User Management
VoxKey provides two ways to manage users: the Admin Panel (Filament UI) and the Management API (REST).
Admin Panel
Access the admin panel at /admin. Navigate to your realm and open the Users section.
User list
- Search by email, name, or ID
- Filter by suspension status
- View connected identity providers (social logins, passkeys)
User details
Each user profile shows:
- Basic info -- email, name, avatar, phone
- Identities -- connected providers (Google, GitHub, etc.)
- Roles -- assigned realm roles
- Sessions -- active sessions with IP and user agent
- MFA -- enrolled TOTP and WebAuthn factors
User actions
From the admin panel you can:
- Create users with email/password
- Update user profile fields
- Reset a user's password
- Suspend or unsuspend a user
- Assign or revoke roles
- Delete a user account
Management API
For programmatic user management, use the REST API:
# List users
curl https://your-domain.com/api/v1/{realmUUID}/users \
-H "Authorization: Bearer {token}"
# Create user
curl -X POST https://your-domain.com/api/v1/{realmUUID}/users \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{"email": "jane@example.com", "name": "Jane", "password": "secret123"}'
# Suspend user
curl -X PATCH https://your-domain.com/api/v1/{realmUUID}/users/{id}/is-suspended \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{"is_suspended": true}'
Authentication requires an M2M token with users:read / users:write scopes. See the Management API reference for all endpoints.
User lifecycle
- Registration -- user signs up via a provider (email/password, social, passkey)
- Email verification -- if required by realm settings, a one-time code is sent
- Profile completion -- if realm requires additional fields (name, phone)
- MFA enrollment -- if realm MFA policy is Required or Skippable
- Active -- user can authenticate and receive tokens
- Suspended -- admin blocks the user; all new token requests are rejected
- Deleted -- user data is removed from the realm