User Management
This page covers how owners and administrators manage who can use a knowledge base.
Where this happens
User management is part of the 3-step KB wizard, on Step 2. To reach it:
- Open the Apps Dashboard.
- Click the ✏️ edit pencil on the row for the KB you want to manage.
- The wizard opens. Click Step 2: Users (or navigate directly via
/apps/{id}/edit?step=2).
You must be the creator of the KB or already an admin (Owner) to reach this page.
The three ways someone gains access
| Method | Who can do it | Used for |
|---|---|---|
| Direct user assignment | KB Admin / Owner | Adding a specific colleague |
| Group assignment | KB Admin / Owner | Granting access to an entire team |
| Join Request approval | KB Admin / Owner | Responding to a user-submitted request |
See Pending Requests for the third method.
Adding an individual user
- In Search User Name or Email, start typing.
- Pick the right person from the dropdown.
- Select their role:
- 👑 Owner — can manage the KB (add/remove users, upload docs, approve requests)
- 👀 Reader — can chat with the KB only
- Click + Add.
The person appears in the user/group table below.
Adding a group
- In Search Group Name, type the Entra group's name.
- Pick the group.
- Click + Add.
There is no Owner role for groups — every member of an added group becomes a Reader. To grant a specific person admin rights, add them individually with Owner role even if they are already in an added group.
When to use groups vs individuals
| Use | Why |
|---|---|
| Group | A whole team needs access (e.g., "Warehouse Madrid Operations" Entra group) — managing one group is easier than 30 users |
| Individual | Cross-team person, contractor, or someone who needs Owner rights |
Group membership is checked at every request, so when someone is added to the Entra group (or removed) they automatically gain or lose KB access — no further action in Genie required.
Changing someone's role
To change a person from Reader to Owner (or vice versa):
- Find them in the user/group table.
- Re-add them in the search box with the new role.
- The table updates in place (no duplicate).
- Click Save Changes.
Removing a user or group
Click the × in the rightmost column of the user/group table.
Caveats:
- The KB creator cannot be removed — this prevents accidental orphaning of the application.
- If you remove a group, every member of that group loses access (unless they're also listed individually).
- Removing a user does not delete their past chats with the KB — chat history is per user and stays even after access is revoked.
Save your changes
Click Save Changes at the bottom of Step 2 to commit your edits. Until you save, nothing is persisted.
If you navigate away with unsaved changes, the "Unsaved changes" dialog will ask whether to stay or discard.
Common scenarios
"I want to give my team access without naming everyone"
- Find or create an Entra group for the team (request via IT Service Desk if it doesn't exist).
- Add the group to the KB as described above.
- Anyone in the group can chat with the KB immediately.
"I want a colleague to help me admin this KB"
Add them as an individual user with the Owner role. Groups can't grant owner rights.
"Someone left the team — how do I revoke?"
- If they were added individually: remove them via the × button.
- If they got access via a group: remove them from the Entra group through IT. Their Genie access goes away on the next token refresh (usually within an hour).
"Someone is signed in but can't see the KB"
- Make sure they've signed out and back in — Entra group memberships are baked into the token at sign-in time.
- Check that they're actually in the right group or list.
- Confirm they're not on a different Entra tenant (contractors / outsourced personnel often are).
What's NOT here
- No bulk import from CSV.
- No "guest" or "view-once" role.
- No expiry date on permissions — access is permanent until you remove it.
- No audit log inside the UI (audit events are stored server-side for compliance — see Security & Privacy).