Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.getomni.co/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Omni provides basic user management through the Admin panel. Users are stored in the database and can be managed via the UI or API.
Omni supports Google OAuth out of the box, and optional enterprise Single Sign-On (SSO) via Okta or Microsoft Entra ID. With SSO enabled, you can optionally disable password-based authentication.

Managing Users

Creating Users

  1. Navigate to AdminUsers
  2. Click Add User
  3. Enter the user’s email and name
  4. Set a temporary password
  5. Click Create
The user will be able to log in immediately with the temporary password.

Editing Users

Select a user from the list to:
  • Update their name or email
  • Change their role (Admin or User)
  • Disable or re-enable their account

Resetting Passwords

To reset a user’s password:
  1. Select the user from the list
  2. Click Reset Password
  3. Enter a new temporary password
  4. Share the temporary password with the user securely
Users can change their password after logging in via their profile settings.

Deleting Users

  1. Select the user from the list
  2. Click Delete
  3. Confirm the deletion
Deleting a user is permanent and cannot be undone. Consider disabling the account instead if you may need to restore access later.

User Roles

RolePermissions
ViewerSearch and chat only — read-only access
UserSearch, chat, and manage their own sources
AdminAll user permissions plus: manage users, configure connectors, access admin panel
At least one admin must exist at all times.

API Keys

Each user can create API keys for programmatic access to Omni’s HTTP API. Keys are managed from the user’s profile in SettingsAPI Keys (or via the /api/v1/api-keys endpoint).
ScopeAccess
PublicSearch and document read endpoints only (default)
UserUser-level operations — chats, agents, own sources
AdminOrg-level administrative endpoints; requires the admin role
When creating a key, you can optionally restrict it to an allowed sources list, which is intersected with the user’s own access at request time. Keys are shown in full exactly once at creation time. Omni stores a SHA-256 hash and a short prefix for later identification. Each user is capped at 25 active keys.

Disabling Password Authentication

If SSO is configured, admins can disable password-based login:
  1. Navigate to SettingsAuthentication
  2. Toggle off Password Authentication
At least one other authentication method (Google OAuth, Okta, or Entra ID) must be active before password auth can be disabled. Additionally, the admin performing this action must have signed in via the other method at least once to prevent lockout.