The most common and obvious reason users exist are to have the means to access the Control Panel and manage the content of your site. But there is so much more a user can do, if you so desire.
The easiest way to create your first user is by running
php please make:user terminal command. After entering basic information, setting a password, and saying
yes to super user, you can log into the control panel at
You can also create users by hand in a YAML file if you’d prefer, or don’t have access to the command line. And don’t worry, the password field will automatically get encrypted as soon as Statamic spots it.
New User Invitations
When creating users in the Control Panel you can send email invitations to help guide those users into activating their accounts and signing in for the first time. You can even customize a lovely little welcome message for them.
Make sure to configure the email driver so those emails actually go out.
You’re more than welcome — encouraged even — to customize what fields and information you’d like to store on your users. For example, you could store author bios and social media links to be used in articles on your front-end.
To customize these fields, edit the included
user blueprint and configure it however you’d like. Just be sure to keep the required system fields:
||When using groups|
||When using roles|
A User by itself has no permission to access or change any aspect of Statamic. It takes explicit permissions for a user to access the control panel, create, edit, or publish content, create users, and so on.
Permissions are grouped into roles, and are very simple to manage in the Control Panel and are stored in
In turn, roles are attached directly to individual users or user groups.
Statamic’s native permissions:
|Access the Control Panel||
|Create, edit, and delete collections||
|↳ Edit entries||
|↳ Create entries||
|↳ Delete entries||
|↳ Publish entries||
|↳ Reorder entries||
|Create, edit, and delete structures||
|↳ View structure||
|↳ Edit structure||
|Edit global variables||
|View asset container||
|↳ Upload assets||
|↳ Edit assets||
|↳ Move assets||
|↳ Rename assets||
|↳ Delete assets||
|View available updates||
|↳ Perform updates||
|↳ Edit users||
|↳ Create users||
|↳ Delete users||
|↳ Change passwords||
|↳ Edit user groups||
|↳ Edit roles||
|View form submissions||
|↳ Delete form submissions||
Super Admin accounts are special accounts with access and permission to everything. This includes things reserved only for super users like the ability to create more super users. It’s important to prevent the robot apocalypse and this is an important firewall. We’re just doing our part to save the world.
User groups allow you to attach roles, include users, thereby assign all the corresponding permissions automatically. This approach is much simpler than assigning roles individually if you have a lot users.
User groups are stored in
Let’s face it. People forget their passwords. A lot, and often. Statamic supports password resets. For users with Control Panel access, the login screen (found by default at
example.com/cp) already handles this for you automatically.
You can also create your own password reset pages for front-end users by using the user:forgot_password_form tag.
The user will receive an email with a temporary, single-use token allowing them to set a new password and log in again.
Storing User Records
While users are stored in files by default — like everything else in Statamic — they can also be located in a database or really anywhere else. Here are links to articles for the different scenarios you may find yourself in.
- Storing Laravel Users in Files
- Storing Users in a Database
- Custom User Storage
- Using an Independent Auth Guard
In addition to conventional user authentication, Statamic also provides a simple, convenient way to authenticate with OAuth providers through Laravel Socialite. Socialite currently supports authentication with Facebook, Twitter, LinkedIn, Google, GitHub, GitLab and Bitbucket, while dozens of additional providers are available though third-party Socialite Providers.
Learn how to configure OAuth on your site.