Manage users and access in EVO (Admin Guide)

This guide explains the entire workflow for creating a new user and managing their access in EVO. You can create regular users with either full or limited access, as well as API users for integrations.

A user can only belong to one organization

It is important to know that each user account in EVO (identified by the email address) can only belong to one organization. If a person needs access to meters in multiple organizations, they must have a separate user with a unique email address for each organization.

Step 1: Prepare for access (for limited access only)

If the new user should have limited access to a specific selection of meters, you must prepare this first. If the user should have full access to all meters in the main organization, you can skip directly to Step 2: Create the user.

A) Create a selection

Start by creating a selection that contains the exact sites the user should have access to. It's important to note that selections that are to be shared with other organizations can only be based on sites.

For a more detailed guide on how to create selections, see our FAQ: Creating and managing selections in Elvaco Evo.

B) Create a suborganization

A selection cannot be linked directly to a user; it must first be linked to a suborganization. To do this, navigate to Admin > Organizations and create a new organization where you link the relevant selection.

Read the full guide on how to create a suborganization here: How to create a new suborganization in EVO.

Step 2: Create a regular user

Once you have prepared for access, or if the user should have full access, you can create the user account. We strongly recommend using the invitation method for security reasons.

Method 1: Create a user via invitation (Recommended)

This is the most secure method because the user gets to create their own password.

1. Go to the Admin view.
   

    

2. In the left-hand menu, click Invitations and then Add invite.
   
    
3. Fill in the form with the user's Name, Email, and choose the Organization.
   • Limited access: Choose the suborganization you created in Step 1B. The user will then only have access to the meters in the linked selection.
   • Full access: Choose the main organization. The user will then have access to all meters that exist in the main organization. This is common in organizations that manage their own meters.
      
4. Choose the User role that best fits, for example, MVP user.
    
5. Choose the User language for the invitation.
   
6. Click Send with email. The user will then receive an invitation with a link to activate the account and create a password.

Method 2: Create a user directly

This method is less secure because you, as an administrator, must create and manage the password.

1. Go to the Admin view.
   
2. Click Users and then the Add user button.
   
3. Choose the Organization (either a suborganization for limited access or the main organization for full access) and fill in all other details, including an initial Password.
   
4. Click Save. You must then share the password securely with the user.

Create an API user

An API user is used to fetch data through software or third-party integrations.

Important: Do not use the "Invitations" feature

API users cannot be created via the "Invitations" tab. This is because an API user is not a physical person and therefore cannot set their own password or log in to the EVO web portal. The account must be created directly by an administrator under the Users tab.

How to create the account and retrieve your token

1. Navigate to the Admin view.
   
    
2. Click the Users tab (do not use "Invitations") and click the Add User button.
   
3. Enter a name for the service/integration and an email address.
    
4. Select the Role: Under User Roles, select the role MPV API user. Click Save.
   
    
5. Generate Token: Click on the newly created user in the list. Read and check the box to accept the terms and conditions. Click Save again.
   
    
6. Retrieve and Share: Your unique API token will now be visible. Copy it and share it with the person or service performing the integration. Handle this token as a sensitive credential.