Users Explorer: Manage Supabase Auth Users Visually

Manage your Supabase Auth users through a visual interface. View user details, reset passwords, suspend accounts, and grant admin access.

The Users Explorer provides a visual interface for managing Supabase Auth users. View user profiles, reset passwords, suspend accounts, and manage who has admin access to Supamode.

Key capabilities:

Search and filter users by email, name, or metadata
View user details including sign-in history
Perform administrative actions (reset password, suspend, delete)
Grant or revoke Supamode admin access
Create new users without sending verification emails

Users Explorer showing list of all users with search and filters

Accessing Users Explorer

Navigate to Users in the sidebar. This is typically the default landing page when you open Supamode.

Users appear based on your permissions. You may see all users or a filtered subset depending on your role configuration.

User List

The Users Explorer displays Supabase Auth users with key information:

Column	Description
Email	User's email address
Created	When the account was created
Last Sign In	Most recent authentication
Status	Active, banned, or unconfirmed

Searching Users

Use the search bar to find users by:

Email address
User metadata (name, phone, etc.)

Search is case-insensitive and supports partial matches.

Filtering Users

Filter the user list by status:

All: Show all users
Active: Users who can sign in
Banned: Suspended users
Unconfirmed: Users who haven't verified their email

User Details

Click any user to view their full profile:

The detail page shows:

Authentication Info

Email and email verification status
Phone and phone verification status
Last sign-in timestamp
Account creation date

User Metadata

user_metadata: User-editable profile data
app_metadata: Application-controlled data (including supamode_access)

Identity Providers

Linked OAuth providers (Google, GitHub, etc.)
Email/password authentication status

Administrative Actions

The Users Explorer supports several actions on non-admin users:

Creating Users

Click Create User to add a new user:

Enter email address
Set a password
Optionally add user metadata
Choose whether to send a confirmation email

Creating without email confirmation is useful for:

Importing existing users
Creating test accounts
Onboarding users manually

Resetting Passwords

Send a password reset email:

Open the user's detail page
Click Send Password Reset
User receives an email with a reset link

Alternatively, use Update Password to set a new password directly without emailing the user.

Suspending Users

Temporarily disable a user's account:

Open the user's detail page
Click Suspend User
Confirm the action

Suspended users cannot sign in but their data remains intact. Use Unsuspend to restore access.

Deleting Users

Permanently remove a user:

Open the user's detail page
Click Delete User
Confirm the action

Delete is Permanent

Deleting a user removes their Supabase Auth record. This cannot be undone. Related data in your application tables (if any) is not automatically deleted.

Sending Magic Links

Send a passwordless sign-in link:

Open the user's detail page
Click Send Magic Link
User receives an email with a one-time sign-in link

Useful for users who forgot their password or prefer passwordless authentication.

Managing Admin Access

The Users Explorer is where you grant users access to Supamode itself.

Making a User an Admin

Find the user in the Users Explorer
Open their detail page
Click Make Admin
Assign them a role

This action:

Sets supamode_access: true in their app_metadata
Creates a Supamode account linked to their auth user
The user can now sign in to Supamode

Role Required

After making someone an admin, you must assign them a role. Without a role, they can access Supamode but cannot see or do anything.

Removing Admin Access

Open the admin user's detail page
Click Remove Admin Access
Confirm the action

This:

Sets supamode_access: false in their app_metadata
Marks their Supamode account as inactive
They can no longer access Supamode

The user can still sign in to your main application (if applicable).

Protected Accounts

Supamode accounts are protected from destructive actions through the Users Explorer:

Cannot delete users who have Supamode accounts
Cannot suspend Supamode admins

This prevents accidentally locking out administrators. To delete a Supamode admin:

First remove their admin access (or delete their Supamode account in Settings > Members)
Then delete the user through Users Explorer

Required Permissions

Actions require specific system permissions on the auth_user resource:

Action	Required Permission
View users	`System > Auth User > Select`
Edit user metadata	`System > Auth User > Update`
Delete users	`System > Auth User > Delete`
Suspend/unsuspend	`System > Auth User > Update`
Reset password	`System > Auth User > Update`
Send magic link	`System > Auth User > Update`
Create users	`System > Auth User > Insert`
Invite users	`System > Auth User > Insert`

Configure these in Roles and Permissions.

Users vs Members

Supamode has two related but distinct concepts:

Concept	Location	Purpose
Users	Users Explorer	Supabase Auth users (authentication)
Members	Settings > Members	Supamode accounts with roles (authorization)

A Supabase user might exist without being a Supamode member. They can sign in to your app but cannot access Supamode.

A Supamode member must have a corresponding Supabase user. The "Make Admin" action creates this link.

Frequently Asked Questions

What's the difference between Users Explorer and Settings > Members?

Users Explorer manages Supabase Auth users (who can authenticate). Settings > Members manages Supamode accounts (who can access Supamode and with what permissions). A user must exist in Supabase Auth before they can become a Supamode member.

Can I bulk import users?

The Users Explorer doesn't support bulk import. Use Supabase's Admin API, pg_restore, or custom scripts to create multiple users. After import, manage them individually through Supamode.

Why can't I delete certain users?

Users with active Supamode accounts are protected from deletion. This prevents accidentally removing administrators. First remove their Supamode account in Settings > Members, then delete the auth user.

How do I create a user without sending an email?

Click Create User, fill in the details, and uncheck 'Send confirmation email'. The user is created with the password you specify. They won't receive any notification.

Can I see when a user last signed in?

Yes. The user detail page shows last_sign_in_at from Supabase Auth. This updates on each successful authentication through any method (password, OAuth, magic link).

How do I transfer admin ownership?

Create a new admin with a high-rank role (like Root), verify they can access everything needed, then remove admin access from the previous owner. Never leave your application without at least one active admin.