Teams & Collaboration
Invite team members, assign roles, manage MSP sub-clients, and track activity with audit logs.
User Roles
DriftSensor uses role-based access control with four roles:
| Role | What They Can Do |
|---|---|
| Global Admin | Full system access across all customers. Can manage any user, view all audit logs, and access system health. |
| Tenant Admin | Manages their own organization - domains, users, settings, billing. Can invite Tenant Admin or Read Only users. |
| MSP Admin | Manages their MSP organization plus all sub-client accounts. Auto-assigned when upgrading to the MSP plan. |
| Read Only | View-only access to domains, records, monitoring, and alerts. Cannot manage users, settings, or take administrative actions. |
Users Page
Navigate to Users in the sidebar to view and manage team members.
Only Tenant Admin, MSP Admin, and Global Admin roles can access this page. Read Only users see an "Access Denied" screen.
Team Members Table
| Column | Description |
|---|---|
| User's email address (shows "Invited" badge for pending users) | |
| Name | Display name |
| Role | Global Admin, Tenant Admin, MSP Admin, or Read Only |
| Status | Active (green), Pending (outline), or Inactive (red) |
| Created | When the account was created |
| Actions | Resend invitation, Activate/Deactivate, Change Role, Delete |
Per-User Actions
- Resend Invitation - For pending users who haven't accepted yet. Sends a fresh invitation email with a new token.
- Activate / Deactivate - Toggle a user's active status. Deactivated users cannot log in. Reactivation is blocked if you've reached your plan's user limit.
- Change Role - Switch between Tenant Admin and Read Only. You cannot change your own role or change a Global Admin's role.
- Delete - Permanently remove a user (with confirmation).
Bulk Actions
Select multiple users with the checkboxes and use Delete Selected to remove them in bulk.
Inviting Team Members
Click Invite User to add someone to your organization.
Invitation Form
| Field | Required | Description |
|---|---|---|
| Yes | The new user's email address | |
| Role | Yes | Tenant Admin or Read Only (Global Admins can also assign Global Admin) |
| Customer | Admin only | Which organization to add the user to |
An email is sent with a secure invitation link. The invitation displays your organization's branding if configured.
How the Invitation Flow Works
- You send the invite - The user receives an email with a setup link.
- They click the link - Opens a "Set Up Your Account" page showing their invited email address.
- They set a password - Must be 8+ characters with uppercase, lowercase, and a number.
- Account is active - They can immediately log in. Email is automatically verified.
Invitation links expire after a set period. If expired, the user sees an "Invitation Expired" message and needs to contact their admin for a new invite.
Plan Limits
Each plan has a maximum number of users:
| Plan | Max Users |
|---|---|
| Free | 1 |
| Standard | 2 |
| Professional | 5 |
| MSP | 50 |
When at the limit, the Invite User button is disabled and a warning banner appears with an upgrade link.
MSP Multi-Client Management
Requires MSP plan.
The MSP plan adds multi-tenant management - manage multiple client organizations from a single account.
MSP Dashboard
Navigate to MSP Clients in the sidebar for an overview:
- Stats Cards - Total Clients, Total Domains, Total Users, Active Drift, Total Snapshots, Domain Usage (with a progress bar showing used vs. available).
- Recent Clients - Quick-view table of your latest clients with their domain count, user count, and drift status.
- Security Overview - Aggregate counts of unresolved drift, at-risk domains, and active alerts.
Managing Clients
Click View All Clients to see the full client list with columns for name, status, domains, users, and creation date.
Adding a Client
Click Add Client and fill in:
| Field | Required | Description |
|---|---|---|
| Organization Name | Yes | Client's company name (2–100 characters) |
| Contact Email | Yes | Primary contact email |
| Alert Email | No | Separate email for DNS change alerts |
| White-Label Branding | No | Company Name, Logo URL, Primary Color, Secondary Color, Email Footer Text |
| Active | Yes | Toggle (default: on) |
Editing and Deleting Clients
Edit any client's details, branding, or status. Clients can only be deleted if they have zero domains and zero users - remove those first.
Inviting Users to Sub-Clients
From the Users page, MSP Admins can filter by client and invite users to any sub-client organization. Users are assigned to the selected client and can only access that client's data.
Audit Logs
Navigate to Audit Logs in the sidebar to view a complete activity trail.
Available to Tenant Admin, MSP Admin, and Global Admin. Each role sees logs scoped to their access level.
Audit Log Table
| Column | Description |
|---|---|
| Timestamp | When the action occurred |
| User | Who performed the action (email, or "System" for automated tasks) |
| Action | Color-coded badge - e.g., Login, Create, Delete, Alert Sent |
| Entity | What was affected (e.g., Domain, User, Webhook) |
| Details | Summary of changes (JSON - old/new values) |
| IP Address | Source IP address |
Filters
- Action - Filter by specific action types (e.g., Login, Create, Delete, Alert Sent, Drift Accepted).
- Entity Type - Filter by what was affected (Domain, User, Subscription, etc.).
- User Email - Search for actions by a specific user.
- Clear Filters to reset.
What Gets Logged
| Category | Examples |
|---|---|
| Authentication | Login, logout, failed login, MFA enabled/disabled, password reset |
| User Management | Invitation sent/accepted, role changes, user activate/deactivate |
| Domain Operations | Domain created/updated/deleted, monitoring enabled/disabled, manual checks |
| Alerts | Alert sent, alert failed |
| Integrations | Webhook created/updated/deleted, Teams notification sent/failed |
| Subscription | Plan changed, payment succeeded/failed, subscription canceled |
| Drift | Drift accepted (master records updated) |
| MSP | Sub-client created/updated/deleted, MSP user invited |
Export
Click Export to download audit logs as a file. You can filter by date range, action type, and entity type before exporting.
Audit logs are immutable - they cannot be edited or deleted.