---
title: Managing users
description: This topic describes how users and roles are managed for PingOne Privilege.
component: privilege
page_id: privilege:privileged-access-management:admin-tasks/directory/users
canonical_url: https://docs.pingidentity.com/privilege/privileged-access-management/admin-tasks/directory/users.html
revdate: May 8, 2026
section_ids:
  user-types: User types
  administrator-role: Admin
  devops-user-role: User
---

# Managing users

User management for PingOne Privilege is centralized within the PingOne platform. Administrators should use the PingOne admin console to create, update, and delete users. Learn more in [Users](https://docs.pingidentity.com/pingone/directory/p1_aboutusers.html) in the PingOne documentation.

## User types

All users on the PingOne Privilege platform are assigned a type. These types determine a user's permissions and capabilities within the system. The following roles are supported:

* [Admin](#administrator-role)

* [User](#devops-user-role)

### Admin

An admin has full, unrestricted access to all features on the PingOne Privilege platform. They can perform the following actions:

* Manage the lifecycle of resources in Amazon Web Services (AWS), Google Cloud Platform (GCP), Azure, and on-premise environments.

* Configure integrations with third-party applications.

* Manage tenant-wide settings.

### User

A user has access to the self-service portal and can perform the following actions:

* Request just-in-time (JIT) access to resources.

* Connect to approved resources without using static credentials.