> ## Documentation Index > Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt > Use this file to discover all available pages before exploring further. # Manage users > Manage users and user permissions in CoreWeave organizations For more information on user permissions, see [IAM Access Policies](/security/iam/access-policies) and [Legacy User Permissions](/security/iam/access-policies/legacy-permissions). ## Create first administrator account In a new CoreWeave organization, the first user to create a CoreWeave account becomes the first administrator by default. No resources (like CKS Clusters) or additional access policies can be created without an administrator. The first administrator has the following IAM roles by default: * IAM Admin * CKS Admin * Object Storage Admin * Access Token Admin * Access Request Approver The first administrator can assign admin roles to other users through the Cloud Console by creating new [IAM Access Policies](/security/iam/access-policies). An email inviting an admin to join CoreWeave

An email inviting an admin to join CoreWeave

## Invite new users Once the administrator has set up an account, they can access all the features of the Cloud Console. For users with the `IAM Admin` role (or the `admin` legacy group), this includes the ability to invite other users to their organization's namespace through the Cloud Console [Users](https://console.coreweave.com/organization/users) page. An email inviting a user to join CoreWeave

An email inviting a user to join CoreWeave

When an `IAM Admin` user clicks the **Invite User** button, a modal pops up, inviting them to enter information for the user to invite, and to decide which permission groups the user is in. After entering the new user's email, the administrator may then select any desired [permission groups](/security/iam/access-policies/legacy-permissions) from the dropdown menu: A modal which shows three groups an Admin can choose from to invite users to.

A modal which shows three groups an Admin can choose from to invite users to.

Each user has a dedicated [Settings](https://console.coreweave.com/account/settings) page on the Cloud Console, which is accessible via the user icon in the top left corner of the Console window. A gray user settings icon, like the head and shoulders of a blank model

A gray user settings icon, like the head and shoulders of a blank model

## Set up a new user account To set up your user account, click the link sent to you by your administrator. As a user, you may log in either using an email and password combination, a linked social media account, or by using SAML-based Single Sign-On (SSO) if your administrator has configured it for the organization. A blue login screen which asks for user details

A blue login screen which asks for user details

### Sign in with email and password You can create and authenticate an account using the email address your administrator used to invite you, and a secure password. The same blue login screen with the email and password options circled in red

The same blue login screen with the email and password options circled in red

### Sign in with social sign-in If you decide to use email or a pre-existing social media credential, you'll be prompted to link your account to your organization later. GitHub or Gmail can be used as social sign-on **only** if the email address for those accounts matches the one used for your CoreWeave invitation. The Cloud Console login is integrated with Google Workspace and GitHub, so you can also access the Cloud Console using either account. CoreWeave provides support for SAML so users can perform SSO logins. Users with [administrator privileges](/security/authn-authz/orgs-users#administrators) can enable, configure, and manage SAML settings within their organizations via the Cloud Console. ## Change user account settings ### Update account password You update your password from the **Passwords** section of the settings page. After you enter the information and click **Save**, you receive a confirmation email. Entering an incorrect current password will result in no change. A section of a page where a user may enter their current password and a new one in order to change it.

A section of a page where a user may enter their current password and a new one in order to change it.

### Update Cloud Console theme You can also change the theme of the Cloud Console from light to dark mode. This option appears in a dropdown window: A dropdown menu allowing for a choice between light and dark mode

A dropdown menu allowing for a choice between light and dark mode

### Two-factor authentication (2FA) At the bottom of the [User Settings](https://console.coreweave.com/account/settings) page you can enable two-factor authentication for your CoreWeave account. A box with a slider enabling Two-Factor Authentication.

A box with a slider enabling Two-Factor Authentication.

Clicking this slider brings up a modal asking you to re-authenticate by entering your password. After you enter your password, a modal prompts you to scan a QR code in the 2FA app of your choice on another device. A modal with a QR code to link 2FA to an authentication app.

A modal with a QR code to link 2FA to an authentication app.

If you successfully enter the code and set up 2FA with your device, you are prompted to re-authenticate with your OTP every time you log in to the CoreWeave Cloud Console. Disabling 2FA is simpler in reverse. When you turn the slider to the "off" position, 2FA is disabled and a popup confirms the action. ## Deactivating user accounts Users with the `IAM Admin` role (or the `admin` legacy group) may deactivate user accounts, including other accounts with `IAM Admin` privileges. Deactivated accounts cannot access the Cloud Console, nor will the account have authorization to perform any actions outside of the Console. Deactivated accounts are **NOT** deleted from the organization. IAM Admins may re-activate a deactivated user account at any time.