> ## Documentation Index > Fetch the complete documentation index at: https://microstrate-1133-notifications-prefs.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # User Management > Add team members, assign roles, and manage user access # User Management Manage your team members, control access levels, and configure user permissions. Understand how user seats work across different plans. ## Understanding User Seats QuivaWorks uses a per-seat licensing model: **Maximum 3 users** Fixed limit - cannot add more users without upgrading **Unlimited users** Each user added increases your monthly bill by the per-user rate ### How User Seats Work **Free Plan:** * Maximum 3 active users allowed * Cannot add additional users without upgrading to a paid plan * Must remove existing users before adding new ones if at limit **Paid Plans (Pro/Team):** * Add as many users as needed * Each user increases your monthly bill: * Pro: +$19/user/month (or $15/user/month annual) * Team: +$39/user/month (or $31/user/month annual) * Users added mid-cycle are prorated * Users removed provide credit at next billing cycle **Important:** Suspended users still occupy a licensed seat and count toward your billing. To free up a seat, you must fully delete the user. **Billing Impact:** Every active or suspended user in your account counts toward your total user count and affects your bill. Monitor your user list regularly to avoid paying for unused seats. ## Adding Users Invite team members to collaborate on your QuivaWorks account. **Free Plan:** Verify you have fewer than 3 users **Paid Plans:** No limit - each new user adds to your monthly bill Go to **Account Management → Users** Click the "Invite" button * **Email address** - Where the invitation will be sent * **First and last name** * **Role** - Select appropriate access level [Understanding roles →](/essentials/users/roles-permissions) Click "Invite" to send the invitation email Users will appear with **"Invitation Pending"** status until they accept. User Invitation Email

### Billing Impact When Adding Users **No additional cost, but limited to 3 users** * User 1: \$0 * User 2: \$0 * User 3: \$0 * User 4: ❌ Must upgrade to add To add a 4th user, upgrade to Pro or Team plan. **Each user increases your monthly bill** **Example - Pro Plan (Monthly):** * Current: 10 users × $19/user = $190/month * Add 2 users mid-cycle → prorated charge * Next billing: 12 users × $19/user = $228/month **Example - Team Plan (Annual):** * Current: 25 users × $31/user = $775/month * Add 5 users → prorated for remaining year * Next annual billing: 30 users × $31/user = $930/month **Free Plan Limit:** If you have 3 users and attempt to add a 4th, you'll be prompted to upgrade to a paid plan. You cannot exceed 3 users on the Free plan. ## User Roles Choose the appropriate role based on what each user needs to do: **Account owners only** Complete control including account closure [View permissions →](/essentials/users/roles-permissions#root) **Team leads and IT** Full management except account closure [View permissions →](/essentials/users/roles-permissions#admin) **Finance team** Manage billing and subscriptions only [View permissions →](/essentials/users/roles-permissions#billing) **Technical team** Build and deploy resources [View permissions →](/essentials/users/roles-permissions#developer) **Stakeholders** View-only access [View permissions →](/essentials/users/roles-permissions#monitor) Always apply the **principle of least privilege** - assign the minimum role needed for each user to do their job effectively. Remember: all users consume a seat regardless of their role. ## Managing Users ### Updating User Roles Only Root and Admin users can change roles. Go to **Account Management → Users** Click on the user's email address Select the new role from the dropdown Click "Update Role" Changes take effect immediately. Changing a user's role does not affect seat count or billing. **Restrictions:** * You cannot change your own role * Admins cannot modify Root user roles * Admins cannot assign the Root role ### Suspending Users Temporarily restrict access without deleting the account: Navigate to **Account Management → Users** and click on user's email Click the dot menu (⋮) → "Suspend" Confirm the suspension **What happens:** * User cannot log in * All active sessions are terminated * User resources remain in the account * Can be reactivated by an Admin at any time **When to use:** * Employee on extended leave * Temporary contractor work completed * Investigating potential security issue * Pending account transfer **Billing Impact:** Suspended users still occupy a licensed seat and count toward your total user count. You will continue to be billed for suspended users. To free up a seat and stop billing, you must delete the user. View suspended users by filtering for "Suspended" status in user management. ### Terminating User Sessions Force a user to log out from all devices: Navigate to **Account Management → Users** and click on user's email Click the dot menu (⋮) → "Logout" Confirm to terminate all sessions **Use cases:** * User reports device stolen * Suspected unauthorized access * User forgot to log out on shared computer * Troubleshooting access issues Users can also manage their own sessions in their [personal settings](/essentials/security/sessions). ### Deleting Users Permanently remove a user from your account and free up a licensed seat: Navigate to **Account Management → Users** and click on user's email Click the dot menu (⋮) → "Delete" Confirm the deletion **This action is permanent and cannot be undone.** What's deleted: * User's personal settings * User's sessions and API keys * User's MFA settings What's preserved: * Resources they created (agents, flows, MCP servers) * All data remains accessible to the team ### Billing Impact When Removing Users **No billing impact** Deleting a user frees up a seat to add another user (up to 3 total). **Reduces your next bill** **Example - Pro Plan:** * Current: 15 users × $19/user = $285/month * Delete 3 users on day 10 of cycle * You're still charged for them until end of current period * Next billing: 12 users × $19/user = $228/month * Monthly savings: \$57 **Important:** No immediate refund or credit for mid-cycle deletions. The reduction applies to your next billing cycle. **Freeing Up Seats:** To stop being billed for a user and free up their seat, you must delete them (not just suspend them). The seat becomes available immediately for a new user, but billing adjustments apply at your next billing cycle. ## Managing Seat Capacity ### Checking Current Seat Usage Go to **Account Management → Users** See total count at the top: * Active users (including pending invitations) * Suspended users (still consuming seats) Go to **Account Management → Billing and Plans** to see: * Total user count * Cost per user * Total monthly/annual charge ### When You Can't Add More Users (Free Plan) If you've reached the 3-user limit on the Free plan: **Upgrade to Pro or Team** Navigate to **Account Management → Billing and Plans** Choose Pro ($19/user/month) or Team ($39/user/month) Complete upgrade and add unlimited users [Compare plans →](/get-started/plans-and-pricing) **Delete existing users to free up seats** Review your user list for inactive or unnecessary accounts Delete users you no longer need Once under 3 users, you can add new ones Remember: Suspended users still count, so you must delete them to free up seats. ### Optimizing Seat Usage **Monthly review:** 1. Navigate to **Account Management → Users** 2. Check last login date for each user 3. Identify users who haven't logged in for 30+ days 4. Contact inactive users to verify they still need access 5. Delete accounts that are no longer needed **Why this matters:** On paid plans, every inactive user costs $19-$39/month. Removing 5 inactive users on the Pro plan saves $95/month ($1,140/year). **Remember:** Suspended users still consume seats and incur charges. **Best practices:** * Use suspension for short-term situations only (1-2 weeks max) * For extended leave or departures, delete the user instead * Can always re-invite the user later if needed * Monitor suspended users weekly **Example cost:** 3 suspended users on Pro plan = 3 × $19 = $57/month wasted **Consider if you need separate users for:** * Finance team members who only check billing occasionally * Stakeholders who rarely log in to view reports * Contractors who completed their work months ago **Alternative approaches:** * Share credentials for infrequent billing access (not recommended for security) * Export reports and share externally for stakeholders * Delete contractor accounts when work is complete Balance security best practices with cost optimization. **When planning user additions:** Calculate monthly cost impact: * Pro: Each user = +$19/month (+$228/year) * Team: Each user = +$39/month (+$468/year) **Example - Adding 10 users to Pro:** * Monthly increase: 10 × $19 = $190/month * Annual increase: \$2,280/year * Consider annual billing for 20% discount Budget accordingly when onboarding new team members. ## Recovery Codes Admins can issue or view recovery codes for users who have enabled MFA. ### Issuing New Recovery Codes Navigate to **Account Management → Users** and click on user's email Click the dot menu (⋮) → "Issue new recovery codes" Click "I Am Sure" in the dialog Download, print, or copy the codes securely When recovery codes are issued or viewed, the user receives a "Security Codes Viewed" email notification to alert them of the access. ### Viewing Existing Codes Navigate to **Account Management → Users** and click on user's email Click the dot menu (⋮) → "View recovery codes" **Root user recovery codes** cannot be viewed by anyone else, including Admins. Root users must store their recovery codes securely as they cannot be recovered if lost. ## Resource Sharing All resources (agents, flows, MCP servers) are shared across your entire account. All team members can access resources based on their role permissions. **How it works:** * Resources are organized into collections within flows * Access is controlled by role, not by who created the resource * When a user is deleted, their resources remain accessible to the team * No per-user resource ownership or isolation **Role-based access:** * **Root/Admin:** Full access to all resources * **Developer:** Can create, modify, and delete all resources * **Monitor:** Can view all resources (read-only) * **Billing:** Cannot access resources [Learn more about role permissions →](/essentials/users/roles-permissions) ## Best Practices ### User Lifecycle Management **When adding new team members:** 1. Verify seat availability (Free plan) or budget impact (Paid plans) 2. Create account with appropriate role 3. Send invitation email 4. Verify they receive and accept invitation 5. Confirm they enable MFA (required for Admin/Root) 6. Provide onboarding documentation 7. Review access after first week Start with minimal permissions and increase as needed. **Billing reminder:** * Free plan: Can only add if under 3 total users * Paid plans: Each user adds $19-$39/month to your bill **Monthly reviews:** * List all active users * Check last login date for each user * Verify each user still needs access * Identify suspended users (still being billed) * Confirm roles are still appropriate * Delete inactive accounts to reduce costs **Quarterly reviews:** * Comprehensive audit of all permissions * Review role assignments * Update access based on job changes * Document why each elevated role is needed * Calculate actual cost of user seats **Cost optimization:** Removing just 5 inactive users on Pro plan saves \$1,140/year. **When users leave your organization:** **Immediately:** 1. Suspend the user account 2. Terminate all their sessions **Within 1 hour:** 3\. Delete all their API keys **Within 24 hours:** 4\. Review their resources for any needed handoff 5\. **Delete the user account** (not just suspend) * Frees up the licensed seat * Stops billing for that user at next cycle * Cannot be undone - data is preserved but user access is removed **Document:** * Who left and when * What resources they managed * Who took over their responsibilities Don't leave users in "Suspended" status long-term. Delete them to stop incurring charges and free up the seat. **Mandatory for Root and Admin:** * Enable MFA immediately * Use passkeys when possible * Store recovery codes in password manager * Use strong, unique passwords * Review sessions monthly **Recommended for all users:** * Enable MFA * Use password manager * Review active sessions regularly [Security best practices →](/essentials/security/overview) ### Role Assignment Guidelines **Typical structure:** * 1 Root (founder/owner) * 0-1 Admin (if needed) * 2-4 Developers **Why:** Small teams usually don't need separate Billing or Monitor roles. Developers can handle most operational tasks. **Cost (Pro Plan, Monthly):** * 5 users × $19/user = $95/month * Annual: $1,140/year (or $900/year with 20% annual discount) **Typical structure:** * 1 Root (owner) * 1-2 Admins (team leads) * 1 Billing (finance) * 3-12 Developers * 0-5 Monitors (stakeholders) **Why:** Separation of duties becomes important. Finance should handle billing independently from technical operations. **Cost (Pro Plan, 15 users, Monthly):** * 15 users × $19/user = $285/month * Annual: $3,420/year (or $2,700/year with 20% annual discount) **Optimization tip:** Consider if all Monitor users need continuous access or if they can receive periodic reports instead. **Typical structure:** * 1-2 Root (owner + backup) * 2-5 Admins (department leads) * 1-2 Billing (finance team) * 10+ Developers * 5+ Monitors **Why:** Clear separation of duties, compliance requirements, multiple teams and departments. **Cost (Team Plan, 30 users, Monthly):** * 30 users × $39/user = $1,170/month * Annual: $14,040/year (or $11,160/year with 20% annual discount) **Enterprise option:** At this scale, consider Enterprise plan for custom pricing, enhanced support, and additional features. ## Troubleshooting **Error:** "Maximum users reached" or "Upgrade required" **Cause:** Free plan is limited to 3 users total (active + suspended + pending invitations) **Solutions:** **Option 1 - Delete existing users:** 1. Review your user list 2. Delete users who no longer need access 3. Remember: Suspended users count toward the limit 4. Once under 3 users, you can add new ones **Option 2 - Upgrade to paid plan:** 1. Go to **Account Management → Billing and Plans** 2. Choose Pro ($19/user/month) or Team ($39/user/month) 3. Add unlimited users [Compare plans →](/get-started/plans-and-pricing) **Solutions:** 1. Check spam/junk folder 2. Verify correct email address was entered 3. Click "Resend Invitation" in user management 4. Try different email address if corporate email blocks it 5. Ask user to check email filters/rules If still not received after 10 minutes, contact support. **Note:** Pending invitations count toward your user limit on Free plan. **Common causes:** * You don't have Admin or Root role * Trying to change your own role (not allowed) * Admin trying to change Root user (not allowed) * Admin trying to assign Root role (not allowed) **Solution:** Ask a Root user or different Admin to make the change. **Why this happens:** Active sessions don't terminate automatically on suspension. **Solution:** 1. Click on the user 2. Use the "Logout" option to terminate all sessions 3. Sessions expire after 24 hours maximum anyway **Billing reminder:** Suspended users are still billed. Delete them to stop charges. **Why this happens:** User seat charges apply for the full billing period when a user is removed. **Expected behavior:** * User deleted on day 10 of monthly cycle * You're still charged for them for the full month * Next month's bill reflects the reduced user count * No prorated refunds for mid-cycle deletions **This is normal and expected.** **Unfortunately:** Deleted users cannot be recovered. You'll need to: 1. Send a new invitation to the same email 2. They'll need to accept and set up a new account 3. Re-enable MFA 4. Their old resources remain accessible to the team **Billing impact:** * If you re-invite immediately, you're billed continuously for the seat * If you wait until next cycle, you can add them at the new billing rate **Security concern:** Having too many Admins increases security risk. **Recommendation:** * Limit Admin to 2-5 people maximum * Review if all Admins still need that level of access * Consider downgrading some to Developer role * Document why each Admin role is necessary **Note:** Changing roles doesn't affect seat count or billing, so no cost concern here. **What counts toward billing:** * ✅ Active users * ✅ Suspended users (still billed!) * ✅ Pending invitations (once accepted) * ❌ Deleted users (stopped at next billing cycle) **Free Plan:** * Maximum 3 total users (all types) * No per-user charges **Paid Plans:** * Every active and suspended user incurs charges * View exact count in **Billing and Plans** ## User Management Checklist ### New User Setup * [ ] Verify seat availability (Free) or budget impact (Paid) * [ ] Calculate monthly cost increase for paid plans * [ ] Determine appropriate role (least privilege) * [ ] Send invitation with clear expectations * [ ] Verify invitation accepted within 48 hours * [ ] Confirm MFA enabled (if Admin/Root) * [ ] Provide onboarding documentation * [ ] Review access after trial period ### Regular Maintenance * [ ] Monthly: Review active users list * [ ] Monthly: Check for inactive accounts (free up seats) * [ ] Monthly: Review suspended users (still being billed!) * [ ] Monthly: Calculate actual user seat costs * [ ] Quarterly: Audit role assignments * [ ] Quarterly: Verify elevated roles still needed * [ ] Annually: Comprehensive security review ### User Departure * [ ] Suspend account immediately * [ ] Terminate all sessions * [ ] Delete API keys within 1 hour * [ ] Review and transfer resources * [ ] **Delete user account within 24 hours** (not just suspend) * [ ] Confirm seat freed up in user management * [ ] Verify next bill reflects reduced user count * [ ] Document handoff and transition ### Cost Optimization * [ ] Monthly: Identify users who haven't logged in for 30+ days * [ ] Monthly: Delete inactive users to reduce costs * [ ] Monthly: Convert long-term suspended users to deleted * [ ] Quarterly: Review if Monitor-role users can be removed * [ ] Quarterly: Calculate potential savings from user reduction * [ ] Annually: Consider annual billing for 20% discount ## Related Resources Detailed breakdown of what each role can do Understand per-user pricing and costs Manage billing and view user seat charges Set up MFA for your users Monitor and manage active logins Complete security best practices