Managing Users
This page covers the full lifecycle of a user account from an administrator's point of view: creating a user, understanding the account statuses, suspending and reactivating, unlocking, assigning an organization role, and deleting.
Where to find it: Users (the Users & Permissions area).
:::note Who can manage users Managing users is an organization-wide action governed by the org role. The Admin role can do everything described here; the People Manager (HR) role manages users, roles, and assignments as part of its HR scope. See the RBAC matrix. :::
Creating a user
Open Users → New User and provide:
| Field | Required | Notes |
|---|---|---|
| Yes | Must be unique. Stored lowercase. This becomes the person's login identity. | |
| First name | Yes | 2–100 characters. |
| Last name | Yes | 2–100 characters. |
| Phone | No | International format, e.g. +91 9876543210. |
| Organization role | No | The single org role to assign (can also be set later). |
| Department | No | The department the user belongs to. |
| Send invitation | No | When on (default), an invitation email is sent immediately. |
What happens on creation
- A newly created user starts in the
DISABLEDstatus — they exist in the system but cannot log in yet. - If Send invitation is enabled, an invitation email goes out and the user moves to
INVITED. - The user sets their own password by accepting the invitation, at which point they become
ACTIVE. See Invitations for that flow.
As an administrator you never set a user's password directly — the user sets it themselves through the invitation link.
User statuses
A user account is always in exactly one of these statuses:
| Status | Can log in? | Meaning |
|---|---|---|
| DISABLED | No | New account, not yet invited. The default on creation. |
| INVITED | No | Invitation sent, awaiting acceptance. |
| ACTIVE | Yes | Verified and active. The normal working state. |
| SUSPENDED | No | Temporarily blocked by an administrator. |
| LOCKED | No | Auto-locked after too many failed sign-in attempts. |
| UNVERIFIED | No | Email address not yet verified. |
Status lifecycle
Suspending and reactivating
To suspend a user (for example, an employee on leave or under review), open the user and change their status to SUSPENDED, optionally recording a reason. A suspended user cannot sign in until an administrator changes them back to ACTIVE.
Reactivation is the reverse: set a SUSPENDED user back to ACTIVE and they regain access immediately, with the password they already had.
Unlocking a locked account
A user who exceeds the failed-login limit is automatically moved to LOCKED for a cooldown period (see Authentication Flows for the exact limits). The account recovers when the lockout window expires, or an administrator can clear the lock sooner by setting the user back to ACTIVE.
Guardrails on status changes
The system enforces a few safety rules so you cannot accidentally lock the organization out of itself:
- You cannot change your own status. This prevents an admin from accidentally disabling their own access.
- You cannot deactivate the only Admin. The organization must always have at least one active Admin.
If you hit one of these, the system returns a clear error and the change is blocked.
Assigning an organization role
Each user has exactly one organization role. You can set it during creation or change it later from the user's detail page. Changing the role:
- replaces the previous org role (a user is never assigned two org roles); and
- is recorded in the audit log, showing the previous and new role.
For what each role grants, see Organization Roles. To grant subproject-scoped permissions on top, see Subproject Roles.
Editing a user
From the user's detail page you can update their name, phone, department, and org role. The email address — the login identity — is fixed once the account exists.
Deleting a user
Users are soft-deleted — the record is retained (marked with a deletion timestamp) for audit purposes rather than physically removed, so historical activity stays attributable. The following guardrails apply:
- You cannot delete your own account.
- You cannot delete the only Admin. There must always remain at least one Admin.
:::caution Suspend instead of delete when in doubt If a person might return, prefer suspending their account over deleting it. Suspension is fully reversible and keeps their role and assignments intact. :::
Related pages
- Invitations — the invitation/acceptance flow that activates a user.
- Organization Roles — what each org role can do.
- Subproject Roles — adding subproject-scoped permissions.
- Authentication Flows — sign-in, lockout, and verification details.