Project Users

To be able to work with KBC, each user needs the following:

  • Platform-wide KBC account
  • Access to a specific project

Once users can access a project, they gain full administrative access to that project. Each user is, system-wide, identified by their email address. This means that you need to enter correct email addresses for existing users. Be especially careful about company aliases; from KBC’s point of view, they are different users.

All operations done by a user are technically done using the master token. This is important for tracing operations done by that user.

Inviting a User

If you want to add a new user to the project, go to Users & Settings in the project and click the Invite User button:

Screenshot -- User list

Enter the user’s email:

Screenshot -- User list

The user is listed among the project users with a pending invitation:

Screenshot -- User list with invitation

If you delete an invitation before it is accepted by the invitee or if the invitee declines the invitation, they will never become a member of the project. When an invitation is sent to a user, the next steps are slightly different for new and existing users.

New User

If the user does not yet have a platform-wide KBC account, their user list names will be shown as Not activated yet:

Screenshot -- User invited

And they will receive an invitation email:

Screenshot -- Invitation email to create account

When they follow the link, they will be taken to the activation form:

Screenshot -- Activation form

After that, the users will be taken to the login form. They can immediately login to KBC and see invitation to the project they have been invited to. Once they accept it, you will see their chosen screen name in the user list:

Screenshot -- User joined

Existing User

If the added user already has a KBC account, you will immediately see their screen name in the user list:

Screenshot -- User joined

It is a good idea to verify the screen name if you intend to invite an existing user. If you see Not activated yet instead of the screen name, it means that there is no KBC account associated with the email address. The user will receive an email invitation:

Screenshot -- Invitation email to create account

The link leads to the account settings where the user can see pending invitations:

Screenshot -- Invitations on account settings

Invitations are also shown on the welcome screen with the project list:

Screenshot -- Invitations on project list

Until the user accepts the invitation, they are not allowed to enter the project:

Screenshot -- Project access denied

Once the invitation is accepted, the user becomes a member of the project:

Screenshot -- User joined

Registering Manually

It is also possible to create a KBC account manually by following the Sign Up link from the login page:

Screenshot -- Registration link

Then fill the registration form:

Screenshot -- Registration form

You will then receive a confirmation email with a link to activate the new KBC account.

Screenshot -- Confirmation email

If you have a Gmail account, go to the login page and then straight to Sign in with Google:

Screenshot -- Login Page

Once you authorize KBC in your Google account, a KBC account will be created for you automatically.

Important: If you register to KBC manually, you cannot actually do anything unless someone invites you to a project.

Screenshot -- Project list

Removing a User

You may remove a user from a project by clicking the Remove button in the user list. The user will receive a notification email about being removed from the project. The removal is effective immediately. Any following operations will be unauthorized, regardless of whether the user will be logged in at the moment or not. Removing a user from a project has no effect on the data in it; everything the particular user did there stays untouched. You can also leave a project voluntarily by pressing the Leave button.

Important: However, you will not be able to re-join the project unless someone invites you again or unless you are a member of the project organization.

Who Can Access a Project

It is important to understand the concept of organizations to asses what persons might be able to access a specific project. For a quick overview, here is a complete list of persons able to access a given project:

  • Active users of the project (listed on the Users tab of the Settings page)
  • Users invited to the project (listed on the Users tab of the Settings page with the note Invited)
  • Users of the organization to which the project belongs
  • Users of the maintainer to which the project organization belongs, provided that Auto join is enabled
  • Keboola support staff, provided that Auto join is enabled

In all other cases, the user cannot enter the project. If Auto Join is disabled, maintainers users and Keboola Support staff can see the name of the project and request access which must be approved by a current member of the project.


There are three options for authenticating a KBC account:

  • Google account
  • Combination of an email address and a chosen password
  • Combination of an email address and a chosen password with multi-factor authentication

The options are described in detail below.

Google Account

If you have a Google Account (Gmail), you can use it to authenticate to KBC. Simply click the respective button on the login page

Screenshot -- Login Page

and follow the Google instructions to authorize KBC. No configuration in KBC is necessary to enable Google Account login. Bear in mind, however, that the Google Account email must match the email you are using in KBC.

Multi-Factor Authentication

Enable multi-factor authentication (MFA) in your account settings. You can review the state of MFA for any user in the user list:

Screenshot -- User joined


All users listed on the Users & Settings page are project administrators. This means they can do all operations within the project. If you need to limit authorization to certain operations or data, there are two options to choose from:

  1. Split the project into multiple projects, or
  2. Use Storage Tokens instead of full user accounts.