Users & roles FAQ

What roles exist?

• OWNER — everything, including billing + tenant delete.
• ADMIN — same as Owner minus billing + tenant delete.
• MEMBER — operator-level (view, resolve alerts, open consoles).

Plus SUPER_ADMIN which is Sikurd-internal — that's us, not you.

Can I have multiple owners?

Yes. Promote a Member to Owner in Settings → Team → ⋯ → Change role. Most tenants have 1–2 owners.

How do I transfer ownership?

Invite the new owner with OWNER role. Then either demote yourself to Admin (you can do that yourself), or email help@sikurd.com and we'll demote you. Self-service ownership transfer is on the roadmap.

Can Members see billing?

No. The Billing section is hidden for Members; the API also refuses their requests for billing operations.

Can I restrict a Member to specific instances?

Yes (Pro+). Settings → Team → row → Manage instance access → tick the allowed instances. They only see those in lists, dashboards, alerts filter, etc.

Note: Instance access restriction is the primary UI gate today. A small number of API endpoints still scope only by tenant (we're closing those). For high-security use, keep restricted Members at OWNER discretion until that work lands.

SSO

Microsoft 365 SSO is available on Pro+. Email help@sikurd.com to enable — the setup involves an admin consent step on your tenant.

SCIM provisioning (auto-create users from your IdP) is on the Enterprise roadmap.

API tokens

Pro+ tenants can mint long-lived API tokens for headless integrations under Settings → API tokens. Tokens carry the role of the user that created them.

Forgotten password

Use the Forgot password? link on the sign-in page. We email a one-time link. If you're an Owner locked out entirely, email help@sikurd.com — our team can reset the password and you'll receive an email with who did the reset and when.

Removing a user

⋯ menu → Remove. Hard delete. Their historical actions stay in the audit log.