Inviting users
Workspace admins invite users by email from Settings → Users. Specify branch, role, and optional team assignment. Invitees receive a link valid for seven days; resend or revoke pending invites anytime.
- 1
Add user
Enter work email and select branch plus role.
- 2
Optional SSO
If SSO is enabled, users in your domain auto-join on first login.
- 3
Confirm seat
Invitation consumes a seat upon acceptance.
Bulk invite
Upload a CSV with email, branch, and role columns for onboarding large teams after go-live.
Single sign-on
Enterprise plans support SAML 2.0 SSO with Okta, Azure AD, Google Workspace, and other identity providers. Configure ACS URL, entity ID, and attribute mapping in Settings → Authentication.
- Just-in-time provisioning creates users on first SSO login
- Group mapping assigns roles from IdP group membership
- Enforce SSO to disable password login for domain users
- SCIM provisioning available for automated deprovisioning
Seat licensing
Internal users consume seats per your subscription tier. Deactivated users free seats immediately but retain audit history attribution. External collaborators do not consume internal seats.
| State | Can log in | Counts toward seats |
|---|---|---|
| Active | Yes | Yes |
| Pending invite | No | No |
| Deactivated | No | No |
| External guest | Limited | No |
Offboarding
Deactivate users when employees leave. Reassign open tasks and owned shipments before deactivation. Orbex Data preserves their name on historical audit entries.
Revoke API keys
Offboarding includes revoking personal API keys. Service account keys require separate review.
User activity audit
Admins export user login history, permission changes, and failed authentication attempts from Settings → Audit. Retention aligns with workspace audit log policy.
