Product documentationUpdated February 3, 2026
User Policies
Define org-wide security policies for onboarding—user registration rules, default roles, and password requirements to keep access controlled and compliant.
Overview
User policies define organization-wide rules for onboarding and account security. Configure them early—especially in production—to reduce risk and avoid privilege creep.
User registration settings
Control how new users can join the platform:
- enable email verification
- require admin approval (recommended for enterprise production)
- restrict registration domains (if supported)
Default role settings
Default roles matter because they define what a new user can do on day one. Use the least-privilege role that still enables onboarding.
Related: Role permissions.
Password policy
Use strong password rules to protect accounts:
- minimum length and complexity
- rotation and expiry rules (commonly 60–90 days)
- lockout policies and MFA (where supported)
Best practices
- Require admin approval in production.
- Default new users to Reader or a limited contributor role.
- Review access regularly and remove inactive accounts.
Related articles
Related articles
- AI Settings · Product documentation
- Audit Logs · Product documentation
- Configuration · Product documentation
- Debug Logging · Product documentation
- Email Settings · Product documentation
- Email Templates · Product documentation
Next steps
- Getting started · Install + connect your spec
- Configuration fundamentals · Stabilize runs
- Initial configuration · Users, licensing, projects
- Release notes · Updates and fixes
Still stuck?
Tell us what you’re trying to accomplish and we’ll point you to the right setup—installation, auth, or CI/CD wiring.