User Management
Manage the people in your organization — invite new members, create accounts directly, assign roles, and control access. This is the Members tab of Org Settings.
Overview
User management lets you:
- View every member of your organization with their role, availability, and status
- Invite a new member by email, or create an account directly with a temporary password
- Assign each member a role from your RBAC role set
- Edit a member's profile (name, email, phone)
- Reset a member's password or multi-factor authentication (MFA)
- Disable a member's access (reversible) or permanently remove them
- Review a member's recent login activity
Member management actions — inviting, creating, editing, changing roles, disabling, and removing members — require the Owner or Admin role. The server rejects these actions for standard members.
Navigate to Settings → Members
Open Org Settings from the Admin section of the sidebar (/settings), then select the Members tab.
Members list
The members table shows the following columns:
| Column | Description |
|---|---|
| User | Avatar, display name, and email |
| Role | The member's assigned role badge |
| Availability | Current availability (Available, On-call, or Unavailable), based on schedules and on-call rotations |
| Status | Active or Disabled |
| Joined | The date the member joined the organization |
Searching and filtering
- Use the Search members… box to filter by name or email.
- Use the Show toggle to filter by availability: All, Available, or Unavailable.
There is no separate role or status filter — use the search box and availability toggle to narrow the list.
Adding people
There are two ways to add someone, available from the buttons at the top of the page.
Invite User
Sends an email invitation. The person sets up their own account when they accept.
- Click Invite User.
- Enter the Email Address.
- Choose a Role (the Owner role cannot be assigned here).
- Click Send Invitation.
Pending invitations appear in a Pending Invitations card below the members list, showing the Email, Role, and Expires date. Invitations expire 7 days after they are sent. To revoke an invitation before it is accepted, click the trash icon next to it.
Create User
Creates an account immediately and returns a one-time temporary password for you to share.
- Click Create User.
- Enter the Full Name and Email Address.
- Choose a Role (the Owner role cannot be assigned here).
- Click Create User.
- Copy the Temporary Password shown in the confirmation dialog — it is displayed only once. Share it securely with the new user, who should change it after their first login.
If the email already belongs to an active user elsewhere in the system who is not yet in your organization, they are added directly and can sign in with their existing credentials (no temporary password is shown). If the email is already a member, the action is rejected.
Roles
Roles come from your organization's RBAC role set, including the built-in Owner, Admin, and Member roles plus any custom roles you have defined. Each role's color and description (if set) appear in the role picker. The Owner role is never offered when inviting, creating, or changing a member.
To change a member's role:
- From the list: open the row's ⋯ menu and choose Set as <role>, or
- From the detail view: open the member, go to the Security tab, pick a role under Change Role, and click Update.
Role changes take effect immediately.
For defining roles and the permissions attached to them, see Roles & Permissions under the Admin section of the sidebar (/admin/rbac).
Member details
Click View / Edit in a member's ⋯ menu (or select the member) to open the detail dialog, which has three tabs.
Profile tab
Shows the member's email, phone, authentication method, last login, joined date, and account-created date. If the member is disabled, a banner shows when and by whom. Click Edit Profile to change the member's Full Name, Email Address, and Phone Number. The Owner's profile cannot be edited here.
Security tab
| Section | What it does |
|---|---|
| Role | Change the member's role and permissions (not shown for the Owner). |
| Multi-Factor Authentication | Shows whether MFA is enabled and which methods are registered. When the member has MFA enabled, Reset MFA clears it — the member is logged out of all sessions and must set up MFA again. |
| Password | For password-based accounts, Reset Password generates a new temporary password (shown once) and logs the member out of all sessions. |
Activity tab
Lists the member's Recent Login Activity, including the action, success or failure, failure reason, IP address, and timestamp.
Disabling and removing members
Open a member's ⋯ menu (available for non-Owner members) to manage access.
Disable access
Disable Access is a reversible soft-disable: the member can no longer sign in, but their data and audit history are preserved. The list shows them with a Disabled badge. Choose Enable Access to restore their login. You cannot disable your own account.
Remove
Remove permanently deletes the member from the organization. Prefer Disable Access when in doubt, to preserve audit history.
The Owner account cannot be disabled or removed.
Seats and billing
If your organization has an active Stripe subscription, the subscription's seat quantity is updated automatically when you add or remove members, and Stripe prorates the change. Organization Owners and Admins are notified of seat changes. Organizations without a subscription can still add and remove members freely — no hard seat cap blocks the action.
Best practices
- Use the least-privileged role. Assign Admin sparingly and keep most staff on Member or a tailored custom role.
- Disable before removing. Disabling preserves the member's audit trail; removal is permanent.
- Share temporary passwords securely. They are shown only once — copy and deliver them through a secure channel, and have the user change theirs at first login.
- Reset MFA only when needed. Resetting MFA logs the member out and requires them to re-enroll.