Settings page are project administrators. This means they can perform all operations within the project. If you need to limit authorization to certain operations or data, there are two options to choose from: