How to create and manage External users in PWSLab?

How to create and manage External users in PWSLab?


In cases where it is desired that a user has access only to some internal or private projects, there is the option of creating External Users in PWSLab. This feature may be useful when for example a Freelancer/Part-time resource is working on a given project and should only have access to that project.

External users

  1. Cannot create groups, projects, or personal snippets.
  2. They can only access projects to which they are explicitly granted access, thus hiding all other internal or private projects from them.
Access can be granted by adding the user as a member to the project or group. They will, like usual users, receive a role in the project or group with all the abilities like a regular user. For example, if an external user is added as Guest, and your project is private, they will not have access to the code; you would need to grant the external user access at the Reporter level or above if you want them to have access to the code. You should always take into account the project’s visibility and permissions settings as well as the permission level of the user.
Note: External users have a discounted license pricing as compared to a regular user in PWSLab. Learn more about the Billing policy.

An administrator can flag a user as external by following the method below:
Navigate to the Admin Area > Overview > Users to create a New user or edit an existing one. There, you will find the option to flag the user as external.

Automatically setting new users to external

By default, new users are not set as external users. This behavior can be changed by an Administrator on the Admin Area > Settings > General page, under Account and limit.

If you change the default behavior of creating new users as external, you will have the option to narrow it down by defining a set of internal users. The internal users field allows specifying an email address regex pattern to identify default internal users. New users whose email address matches the regex pattern will be set to internal by default rather than an external collaborator.

The regex pattern format is Ruby, but it needs to be convertible to JavaScript, and the ignore case flag will be set (/regex pattern/i). Here are some examples:
  1. Use \@company\.com$ to mark email addresses ending with @companycom as internal.
  2. Use ^(?:(?!\@company\.com).)*$\r? to mark users with email addresses NOT including as internal.
You can validate the regex pattern for Ruby here at

Have more questions? Please email us at
Also, let us know if the article is helpful!

    • Related Articles

    • PWSLab External User License Policy

      Introduction The External User License Policy is primarily for the benefit of customers who want to add temporary External users in PWSLab. This is offered because we don’t want you to follow a cumbersome or inefficient way of accepting external code ...
    • List of PWSLab CI/CD Environment Variables

      Introduction This document enlists a set of pre-defined environment variables accepted by PWSLab CI/CD for the local environment of the Runner. These can be referenced directly in the .pwslab.yml file or via the Project's Settings > CI/CD > ...
    • How to create a New Project in PWSLab?

      Create a project To create a project in PWSLab: In your dashboard, click the green New Project button or use the plus icon in the navigation bar like below. This opens the New Project Page. On the New project page, choose if you want to: Create ...
    • Mirroring PWSLab Repositories to GitHub, Bitbucket and GitLab or any Git repositories

      Introduction Repository mirroring allows for mirroring of repositories to external sources. It can be used to mirror branches, tags, and commits between repositories. A repository mirror at PWSLab will be updated automatically. You can also manually ...
    • Google OAuth2 OmniAuth Provider for PWSLab Signin/Signup

      To enable the Google OAuth2 OmniAuth provider you must register your application with Google. Google will generate a client ID and secret key for you to use. Enabling Google OAuth In Google’s side: Navigate to the cloud resource manager page ...