Knowledge BaseKnowledge Base

Inviting a User

Add team members to your Wazzi org, with the right role from the start.

April 25, 2026
6 min read

Path: Access → Users · URL: /users

What this page does

The Users page is the membership roster for your Wazzi org. Anything that requires signing in to Wazzi — viewing the dashboard, configuring connectors, calling MCP tools through Claude / ChatGPT / Cursor — happens through a user account, and every account is created here.

There are two roles you can assign at invite time:

  • Administrator. Full access to everything in the org — every page, every connector, every Center, every setting. Administrators bypass access groups and permissions entirely. Use this role for the people who own your Wazzi setup itself: typically a founder, ops lead, or platform admin.
  • User. A regular team member. By default a User has no access at all — their sidebar is blank when they sign in until you add them to an access group with the right permissions. This is intentional: Wazzi is least-privilege by default.

Why default to no access? Because the alternative — every new hire seeing every customer record, every credential, every audit log on day one — is a real security problem. Wazzi treats new Users as opt-in to specific surfaces, not opt-out from everything. The few minutes it takes to set up an access group pays back the first time someone leaves the company.

When to use which role

Situation Role Notes
Founder / ops lead setting up Wazzi Administrator They need to invite others, set up connectors, manage billing.
Customer-facing employee using MCP tools User Add them to a per-team group (Sales, Support, etc.).
Read-only auditor (security, compliance, finance) User Add to a "Read-only Auditor" group with read perms but no create or update.
Contractor or vendor with limited access User Build a tightly-scoped group; remove them from it when the engagement ends.
Backup admin / second pair of hands during incidents Administrator Cap the number — usually 2 or 3 admins is enough.

The reason to be careful with Administrator is that you can't scope it. There's no "almost-admin." If you want someone to manage connectors but not billing, that's a User in a group with the right permissions — not an Admin.

Inviting your first user

1. Open the dashboard and click Access → Users in the left sidebar.

You'll see the Users table for your org. Brand-new orgs typically only show the person who created the org.

Users page showing the list of members in your organization

The columns:

  • Name — display name in Wazzi.
  • Email — used for sign-in (single sign-on or magic link).
  • Slack — the user's Slack ID, if you've connected the Slack workspace.
  • Role — Administrator or User.
  • StatusActive (signed in at least once) or Pending (invite sent, not yet accepted).
  • Created — when the invite was sent.

2. Click Invite user in the top-right of the Users page.

3. Fill in the user's email, first name, last name, and role.

Invite user form with email, first name, last name, and role fields

A few things to keep in mind:

  • First and last name are required. Wazzi uses them in audit logs, the user picker, and the in-app @-mention experience. If you don't know a contractor's last name, use a placeholder like (Vendor) and ask them to update it on first login.
  • Email must be unique within your org. If the email is already in use you'll see a validation error — usually because you're trying to re-invite someone who's already in the org. Use the search bar to find the existing user.
  • Role defaults to User. Leave it as User unless you specifically want an Administrator.

4. Click Create User.

You'll get a confirmation toast and Wazzi sends the invite email. The new user shows up in the Users table — they'll be marked Active once they accept the invite and complete sign-in.

What the invited user receives

Wazzi sends a one-click invite email containing a magic link. The link is good for 7 days. When they click it they'll be prompted to authenticate via your org's SSO (Google, Microsoft, etc.) or set up a password if SSO isn't configured.

If the invite has expired, head back to Access → Users, click the user's row, and resend the invite from their detail page.

Editing or removing a user

Click any user's row to open their detail page. The Details tab lets you change their name and role:

User detail page showing the Details tab with editable name and role fields

The Access Groups tab shows which groups they currently belong to:

User detail page showing the Access Groups tab with current group memberships

From the Access Groups tab, click Add to Access Group to assign the user to one or more groups in a single action:

Dialog for adding a user to one or more access groups

Click Save Changes at the bottom of the form to commit any edits.

Removing a user. Wazzi prefers deactivation over deletion. Deactivating a user (toggle on the Details tab) immediately revokes their access but preserves their audit trail. Hard deletion is reserved for cases where personal data must be erased (GDPR / CCPA right-to-be-forgotten). Talk to your Wazzi administrator if you need that flow.

Troubleshooting

  • "Email already in use" when inviting. Someone with that email is already in the org. Search the Users table or check if the user is Pending — if so, you can resend their existing invite instead of creating a new one.
  • The user accepted the invite but their sidebar is empty. That's expected if they're a regular User and haven't been added to any access group with permissions. See Creating an Access Group and Managing Permissions.
  • "Invite expired" on the user's side. Re-open their detail page and click Resend invite. Magic links are valid for 7 days.
  • The user got promoted to Administrator but still can't see something. Refresh their browser. Wazzi caches the session token; promoting to Admin requires a token refresh, which typically happens within a minute, but you can force it by signing out and back in.
  • Wrong name in audit logs. First/last name changes are reflected in future events; existing audit log entries keep the historical name. That's by design — the audit log is immutable. See Reading the Audit Log.

Frequently asked questions

Can I bulk-invite users?
Not from the UI right now — invite them one at a time. If you have a list of dozens, contact your Wazzi administrator about the bulk-invite endpoint.

What happens if I delete the only Administrator?
Wazzi prevents this. There must always be at least one active Administrator. To replace your only Admin, promote someone else first, then deactivate the old one.

Can a user belong to my org and another Wazzi org with the same email?
Yes. Each user account is per-org. The same email can sign into multiple orgs and switch between them via the org switcher in the top bar.

Does deactivating a user revoke their MCP tokens?
Yes — immediately. Any AI tool that was using their MCP URL will start getting 401 Unauthorized on the next call.

What's next

  • If you invited a regular User, the next thing they need is an access group with permissions. Read Creating an Access Group.
  • To understand exactly what permissions exist before you create groups, jump to Managing Permissions.
  • If you invited an Administrator, you're done — they can sign in and use everything.

Was this article helpful?