Manage Team
Invite members, assign roles, and connect an identity provider.
Build your team in two places — Team (members and roles) and Identity Provider (automatic sync from Entra ID / Google Workspace / Okta).
Open the Team page
Navigate to Team in the sidebar. The page has two sections:
- Identity Provider (top) — manage SCIM-style user sync. See Configure IdP.
- Member list (bottom) — every user with their role, status, and last activity.
📸 Screenshot: Team page with member list
The five permission levels
| Level | Typical title |
|---|---|
owner | CTO, VP Engineering, Founder |
admin | Engineering manager, IT lead, MLOps lead |
editor | Compliance Officer, Data Protection Officer, Security Engineer |
viewer (default) | Software developer, business stakeholder |
platform_admin | Palveron support staff — not assignable here |
The full permission matrix lives on Roles & Permissions.
Invite a member
- Click Invite member (top right).
- Enter the email address.
- Select the role (
admin,editor, orviewer—owneris set during project creation and transferable via support). - Click Send invitation.
The invited user receives an activation link. Status shows Invited until they accept.
Order matters. Invite at least one editor (compliance) before your first agent registration — the wizard hands off to compliance for risk classification. Invite developers as viewer last; without an agent to integrate, there's nothing for them to do yet.
Change a role
- Click the three dots (⋯) next to a member.
- Select Change role.
- Pick the new role.
- Confirm.
Role changes take effect immediately on the gateway and within ~5 seconds in the user's dashboard session (they may need to refresh).
Remove a member
- Click the three dots (⋯) → Remove.
- Confirm.
If the removed member is on the responsibility chain of an active agent (responsible person, technical maintainer, or approval authority), removal is blocked until the chain is reassigned. The dialog lists every agent that needs to be updated.
IdP-synced members
When an identity provider is connected, synced users appear with an IdP badge. These users:
- Cannot be removed manually — manage them in the IdP.
- Cannot have their role changed manually — change the IdP group instead, then wait for the next sync cycle (or trigger an immediate sync from Identity Provider → Sync now).
- Are automatically deactivated when removed from the IdP — within ~5 minutes of the change in Entra/Google/Okta.
See Configure IdP for the full setup.
Audit trail
Every team change (invite, role change, removal) is recorded as a governance event. Find them in Monitoring → Governance Events filtered by event_type: TEAM_*. Useful as evidence in your own SOC 2 or ISO 27001 audits (Palveron supplies the trail; the certification remains yours).