Skip to content

Invite teammates

Inviting a teammate sends them a branded email with a signed 7-day link. They click, set a password, and arrive inside your organisation with the role you chose. No verification flow, no separate sign-up — they skip straight to working.

Invitations are admin-only and live at /settings/users (Workspace access).

  1. Go to /settings/users.

  2. Enter the invitee’s email and pick a role:

    • Admin — full access, including billing and member management.
    • Editor — create / edit suppliers, NCRs, CAPAs, evaluations, RMAs, calibration. No access to billing or workspace settings.
    • Viewer — read-only. Ideal for auditors, executives, external consultants.
  3. Click Send invite. The button shows a spinner while the server action runs.

  4. Sertiq creates an invitations row (signed 7-day token) and sends a Resend-delivered email from no-reply@sertiq.app. The email is branded with the Sertiq logo and your organisation name.

The new invitation appears under Pending invites. While pending, you can Revoke it or Resend the email at any time.

  1. They receive an email subject like Mariusz invited you to join Acme on Sertiq.
  2. Clicking Accept invitation opens Sertiq with their email pre-filled and password setup form.
  3. They set a password (minimum 10 chars, one number) and click Join Acme.
  4. They land on /dashboard inside your organisation, already in the role you assigned. No onboarding wizard, no second organisation created — the accept_invitation RPC routes them straight in.

You pick the role when sending the invite, not after acceptance. Change a role later from the same /settings/users page — inline dropdown next to the member, effect is immediate.

There must always be at least one admin per organisation. Demoting the last admin is blocked at the RPC level.

StateWhat it means
pendingSent, not yet accepted. Visible under Pending invites.
acceptedUser clicked the link and joined. Now appears under Members.
revokedAdmin cancelled the invitation before acceptance. Link 404s.
expired7 days passed without acceptance. Link 404s. Resend creates a fresh token.

Tokens are single-use and tied to the email address. Forwarding the email to a different inbox does not grant access — Sertiq checks auth.users.email matches the invitation email on acceptance.

No problem. The invitation flow detects an existing account by email and skips the password step — the invitee signs in normally and the new organisation appears in their organisation switcher.

A user can belong to many organisations. They switch between them from the sidebar — Sertiq remembers their last-used organisation per browser.

Invitations count against your membersMax:

PlanWorkspace seats
Free1
Starter3
Pro10
EnterpriseUnlimited

At cap, the form shows Upgrade to add more instead of Send invite. Pending invitations count toward the limit even before acceptance — revoke ones you don’t expect to land.

“User has already been registered” when accepting. The invitee has an existing Sertiq account on a different email — they need to sign in first with that email, then re-click the invite link from the signed-in state.

Invite email landed in spam. Whitelist no-reply@sertiq.app. We sign with DKIM, SPF, and DMARC — deliverability is good but corporate filters vary.

Wrong role assigned. Change it inline on /settings/users after acceptance. Role changes are immediate and audit-logged.