User & auth management

Updated June 2026

Dousen has two planes, each with its own users and roles. Knowing which plane you are working in tells you how to add people, what role they get, and how they sign in.

The two planes

PlaneWhat it managesRoles
Cloud control planeStudios/orgs and billing.owner, admin, member
Studio instanceWhat artists actually sign into day to day.admin, producer, artist

Access checks on the studio instance are effectively admin vs non-admin. When a cloud user signs into their studio, an owner or admin becomes an instance Admin; everyone else becomes an Artist.

How people sign in

A studio instance supports three sign-in modes:

Browser sign-in

From the desktop app, sign-in can open the browser and use a secure OAuth flow (PKCE). A user who belongs to more than one studio gets a "choose a studio" picker before landing in their instance.

Sessions & tokens

Sessions are handled automatically — there is little for an admin to manage day to day:

Creating users

This is the part that differs most between the two planes.

Cloud studio (control plane)

You invite people; they set their own password.

  1. An owner or admin sends an email invite — POST /api/orgs/:id/invites.
  2. The invitee clicks the link and sets their own password — POST /api/invites/accept.
  3. Review who hasn't accepted yet with GET /api/orgs/:id/invites.

On a cloud studio the admin never sets a member's password — the invite flow puts that in the invitee's hands.

Self-hosted studio instance

There is no invite flow. An admin creates the user directly in the portal.

ActionEndpoint
Create a userPOST /portal/users
Change a user's rolePUT /portal/users/:id/role

Creating a user takes an email, display name, password, and role. The admin sets the initial password, or uses "send reset" to email the user a reset link instead.

Seats & plans

Each plan includes a default seat count:

PlanDefault seats
Trial5
Starter25
Pro100
Enterprise500

Seat limits are enforced when creating or inviting users and again at sign-in — going over the limit is refused. The studio instance sends a daily license heartbeat to the control plane:

Admin guards

In the studio portal, management pages require an admin role — non-admins are redirected to their own account page. Every user, regardless of role, can always manage their own account, profile, password, and active sessions.

Admin does / System does automatically

TopicAdmin doesSystem does automatically
org/tenant setupCreate the org and choose a plan.Provisions the studio instance and applies the seat count.
cloud membersSend invites; assign owner/admin/member.Lets invitees set their own password; maps owner/admin to instance Admin, others to Artist.
instance usersCreate users in the portal; set initial password or send reset; set role.Auto-provisions directory users on first login.
seatsStay within plan limits; upgrade when needed.Enforces limits, warns on overage, suspends after three days, auto-reactivates.
sessionsNothing routine.Refreshes tokens, rotates refresh tokens, enforces single-device sign-in.