When my coworker started using my OpenClaw instance, I discovered that multi-user wasn’t just a configuration checkbox. It was a redesign of how the agent thinks about context, permissions, and privacy.
The moment I realized this: my coworker asked the agent to check on “the project,” and the agent pulled up my personal project — not the team project they meant. The agent had one context, one memory, and no concept that different users might have different projects with the same name.
Setting up multi-user properly took me three attempts. Here’s what I learned.
Attempt 1: Shared Everything
My first approach: both of us use the same agent with the same configuration. Easy setup. Terrible in practice.
Problems:
– The agent confused our contexts (“You mentioned wanting pizza for dinner” — that was my coworker, not me)
– Permissions were identical (my coworker could see my personal automations and vice versa)
– Memory was shared (anything one person told the agent, the other person could access)
– Cron jobs ran for both of us regardless of relevance
This works if you have zero privacy requirements and identical use cases. In practice, nobody has zero privacy requirements.
Attempt 2: Separate Instances
My second approach: each user gets their own OpenClaw instance running on the same server. Complete isolation. No shared context.
Problems:
– Double the resource usage (two processes, two sets of memory)
– No shared knowledge (we had to tell both agents about team processes separately)
– Duplicated configuration (any change had to be made twice)
– Skills installed twice, updated twice, maintained twice
This works if users are completely independent. But we share a team, work on the same projects, and need some level of shared context.
Attempt 3: What Actually Works
The solution: one instance with user-scoped sessions and shared-but-separated memory.
User sessions. Each user has their own session with their own conversation history and context. When I message the agent, it loads my context. When my coworker messages it, it loads their context. No cross-contamination.
Scoped memory. Three memory scopes:
– Personal scope: only visible to the owning user (preferences, personal projects, private notes)
– Team scope: visible to everyone (team processes, shared project details, group decisions)
– Global scope: system-level information (server addresses, tool configurations)
When I tell the agent about my personal project, it goes to my personal scope. When I tell it about the team’s deployment process, it goes to the team scope.
Role-based permissions. I’m the admin — I can configure the system, manage skills, and access all scopes. My coworker is a standard user — they can use the agent and manage their own personal scope but can’t change system configuration.
Setting It Up
Step 1: Configure user authentication. Each messaging platform has its own user identification. Discord uses user IDs, Slack uses member IDs, Telegram uses user IDs. OpenClaw maps these to internal user identities.
Step 2: Set up session isolation. Configure OpenClaw to maintain separate sessions per user. Each session has its own conversation history and context window.
Step 3: Configure memory scopes. Define which scopes exist (personal, team, global) and the default scope for new memories. I default to personal scope — everything is private unless explicitly shared.
Step 4: Set permissions. Define what each user role can do. Standard users: interact with the agent, manage personal memory, use approved skills. Admins: everything plus system configuration and access to all scopes.
The Gotchas
Shared cron jobs. A cron job that posts a morning briefing — should it run per user or once for everyone? The answer depends on the job. Morning briefings are personal (different calendars, different priorities). Server health checks are shared (same servers for everyone). Configure each job with the appropriate scope.
Skill permissions. Some skills are appropriate for everyone (web search, summarization). Some are admin-only (server management, system configuration). Review each skill’s capabilities and assign it to the appropriate permission level.
Memory conflicts. Two users might save contradictory information to the team scope. “We use PostgreSQL” and “We’re migrating to MySQL.” The agent doesn’t automatically reconcile these — it stores both and might surface either one. Regular memory review catches these conflicts before they cause confusion.
Cost attribution. With multiple users sharing one API key, individual cost tracking becomes important. Without it, one user’s heavy usage is subsidized by everyone else’s budget. I added per-user cost tracking to my monitoring dashboard.
Scale Considerations
This setup works well for 2-5 users. At that scale, manual memory management is practical, permission setup is manageable, and a single OpenClaw instance handles the load.
For larger teams (10+ users), you’ll want: automated memory scope management (instead of manual), more granular role-based access control, load balancing across multiple instances, and a proper admin dashboard for user management.
I haven’t needed to scale beyond 5 users, so I can’t speak to the details of larger deployments. But the core architecture (isolated sessions, scoped memory, role-based permissions) should scale if the infrastructure does.
🕒 Last updated: · Originally published: February 1, 2026