Amazon Monitron is no longer open to new customers. Existing customers can continue to use the service as normal. For capabilities similar to Amazon Monitron, see our [blog post](https://aws.amazon.com/blogs/machine-learning/maintain-access-and-consider-alternatives-for-amazon-monitron). # Managing users After creating a project, you need to assign at least one admin user to help manage it. You can also add admin users to a project or remove them from a project later. After using the console to add the first admin user, you can add additional admin users with the Amazon Monitron mobile app. **Important** Amazon Monitron requires an email address for each app user. If you use directories like Microsoft Active Directory or an external ID provider, you need to make sure that email addresses for your users are added and synced. After creating a project or site, you need to add users to them. As an admin user, you can add users to three different roles: `Admin`, `Technician`, or `Viewer`. A user's role determines what they can do with Amazon Monitron. The extent of their role permissions is determined by whether they are added at the project level or at the site level. Setting a user's role at the project level gives the user permissions across all sites in that project. Setting a user's role at the site level gives the user permissions only to that site. **Topics** + [ # Managing admin users ](user-management-chapter.md) + [ # Managing non-admin users ](non-admin-user-management-chapter.md) # Managing admin users After creating a project, you need to assign at least one admin user to help manage it. You can also add admin users to a project or remove them from a project later. After using the console to add the first admin user, you can add additional admin users with the Amazon Monitron mobile app. **Important** Amazon Monitron requires an email address for each app user. If you use directories like Microsoft Active Directory or an external ID provider, you need to make sure that email addresses for your users are added and synced. **Topics** + [ # User directory setup ](mu-adding-user.md) + [ # Adding users as an admin ](adding-users-as-admin.md) + [ # Managing users as an admin user ](viewing-users-as-admin.md) + [ # Removing an admin user ](mu-remove-project-admin.md) + [ # Sending an email invitation ](resending-email.md) # User directory setup Amazon Monitron uses AWS IAM Identity Center to manage user access. Users are added from this IAM Identity Center user directory. How you add an admin user depends on how IAM Identity Center has been set up for your organization. **Important** Amazon Monitron requires an email address for each app user. If you use directories like Microsoft Active Directory or an external ID provider, you need to make sure that email addresses for your users are added and synced. **Topics** + [ ## Understanding SSO requirements ](#sso-requirements) + [ ## Adding admin users using the native IAM Identity Center directory ](#mp-project-admin2) + [ ## Adding admin users using Microsoft Active Directory ](#mp-project-admin3) + [ ## Adding admin users using an external ID provider ](#mp-project-admin4) + [ ## Returning to Amazon Monitron with IAM Identity Center ](#logging-mon-sso) ## Understanding SSO requirements When you create a project, Amazon Monitron automatically detects whether IAM Identity Center has been enabled and configured on your account and whether all prerequisites for using IAM Identity Center with Amazon Monitron are satisfied. If not, Amazon Monitron produces an error and provides a list of prerequisites that are needed. You must meet all prerequisites before you can add admin users. For more information about enabling and configuring IAM Identity Center for your organization, see [AWS Single Sign-On](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html). **Important** Amazon Monitron supports all IAM Identity Center regions except opt-in and government regions. The list of regions supported are: US East (N. Virginia) US East (Ohio) US West (N. California) US West (Oregon) Asia Pacific (Mumbai) Asia Pacific (Tokyo) Asia Pacific (Seoul) Asia Pacific (Osaka) Asia Pacific (Singapore) Asia Pacific (Sydney) Canada (Central) Europe (Frankfurt) Europe (Ireland) Europe (London) Europe (Paris) Europe (Stockholm) South America (São Paulo) ### IAM Identity Center prerequisites Before you can set up IAM Identity Center, you must: + Have first set up the AWS Organizations service and have **All features** set to enabled. For more information about this setting, see [Enabling All Features in Your Organization](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) in the *AWS Organizations User Guide*. + Sign in with the AWS Organizations management account credentials before you begin setting up IAM Identity Center. These credentials are required to enable IAM Identity Center. For more information, see [Creating and Managing an AWS Organization](http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org.html) in the *AWS Organizations User Guide*. You cannot set up IAM Identity Center while signed in with credentials from an Organization’s member account. + Have chosen an identity source to determine which pool of users has SSO access to the user portal. If you choose to use the default IAM Identity Center identity source for your user store, no prerequisite tasks are required. The IAM Identity Center store is created by default once you enable IAM Identity Center and is immediately ready for use. There is no cost for using this store. Alternatively, you can choose to [Connect to your external identity provider](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html) using Azure Active Directory. If you choose to connect to an existing Active Directory for your user store, you must have the following: + An existing AD Connector or AWS Managed Microsoft AD directory set up in AWS Directory Service, and it must reside within your organization's management account. You can connect only one AWS Managed Microsoft AD directory at a time. However, you can change it to a different AWS Managed Microsoft AD directory or change it back to an IAM Identity Center store at any time. For more information, see [Create a AWS Managed Microsoft AD Directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_getting_started.html#ms_ad_getting_started_create_directory) in the *AWS Directory Service Administration Guide*. + Set up IAM Identity Center in the Region where your AWS Managed Microsoft AD directory is set up. IAM Identity Center stores the assignment data in the same Region as the directory. To administer IAM Identity Center, you should switch to the Region where you have setup IAM Identity Center. Also, note that IAM Identity Center’s user portal uses the same [access URL](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_create_access_url.html) as your connected directory. + If you currently filter access to specific Amazon Web Service (AWS) domains or URL endpoints using a web content filtering solution such as next-generation firewalls (NGFW) or secure web gateways (SWG), you must add the following domains and/or URL endpoints to your web-content filtering solution allow-lists in order for IAM Identity Center to work properly: **Specific DNS domains** + \$1.awsapps.com (http://awsapps.com/) + \$1.signin.aws **Specific URL End-points** + https://[yourdirectory].awsapps.com/start + https://[yourdirectory].awsapps.com/login + https://[yourregion].signin.aws/platform/login We highly recommend that before you enable IAM Identity Center you first check to see if your AWS account is approaching the quota limit for IAM roles. For more information, see [IAM object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entities). If you are nearing the quota limit, consider increasing the quota. Otherwise, you may have issues with IAM Identity Center as you provision permission sets to accounts that have exceeded the IAM role limit. ## Adding admin users using the native IAM Identity Center directory The simplest way to add admin users to your project is by using the IAM Identity Center native directory. You can use it by starting to use Amazon Monitron and letting it configure IAM Identity Center at a basic level for you. You can also set up IAM Identity Center before using Amazon Monitron and set it to use the native directory. Either way, you can add users manually and without potentially exposing user identity information to other admin users beyond name and email. **To add an admin user when using the native IAM Identity Center directory** 1. Open the Amazon Monitron console at [ https://console.aws.amazon.com/monitron ](https://console.aws.amazon.com/monitron/). 1. Choose **Create Project**. 1. In the navigation pane, choose the project you want. 1. On the **Users** page, choose the users that you want to assign as admin users. If you can't see a user, search for them. ![\[User interface showing a list of users with display names and email addresses.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/users.png) The users you choose are displayed in the **Selected users** section. 1. If the user you want isn't in the directory, choose **Create user** to add the user. 1. Under **Create a user**, for **Email**, enter the new admin user's email address. ![\[Create user interface with fields for email address, first name, and last name.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/create-user.png) 1. For **First name** and **Last name**, enter the admin's name. 1. Choose **Create User**. 1. When the user's name appears in the directory list, choose **Add** to add the admin users you've selected. 1. Email the admin users an invitation to the project that includes a link to download the Amazon Monitron mobile app. For more information, see [Sending an email invitation](resending-email.md). Amazon Monitron takes you to the project page for your project, where it lists all admin users. ![\[Project admin users interface showing a single user with display name, email, and username fields.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/project-admin-user-list.png) 1. To add additional admin users, choose **Add admin**. Any admin user can add other users using the Amazon Monitron mobile app. For more information, see [Adding a User](https://docs.aws.amazon.com/Monitron/latest/user-guide/adding-user.html) in the *Amazon Monitron User Guide*. ## Adding admin users using Microsoft Active Directory If you use Microsoft Active Directory (AD) for your organization's primary user directory, you can configure IAM Identity Center to use it. IAM Identity Center enables you to connect your self-managed Active Directory as your AWS Managed Microsoft AD directory using AWS Directory Service. This Microsoft AD directory provides you with the pool of identities that you can pull from when using the Amazon Monitron console (or Amazon Monitron mobile app) to assign user roles. **Important** Amazon Monitron requires an email address for each app user. Make sure that email addresses for your users are added and synced. All Amazon Monitron admin users have access to identity information in the user directory that is configured in IAM Identity Center for Amazon Monitron. We strongly recommend using an isolated directory if you want to limit access to user organization information. **To add an admin user using Microsoft Active Directory** 1. Configure IAM Identity Center to connect with your Microsoft Active Directory. The steps involved in this differ depending on whether you're using a self-managed Active Directory or an AWS Managed Microsoft AD directory. For more information, see [Connect to Microsoft AD Directory](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html). 1. Open the Amazon Monitron console at [ https://console.aws.amazon.com/monitron ](https://console.aws.amazon.com/monitron/). 1. Choose **Create Project**. 1. In the navigation pane, choose the project you want. 1. For **Active directory domain**, choose the directory domain from which you want to add identities. ![\[Active directory domain selection interface with user search results and selected users section.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/activedirectory.png) 1. Choose **Users** or **Groups**, depending on how you want to search the user directory. 1. Enter a string in the search box to find the identity you want to add and then choose ** Search**. To limit the number of users returned, enter a longer string in the search box. For example, if you enter "olg" in the search box, the list returns all users with the letters "olg" in their names, such as "Olga Kurth" and "Jamie Folgman." 1. Choose the users you want to assign as admin users. 1. Choose **Add** to add the admin users. ## Adding admin users using an external ID provider If you're using an external Identity provider (IdP), you can configure IAM Identity Center to use that provider through the Security Assertion Markup Language (SAML) 2.0 standard. This provides you with the pool of identities in your IdP directory. You can pull this pool when using the Amazon Monitron console (or Amazon Monitron mobile app) and assign them as admin users. This also enables your users to sign in to Amazon Monitron with their corporate credentials. **Important** Amazon Monitron requires an email address for each app user. Make sure that email addresses for your users are added and synced. All Amazon Monitron admin users have access to identity information in the user directory that is configured in IAM Identity Center for Amazon Monitron. We strongly recommend using an isolated directory if you want to limit access to user organization information. **To add an admin user using an external ID provider (IdP)** 1. Configure AWS IAM Identity Center to connect with your external IdP. The steps involved in this differ based on the provider you're using. For more information, see [Connect to Your External ID Provider](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-idp.html). 1. Open the Amazon Monitron console at [ https://console.aws.amazon.com/monitron ](https://console.aws.amazon.com/monitron/). 1. Choose **Create Project**. 1. In the navigation pane, choose the project you want. 1. On the **Users** page, choose the users that you want to assign as admin users. If you can't see a user, search for them. ![\[User interface showing a list of user profiles with display names and email addresses.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/IdPscreen.png) 1. Choose **Add** to add the admin users. ## Returning to Amazon Monitron with IAM Identity Center When you log out of the Amazon Monitron web app, you may still be signed in to AWS IAM Identity Center. Any other applications that you have opened from the user portal remain open and running. There are two ways to log out of IAM Identity Center: + Log out directly through the IAM Identity Center portal. + Once an hour, AWS IAM Identity Center checks to see if you are actively using any AWS services. If you are not, then you are logged out of IAM Identity Center automatically. ![\[Amazon Monitron sign-out page with logo, service description, and sign back in option.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/log-back-in.png) To learn about admin users using IAM Identity Center, see [User directory setup](#mu-adding-user). To learn about security best practices with Amazon Monitron and IAM Identity Center, see [Security best practices for Amazon Monitron](https://docs.aws.amazon.com/Monitron/latest/user-guide/security-best-practices.html). To learn about using the SSO user portal, see [Using the user portal](https://docs.aws.amazon.com/singlesignon/latest/userguide/using-the-portal). # Adding users as an admin As an admin, you can add other users (including other admin users) in the Amazon Monitron web app. 1. Navigate to the project or site that you want to add a user to, and then to the **Users** list. ![\[Users & Permissions interface showing a list of 8 users with roles, assigned locations, and access levels.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-10.png) 1. Enter a user name. Amazon Monitron searches the user directory for the user. Choose the user from the list and the role you want to assign to the user: **Admin**, **Technician**, or **Viewer**. Then, choose **Add user**. ![\[Users & Permissions interface with a list of users and an "Add user" dialog box.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-1.png) 1. The new user appears on the **Users** list. ![\[Users & Permissions interface showing a list of users with roles and inherited status.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-3.png) Send the new user an email invitation with a link for accessing the project and downloading the Amazon Monitron mobile app. For more information, see [Sending an email invitation](resending-email.md). # Managing users as an admin user As an admin, you can use the list of users to manage users in the Amazon Monitron web app. As project level admin, you can view all users at the project level and all users at a particular site level. The **Users & Permissions** page displays the following information to make user management easier: + **Name** – The name of the user. + **Role** – The role assigned to the user, whether Admin, Technician, Viewer, or any combination of these. + **Assigned locations** – The number of locations the user is assigned to. + **Project level access** – Whether the user has project level access or only specific site level access. 1. Navigate to the project or site that you want to add a user to or update user permissions from, and then to the **Users & Permissions** list. ![\[Users & Permissions interface showing a list of 8 users with roles, assigned locations, and access levels.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-10.png) 1. Select **Edit**. Then, from the **Modify user permissions** page, in **Username**, select the user whose details you want to view or edit. Amazon Monitron displays the list of locations the user is assigned to. ![\[User permissions modification interface showing a dropdown list of users to select.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-7.png) 1. To change the role assigned to the user, select between **Admin**, **Technician**, and **Viewer**. Or, you can choose to **Remove** the user. Then, select **Done**. ![\[User permissions interface showing username search and asset hierarchy with role selection dropdown.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-8.png) Amazon Monitron diplays how the user was assigned permissions to all locations. If a user is assigned an **Admin** role at the project level, they inherit access to all locations within that project. In this case, Amazon Monitron indicates their access level as **Admin – inherited**. ![\[User permissions interface showing admin access for project and inherited admin rights for multiple sites.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-9.png) # Removing an admin user Every project must have at least one admin user. Before removing an admin user from a project, make sure that there is at least one other admin user assigned to it. **Topics** + [ ## To remove an admin user ](#remove-project-admin) ## To remove an admin user 1. Open the Amazon Monitron console at [ https://console.aws.amazon.com/monitron ](https://console.aws.amazon.com/monitron/). 1. Choose **Create Project**. 1. In the navigation pane, choose the project you want. 1. From the **Admin Users** list, choose the user that you want to remove. 1. Choose **Remove**. 1. Choose **Remove** again. The user is removed from the list of admin users for that project. # Sending an email invitation When you add a user to an Amazon Monitron project or site, you send them an email and invite them to download and log in to the Amazon Monitron mobile or web app. This invitation also contains instructions for connecting to your project. **Topics** + [ ## To generate an email invitation to a site or project using the mobile app ](#w2aac28c15c27b7) + [ ## To generate an email invitation to a site or project using the web app ](#w2aac28c15c27b9) ## To generate an email invitation to a site or project using the mobile app 1. Add the user to the site or project. 1. Choose the vertical ellipse icon ( ![\[Three vertical dots representing a menu or more options in a user interface.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/details.png)) next to the user that you added. 1. Choose **Email instructions**. ![\[Dropdown menu with options to email instructions, edit user, and remove user.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/email-invitation.png) Your email application opens with a draft of the email invitation addressed to that user. It contains two links. One link is to download the Amazon Monitron mobile app from the Google Play Store. The other is to open the project to which the user has been added. 1. Verify that the email is correct, and then send it to the user. ## To generate an email invitation to a site or project using the web app 1. Add the user to the site or project. 1. Choose **Users** from the left nav. 1. Choose **Email instructions**. 1. Your email application opens with a draft of the email invitation addressed to that user. It contains two links. One is to download the Amazon Monitron mobile app from the Google Play Store. The other link opens the project to which the user has been added. 1. Verify that the email is correct, and then send it to the user. **Warning** Beware of phishing attacks. An attacker may send an email impersonating a Amazon Monitron project invitation email to your users. Warn them to make sure that the directory name is visible on the login screen before entering their sign-in credentials. # Managing non-admin users After creating a project or site, you need to add users to them. As an admin user, you can add users to three different roles: `Admin`, `Technician`, or `Viewer`. A user's role determines what they can do with Amazon Monitron. The extent of their role permissions is determined by whether they are added at the project level or at the site level. Setting a user's role set at the project level gives the user permissions across all sites in that project. Setting a user's role at the site level gives the use permissions only to that site. **Topics** + [ # Displaying a list of users ](display-user-list.md) + [ # Adding a user ](adding-user.md) + [ # Changing a user role ](editing-user-role.md) + [ # Removing a user ](deleting-user.md) # Displaying a list of users As an admin, you can use the list of users to manage users in the Amazon Monitron app. There are three levels you can choose from (depending on your admin role) to view a list of users: + As project level admin, you can view all users at the project level. + As project level admin, you can view all users at a particular site level. + As site level admin, you can view all users at a particular site level. **Topics** + [ ## To display the list of users in the mobile app ](#w2aac28c19c11b9) + [ ## To display the list of users in the web app ](#w2aac28c19c11c11) ## To display the list of users in the mobile app 1. Log into the Amazon Monitron mobile app on your smartphone. 1. Choose the project or site whose users you want to view. ![\[Dropdown menu showing Project name 1 with three site options, one highlighted in orange.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/site-to-project.png) 1. Choose the menu icon (☰). ![\[Menu icon represented by three horizontal lines (hamburger menu).\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/navigation.png) 1. Choose **Users**. A list of all users associated with the project or site is displayed. ## To display the list of users in the web app The **Users & Permissions** page displays the following information to make user management easier: + **Name** – The name of the user. + **Role** – The role assigned to the user, whether Admin, Technician, Viewer, or any combination of these. + **Assigned locations** – The number of locations the user is assigned to. + **Project level access** – Whether the user has project level access or only specific site level access. 1. Log into the Amazon Monitron web app. 1. Select **Users** from the left nav. The list of users will appear. ![\[Users & Permissions interface showing a list of 8 users with roles, assigned locations, and access levels.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-10.png) 1. Choose the project or site whose users you want to view. A list of all users associated with the project or site is displayed. ![\[Dropdown menu showing Project name 1 with three site options, one highlighted in orange.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/site-to-project.png) # Adding a user When you add a new user, the role you choose determines the permissions that user has. Users can have the following roles: + **Admin**. An admin user has full access to all resources within the project or site to which they've been added. They can add other users, create assets, pair sensors to assets, and so on. They can also monitor assets and acknowledge and resolve abnormalities. If they are added at the project level, these permissions extend through the entire project. If they are added at the site level, these permissions are limited to only that site. + **Technician**. A technician user has read-only permissions to the project or site to which they've been added and permissions for monitoring assets and acknowledging and resolving abnormalities. If they are added at the project level, these permissions extend through the entire project. If they are added at the site level, these permissions are for only that site. + **Read only**. A user with read-only permissions has permission to read (but not add, change, or delete) details of all resources within the project or site to which they've been added. You use the same procedure to add a new user to a project or to a site. **Topics** + [ ## To add a user using the mobile app ](#w2aac28c19c15c13) + [ ## To add a user using the web app ](#w2aac28c19c15c15) ## To add a user using the mobile app 1. Log into the Amazon Monitron mobile app on your smartphone. 1. Navigate to the project or site that you want to add a user to, and then to the **Users** list. 1. Choose **Add user**. ![\[User interface showing a list of users and an "Add user" button in the top right corner.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-list-add.png) 1. Enter a user name. Amazon Monitron searches the user directory for the user. 1. Choose the user from the list. 1. Choose the role that you want to assign the user: **Admin**, **Technician**, or **Viewer**. 1. Choose **Add**. The new user appears on the **Users** list. 1. Send the new user an email invitation with a link for accessing the project and downloading the Amazon Monitron mobile app. For more information, see [Sending an email invitation](resending-email.md). ## To add a user using the web app 1. Navigate to the project or site that you want to add a user to, and then to the **Users** list. ![\[Users & Permissions interface showing a list of users and an "Add user" dialog box.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-1.png) 1. Enter a user name. Amazon Monitron searches the user directory for the user. Choose the user from the list and the role you want to assign to the user: **Admin**, **Technician**, or **Viewer**. Then, choose **Add user**. ![\[Add user dialog box with fields for username and role selection.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-2.png) 1. The new user appears on the **Users** list. ![\[Users & Permissions interface showing a list of users with roles and inherited status.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-3.png) Send the new user an email invitation with a link for accessing the project and downloading the Amazon Monitron mobile app. For more information, see [Sending an email invitation](resending-email.md). # Changing a user role You can change a user's role, but not a user's name. That's because the name is linked to the user directory that is linked to by Amazon Monitron. To change a project or site's users, you must remove the previous users and add the new ones. For information on removing users from a project or site, see [To remove a user using the mobile app](deleting-user.md). For information on adding new users, see [Adding a user](adding-user.md). **Topics** + [ ## To change a user role using the mobile app ](#w2aac28c19c19b9) + [ ## To change a user role using the web app ](#w2aac28c19c19c11) ## To change a user role using the mobile app 1. Log into the Amazon Monitron mobile app on your smartphone. 1. Navigate to the project or site for the user whose role you want to change, and then to the **Users** list. 1. Choose the vertical ellipsis ( ![\[Three vertical dots representing a menu or more options in a user interface.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/details.png)) next to the name of the user whose role you want to change. 1. Choose **Edit user**. 1. Choose a new role for the user: **Admin**, **Technician**, or **Read only**. 1. Choose **Save**. ## To change a user role using the web app 1. Choose **Users** from the navigation pane. ![\[Users & Permissions interface showing a list of users with roles and edit options.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-4.png) 1. Choose **Edit user role**. 1. Choose a new role for the user: **Admin**, **Technician**, or **Viewer**. ![\[User role editing interface showing options to change a user's role to Technician.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-5.png) 1. Choose **Save**. # Removing a user Removing a user removes their permissions to access the site or project. It doesn't affect the user directory. Additionally, if the user has permissions to other sites or projects, this won't remove those permissions. **Topics** + [ ## To remove a user using the mobile app ](#w2aac28c19c23b7) + [ ## To remove a user using the web app ](#w2aac28c19c23b9) ## To remove a user using the mobile app 1. Log into the Amazon Monitron mobile app on your smartphone. 1. Navigate to the project or site, and then to the **Users** list page. 1. Choose the vertical ellipses ( ![\[Three vertical dots representing a menu or more options in a user interface.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/details.png)) next to the user name. 1. Choose **Remove user**. 1. On the **Confirmation** page, choose **Remove**. ## To remove a user using the web app 1. Select **Users** from the nav pane. ![\[Users & Permissions interface showing a list of users with roles and inherited status.\]](http://docs.aws.amazon.com/Monitron/latest/user-guide/images/user-3.png) 1. Select the user that you want to remove. 1. Choose **Remove**.