Manage teams and roles
Invite members, assign roles, create groups, and configure SSO for your workspace.
-
1 Invite members
Use
invite_uservia MCP or the workspace settings UI to add new members. Each invite sends an email with a link to join.// Invite a new member invite_user: { "workspace_id": "...", "email": "new@example.com", "role": "member" } -
2 Assign roles
Four roles control access: owner, admin, member, and viewer. Each has different permissions across the workspace.
// Promote a member to admin update_member_role: { "workspace_id": "...", "email": "user@example.com", "role": "admin" } -
3 Create groups
Organize members into groups like "Backend team" or "QA". Groups make it easy to assign work and filter views.
// Create a team group create_group: { "workspace_id": "...", "name": "Backend team", "description": "Backend engineers" } -
4 Set up SCIM provisioning
Connect your identity provider (Okta, Azure AD, Google Workspace) to automate user provisioning and deprovisioning via SCIM. Members are created and removed in sync with your IdP.
-
5 Configure OIDC SSO
Set up single sign-on via Zitadel (built-in) or connect your own IdP. Members authenticate through your SSO provider instead of email and password.
Role permissions
- Owner — full access including billing, workspace deletion, and member management.
- Admin — manage members, settings, projects, and workflows. Cannot delete the workspace.
- Member — create and edit tickets, documents, and comments. Cannot manage members.
- Viewer — read-only access to all workspace content.
- Removing a member deactivates their access but preserves their history in the audit trail.
Next steps
- Set up a project — create projects for your team to work on
- GDPR compliance — manage data exports and account deletion