A Frona install can host more than one user. Each user has their own agents, chats, memory, and policies. Admins manage the user list from the Frona UI.

Self-registration

By default the Register link on the login page is open: anyone who can reach the URL can create an account. For a personal install this is usually fine. For a shared install you'll want to close it and add users manually.

Toggle this with auth.allow_registration in the config file or FRONA_AUTH_ALLOW_REGISTRATION env var:

auth:
  allow_registration: false

When registration is off, the Register page returns an error and the only way to create an account is the admin Add user flow described below.

Admin group

Frona has one built-in privileged group: admins. Members can:

• List all users
• Create users directly
• Promote or demote other users (toggle their admins membership)
• Deactivate or reactivate accounts
• Delete users (subject to the "owns resources" check)

The first user created during setup is automatically added to admins. After that, admins promote each other manually.

Frona refuses any action that would leave the install with zero active admins. You can't demote, deactivate, or delete the last admin. Promote someone else first.

The Users page

In the Frona UI, open Settings → Users. The page is visible to admins only.

You'll see a list of every account on the server, with an Admin badge for members of the admins group and a greyed-out row for deactivated accounts. Each row has actions:

Action	Effect
Grant admin / Revoke admin	Add or remove the user from the admins group.
Deactivate	Block sign-in and disable refresh tokens. The account and all its data are kept. Reactivate any time.
Reactivate	Re-enable a deactivated account.
Delete	Permanently remove the account. Refused if the user still owns chats, agents, or other resources. Delete or reassign their resources first, or Deactivate instead.

Adding a user

1. Click Add user.
2. Fill in Username, Name, Email, and an initial Password.
3. (Optional) Check Make admin to add them to the admins group.
4. Click Create.

Frona doesn't email the new user. Share the password out of band, and have them change it on first login.

Cedar User principal

Admin actions are gated by the same policy engine the rest of Frona uses. The relevant entities:

• Principal Policy::User::"<user_id>". The admin performing the action.
• Actions Policy::Action::"list_users" and Policy::Action::"manage_users".
• Resource Policy::User::"<target_user_id>", or the sentinel Policy::User::"*" for list actions.

The built-in system policy permits these actions only when the principal is in admins. If you need a more granular setup (e.g., a user manager who can add accounts but not promote anyone), write a custom permit policy targeting manage_users on a specific group of users.

Tips

• Set up a second admin early. If you lose the first admin password and there's only one admin, you'll have to reset the database. Promote a second admin as soon as you've created one.
• Prefer deactivate over delete. Deactivated users keep their data; if they come back, you flip a switch. Delete is permanent and refuses to run while the user owns resources, so it's mostly useful for cleaning up empty test accounts.
• Lock down registration on shared installs. Anyone who can reach the URL with allow_registration: true can create an account. Turn it off if the install is reachable from the internet and you don't want public signups.

Next steps

• Setting Up Authentication. Encryption secret, PATs, key rotation.
• Single Sign-On. Replace local password login with Google, Okta, etc.
• Policies. Write custom rules for the manage_users action.