VIEWPORT
For teams

Invite teammates

Invite by email. Choose a role. Optionally pre-assign to teams. Email-matched accept flow.

Membership is by invite. There's no domain-claim or auto-join. Every member is explicitly invited.

Send an invite

  1. In the web app, MembersInvite member.
  2. Type the email.
  3. Pick a role: Owner / Admin / Member / Viewer.
  4. Optionally pick teams to add them to on accept.
  5. Send.

The invitee gets an email with an accept link. The link is single-use, expires in 7 days by default, and is bound to the invited email address.

What the invitee sees

If they don't have a Viewport account yet:

  1. Click the link.
  2. Land on the accept page with your org's name, your name as the inviter, and the role + teams they're being invited to.
  3. Sign in with WorkOS (or create an account with the invited email).
  4. Land in the new org, fresh empty state, ready to pair a machine.

If they already have an account:

  1. Click the link.
  2. If the invited email matches their account: accept lands them as a member of your org with the assigned role.
  3. If the email doesn't match: friendly error. "This invite was sent to alice@acme.com but you're signed in as alice@personal.com. Sign in with the right account or ask the inviter to re-send."

The email-match check is non-negotiable: it prevents anyone from forwarding their invite link.

Roles

RoleWhat they can do
OwnerEverything. Including transferring ownership and archiving the workspace.
AdminManage members, teams, workflows, settings. Cannot transfer ownership.
MemberStandard: see workflows shared with them, run agents on paired machines, take decisions in the inbox.
ViewerRead-only across everything they have access to. Cannot take decisions.

Roles are org-level. Team membership and resource-share grants narrow further. See Approval policies.

Bulk invite

For larger rollouts:

POST /api/workspaces/{workspace}/invitations/bulk
Content-Type: application/json

{
  "invitations": [
    { "email": "alice@acme.com", "role": "member", "team_ids": ["t_…"] },
    { "email": "bob@acme.com",   "role": "admin",  "team_ids": [] }
  ]
}

See Reference: API.

Pending invites

The Members page has a Pending invites tab showing every outstanding invite, who sent it, who it's for, and when it expires. You can:

  • Resend. Send the email again (does not extend the token).
  • Revoke. Cancel the invite. The link stops working immediately.
  • Copy link. Useful for sharing through Slack or 1Password.

Re-inviting

If an invite expires, just send it again. The email-match check still applies on the new link.

What happens when someone leaves

When you remove a member (Members → row → Remove):

  • Their org membership is deleted (audit event written).
  • Their team memberships in that org are removed.
  • Their machine pairings for that org are revoked. Per-org daemon credentials are invalidated; the daemon on their laptop, if still running, gets a clean "unpaired" signal on its next reconnect.
  • Their inbox items routed to them either re-route (if there are other recipients) or get marked unassigned.

The user's account itself is unaffected. They retain access to any other orgs they belong to. Their actions in this org remain in the audit log forever; that history doesn't get deleted with them.

Where to go next

Create an organization

Spin up your team's tenant. Owner, members, the org switcher, and what comes for free on creation.

Set up teams

Org-local groups of members. The unit of ACL routing, not a tenant.

On this page

Send an inviteWhat the invitee seesRolesBulk invitePending invitesRe-invitingWhat happens when someone leavesWhere to go next