User Management
Manage who has access to your workspace and what they can do.
Users
Users are workspace-level accounts with email + password authentication. Each user has a role (determines permissions).
Inviting Users
Administrators can invite new users:
- Navigate to Settings → Manage Users
- Click Invite User
- Enter the user's email, and select a role
- An invitation email is sent to the user with a signed link
- The user clicks the link, sets their name and password, and verifies their email
The invitation link expires after a set duration. If expired, an administrator can resend the invitation from the user's edit screen.
Updating Users
Users can update their own profile (name, email, password). Administrators can update any user's email, and role.
Deleting Users
Users can be soft-deleted:
- Deleted users can be restored within a recovery window
- Deleting a user invalidates their API tokens
- The user's remaining data (comments, activity) is preserved for audit purposes
Restoring Users
Deleted users can be restored from the user listing using the restore option. This reactivates the user account.
Roles
Every user has exactly one role. Four roles are available:
| Role | Capabilities |
|---|---|
| Admin | Full access — manage users, verifications, webhooks, billing, settings, and all reviews |
| Supervisor | Manage verifications, perform manual and supervisor reviews, view reports |
| Reviewer | Perform manual reviews on assigned verifications, view verification details |
| Read-Only | View verifications, reports, and dashboards — no create/update/delete actions |
Account Lockout
Users are locked after exceeding the maximum allowed failed login attempts.
- Locked users see a lockout message when attempting to log in
- The lockout automatically expires after a set duration
- Administrators can manually unlock accounts from the user edit screen using the Unlock action