Miracle Docs
Portal Overview

User Management

Manage users, roles, and permissions for your organization. The Users section lets you invite team members, control what they can access, and deactivate accounts when needed.

Users

The user list shows all active members of your organization. From here you can:

  • View each user's name, email, role, and last active date
  • Edit a user's assigned role
  • Deactivate a user (sets the account status to disabled -- the user loses access but the account is not deleted)

Deactivating a user revokes their access immediately. They will not be able to sign in until reactivated.

Roles

Roles define what a user can see and do in the Portal. Each role bundles a set of granular permissions.

  • Predefined roles cover common use cases (e.g., admin, finance, support). These are available out of the box at every layer.
  • Custom roles let operator and owner organizations create role definitions tailored to their team's structure, with fine-grained permission selection. Merchant-layer organizations use predefined roles only.

The available roles depend on your user layer. Operator organizations see operator-level roles; merchant organizations see merchant-level roles.

Invitations

You invite new users by email. The invitation flow works as follows:

  1. Navigate to Users in the sidebar. For operators, this is inside the Administration section. For merchants, it is inside the Business section.
  2. Click Invite User.
  3. Enter the user's email address.
  4. Select the role to assign.
  5. Click Send Invitation.

The invited user receives an email with a link to create their account through Keycloak. Access is not immediate after registration. The activation flow is:

  1. The user completes Keycloak signup via the invitation link.
  2. On first login, the platform detects the user's pending status.
  3. The platform activates the user, assigns the designated role, and emits a user.activated event.
  4. The user now has access according to their assigned role.

Tracking invitations:

  • Pending invitations appear in the user list with a "Pending" status.
  • You can resend or revoke a pending invitation at any time.

The role dropdown in the invitation form shows only roles appropriate for your organization's layer. Operator users see operator roles; merchant users see merchant roles.

Permissions

Permissions control access at the feature and action level. Each permission grants the ability to perform a specific action (e.g., view transactions, create refunds, manage API keys).

  • Permissions are grouped by domain (Payments, Merchants, Users, etc.)
  • A role is a named collection of permissions
  • The Portal hides sections and actions that the user's role does not include — if you cannot see a button or page, your role lacks the required permission

To see the full list of permissions available for a role, open the role detail page from the Users section.

Live / Test Mode

Previous Page

Webhook Management

Next Page

On this page

UsersRolesInvitationsPermissions