A Windchill user object identifies a user and is used when establishing group membership and policy rules for that user. It is stored in the Windchill database and holds user information for those users who have access to Windchill. This information includes the user name, the UFID associated with the user, the Windchill domain of the user, and administrative flags that are set if the object needs to be repaired or is disabled.

A Windchill user object is automatically created and persisted in the Windchill database the first time the user is selected from a search or the first time the user logs on to Windchill. In both of these cases, the corresponding directory service entry for the user already exists and is then referenced in the object that is created. As an administrator, you can also create, update, and delete users through the Participant Administration utility.

Windchill does not rely on the user object to authenticate users. Rather, the web server authenticates users and passes the authenticated user name to Windchill. The user's web server ID is then mapped directly to the user object that has a matching user name.

Windchill users are usually affiliated with an organization that is set through the directory service organization attribute (by default, "o"). If the organization attribute is not set, then the user is an unaffiliated user and cannot create products, libraries, projects, or programs. However, that user can be invited to a team by email or by selecting the Restricted Directory Search checkbox when creating or editing the organization. Users that have been invited to the team through one of these methods can do the same things within the product, library, project, or program as any other member.