User management lets you control who has access to the Pearl Platform and what they can do in it. From the Users page, you can invite new users, update roles and positions, deactivate accounts, and manage subgroup access.
You need the User Management or All Pearl Features role to perform these actions. For a full breakdown of roles, see User Roles.
Navigating to user management
Log in to the Pearl Platform.
In the primary navigation, select Administration.
Select Users.
You'll see a table listing all users in your organization, including their name, email, position, roles, and current status.
Understanding user statuses
Status | Meaning |
Invited | An invitation email has been sent. The user hasn't accepted it yet. Applies to non-SSO accounts only. |
Pending | The user has confirmed their account and is awaiting admin approval. Applies to non-SSO accounts only. |
Active | The account is active and the user can log in. |
Inactive | The user has been deactivated and can't log in. Their account and data are preserved. |
Password reset required | The user must set a new password before they can log in. Applies to non-SSO accounts only. |
Unauthorized | The account exists but hasn't been assigned roles or authorized yet. Applies to SSO accounts only. |
Adding a user
On the Users page, click Add User and fill in the following fields:
Field | Required | Notes |
First Name | Yes |
|
Last Name | Yes |
|
Yes | Must be a valid email address. Can't be changed after the account is created. | |
Position | Yes | The user's role at the practice. See User Roles. |
Features User Can Access | Yes | One or more platform roles. See User Roles. |
SSO | Conditional | Only shown if your organization has SSO configured. Can't be changed after the account is created. |
When finished, click Save.
The new user will receive an invitation email with instructions to set their password and access the platform. Their status will show as Invited until they complete setup.
Note: Local (non-SSO) accounts go through an account approval step before the user can access the platform. See Account approval below for details.
Account approval
When a local account user accepts their invitation and sets a password, their status changes to Pending. They're blocked from accessing the platform until an admin completes the approval step.
This is a one-time verification that confirms the person is who they say they are and ensures they're granted the right level of access. SSO users bypass this step entirely.
What the user sees
While their account is Pending, the user sees a waiting screen with the message:
"Approval has been requested. We've requested final approval from your Pearl administrator(s) to finish your account setup."
They can't navigate anywhere else in the platform. If they log out and back in, they'll continue to see this screen until an admin approves their account.
What you need to do
When a user is waiting for approval, all organization admins receive an email alert with a direct link to the pending user.
To approve a pending user:
Go to Administration > Users.
Filter by Status: Pending.
Click the action menu (⋮) next to the user.
Select Approve User.
Confirm or assign the user's Position and Features User Can Access.
Click Save.
The user's status changes to Active immediately. They'll receive a confirmation email, and if they have the waiting screen open in their browser, it will refresh automatically and take them into the platform.
Tip: The admin alert email includes a direct link that opens the Users table pre-filtered to show pending users only.
SSO users and account approval
SSO users are activated automatically when they first log in through your organization's identity provider. They don't go through the pending/approval flow.
Your organization's identity provider also controls access to Pearl. To successfully log in, users must be authorized in your identity provider and created in the Pearl Platform.
If an SSO user logs in for the first time without being pre-provisioned in Pearl, their account may appear as Unauthorized. An admin will need to follow these steps:
Find the user. Use the Status filter to show only Unauthorized users.
Click the action menu (⋮) and select Authorize User.
Assign the user's Position and Features User Can Access.
Click Save.
The user's status changes to Active and they'll receive a confirmation email.
Editing a user
You can update a user's name, position, and roles at any time. Email and SSO settings can't be changed after the account is created.
On the Users page, find the user you want to edit.
Click the action menu (⋮) on the right side of their row.
Select Edit User.
Update the relevant fields.
Click Save.
Changes take effect immediately.
Note: You can't edit your own role or position. Another admin must make that update.
Deactivating a user
Deactivating a user prevents them from logging in without deleting their account or data. Use this when someone leaves the organization or no longer needs access.
On the Users page, find the user to deactivate.
Click the action menu (⋮) on the right side of their row.
Select Set as Inactive.
The user's status changes to Inactive. Their account and history are preserved and the action can be reversed at any time.
Reactivating a user
On the Users page, find the inactive user. Use the Status filter to show inactive users if needed.
Click the action menu (⋮) on the right side of their row.
Select Set as Active.
The user's status changes to Active and they can log in with their existing credentials.
Other user actions
Resend invitation
If a user didn't receive their invitation email or the link has expired:
Find the user in the Users table (status: Invited).
Click the action menu (⋮) and select Resend Invitation.
The user will receive a fresh invitation email.
Reset password
Find the user in the Users table.
Click the action menu (⋮) and select Reset Password.
The user will receive an email with instructions to set a new password. Their status may change to Password reset required until they complete it.
Manage subgroup access
If your organization uses subgroups (such as TINs, CCNs, or NPIs), you can control which subgroups a user belongs to. Note that subgroups themselves are created and configured by Pearl internally — contact your Customer Success rep if you need a subgroup added or changed.
Find the user in the Users table.
Click the action menu (⋮) and select Manage Subgroups.
Add or remove the user from the relevant subgroups.
Click Save.
FAQs
Can I change a user's email address?
No. Email addresses can't be changed after an account is created. If a user's email has changed, you'll need to deactivate the old account and create a new one.
Why can't I edit my own role or position?
This is a platform restriction to prevent accidental or unauthorized privilege changes. Another admin in your organization can update your role or position.
What's the difference between Pending and Unauthorized?
Pending means a local account user accepted their invitation and is waiting for admin approval. Unauthorized means an SSO user logged in for the first time without being pre-provisioned in Pearl. Both require admin action before the account is active.
What happens to a deactivated user's data?
Their account history and data are fully preserved. Deactivating a user doesn't delete anything — it just prevents them from logging in. You can reactivate the account at any time.
For additional help, contact your Customer Success rep or email help@pearlhealth.com.