User Management
Manage your team members, control access levels, and configure user permissions. All QuivaWorks plans include unlimited users at no additional cost.Adding Users
Invite team members to collaborate on your QuivaWorks account.1
Navigate to Users
Go to Account Management → Users
2
Click Invite
Click the “Invite” button
3
Enter User Details
- Email address - Where the invitation will be sent
- First and last name
- Role - Select appropriate access level
4
Send Invitation
Click “Invite” to send the invitation email
Unlimited Users: All plans include unlimited users at no extra cost. Add as many team members as you need.
User Roles
Choose the appropriate role based on what each user needs to do:Root
Admin
Billing
Developer
Monitor
Managing Users
Updating User Roles
Only Root and Admin users can change roles.1
Navigate to Users
Go to Account Management → Users
2
Select User
Click on the user’s email address
3
Change Role
Select the new role from the dropdown
4
Confirm
Click “Update Role”
- You cannot change your own role
- Admins cannot modify Root user roles
- Admins cannot assign the Root role
Suspending Users
Temporarily restrict access without deleting the account:1
Find User
Navigate to Account Management → Users and click on user’s email
2
Suspend
Click the dot menu (⋮) → “Suspend”
3
Confirm
Confirm the suspension
- User cannot log in
- All active sessions are terminated
- User resources remain in the account
- Can be reactivated by an Admin at any time
- Employee on extended leave
- Temporary contractor work completed
- Investigating potential security issue
- Pending account transfer
View suspended users by filtering for “Suspended” status in user management.
Terminating User Sessions
Force a user to log out from all devices:1
Find User
Navigate to Account Management → Users and click on user’s email
2
Logout
Click the dot menu (⋮) → “Logout”
3
Confirm
Confirm to terminate all sessions
- User reports device stolen
- Suspected unauthorized access
- User forgot to log out on shared computer
- Troubleshooting access issues
Users can also manage their own sessions in their personal settings.
Deleting Users
Permanently remove a user from your account:1
Find User
Navigate to Account Management → Users and click on user’s email
2
Delete
Click the dot menu (⋮) → “Delete”
3
Confirm
Confirm the deletion
Recovery Codes
Admins can issue or view recovery codes for users who have enabled MFA.Issuing New Recovery Codes
1
Find User
Navigate to Account Management → Users and click on user’s email
2
Issue Codes
Click the dot menu (⋮) → “Issue new recovery codes”
3
Confirm
Click “I Am Sure” in the dialog
4
Save Codes
Download, print, or copy the codes securely
When recovery codes are issued or viewed, the user receives a “Security Codes Viewed” email notification to alert them of the access.
Viewing Existing Codes
1
Find User
Navigate to Account Management → Users and click on user’s email
2
View Codes
Click the dot menu (⋮) → “View recovery codes”
Resource Sharing
All resources (agents, flows, MCP servers) are shared across your entire account. All team members can access resources based on their role permissions.
- Resources are organized into collections within flows
- Access is controlled by role, not by who created the resource
- When a user is deleted, their resources remain accessible to the team
- No per-user resource ownership or isolation
- Root/Admin: Full access to all resources
- Developer: Can create, modify, and delete all resources
- Monitor: Can view all resources (read-only)
- Billing: Cannot access resources
Best Practices
User Lifecycle Management
Onboarding New Users
Onboarding New Users
When adding new team members:
- Create account with appropriate role
- Send invitation email
- Verify they receive and accept invitation
- Confirm they enable MFA (required for Admin/Root)
- Provide onboarding documentation
- Review access after first week
Regular Access Reviews
Regular Access Reviews
Monthly reviews:
- List all active users
- Verify each user still needs access
- Check for unused accounts (no recent activity)
- Confirm roles are still appropriate
- Comprehensive audit of all permissions
- Review role assignments
- Update access based on job changes
- Document why each elevated role is needed
Offboarding Process
Offboarding Process
When users leave your organization:Immediately:
- Suspend the user account
- Terminate all their sessions
- Who left and when
- What resources they managed
- Who took over their responsibilities
Security for Elevated Roles
Security for Elevated Roles
Mandatory for Root and Admin:
- Enable MFA immediately
- Use passkeys when possible
- Store recovery codes in password manager
- Use strong, unique passwords
- Review sessions monthly
- Enable MFA
- Use password manager
- Review active sessions regularly
Role Assignment Guidelines
- Small Teams (2-5)
- Growing Teams (6-20)
- Large Orgs (20+)
Typical structure:
- 1 Root (founder/owner)
- 0-1 Admin (if needed)
- 2-4 Developers
Troubleshooting
User didn't receive invitation email
User didn't receive invitation email
Solutions:
- Check spam/junk folder
- Verify correct email address was entered
- Click “Resend Invitation” in user management
- Try different email address if corporate email blocks it
- Ask user to check email filters/rules
Can't change a user's role
Can't change a user's role
Common causes:
- You don’t have Admin or Root role
- Trying to change your own role (not allowed)
- Admin trying to change Root user (not allowed)
- Admin trying to assign Root role (not allowed)
Suspended user still has access
Suspended user still has access
Why this happens:Active sessions don’t terminate automatically on suspension.Solution:
- Click on the user
- Use the “Logout” option to terminate all sessions
- Sessions expire after 24 hours maximum anyway
Need to recover deleted user
Need to recover deleted user
Unfortunately:Deleted users cannot be recovered. You’ll need to:
- Send a new invitation to the same email
- They’ll need to accept and set up a new account
- Re-enable MFA
- Their old resources remain accessible to the team
Too many Admin users
Too many Admin users
Security concern:Having too many Admins increases security risk.Recommendation:
- Limit Admin to 2-5 people maximum
- Review if all Admins still need that level of access
- Consider downgrading some to Developer role
- Document why each Admin role is necessary
User Management Checklist
New User Setup
- Determine appropriate role (least privilege)
- Send invitation with clear expectations
- Verify invitation accepted within 48 hours
- Confirm MFA enabled (if Admin/Root)
- Provide onboarding documentation
- Review access after trial period
Regular Maintenance
- Monthly: Review active users list
- Monthly: Check for inactive accounts
- Quarterly: Audit role assignments
- Quarterly: Verify elevated roles still needed
- Annually: Comprehensive security review
User Departure
- Suspend account immediately
- Terminate all sessions
- Delete API keys within 1 hour
- Review and transfer resources
- Delete user account within 24 hours
- Document handoff and transition