Skip to main content
Team controls live in Settings -> Membership for admins, alongside Roles, Guardrails, and the Audit log on enterprise plans.

Inviting Members

Go to Settings -> Membership and click Invite. Enter an email address, choose a role, and send. Invitations expire after 7 days. If invite review is enabled for your workspace, members can submit invite requests and admins can approve or reject them before an email is sent.

Roles

Every organization has two system roles:
RoleAccess
AdminHolds every permission: settings, members, invitations, seats, integrations, billing, org-wide access, usage visibility, and access controls
MemberUse chats, agent work, files, Library, and shared integrations, plus view-only access to roles, guardrails, and the audit log
System roles cannot be edited. On enterprise plans, admins can also create custom roles with granular permissions, covering areas such as member management, invitations, billing, credits, integrations, organization memory, guardrails, usage and activity visibility, Loops administration, and audit access. Deleting a custom role requires reassigning its members to another role first.

Guardrails

Guardrails are binding prompt constraints that admins can scope to the entire organization, a specific role, or a specific member. They are injected into the agent’s instructions for matching users, take precedence over personal instructions and saved memories, and all matching guardrails apply together. Use them to enforce standing rules such as “never send external emails without approval” or team-specific working agreements.

Audit Log

The audit log records member, role, and guardrail changes across the organization: invitations, role changes, member removal, user deactivation and reactivation, password resets, and role or guardrail creation, updates, and deletion. Each entry shows the action, who performed it, the target, and the timestamp.

Managing Members

In Settings -> Membership, admins can:
  • Change roles via the dropdown next to any member
  • Deactivate a user: they are logged out of every session and can no longer sign in, but stay in the member list and can be reactivated at any time
  • Remove members from the organization
  • Search and filter by name, email, or role
  • Cancel invitations that haven’t been accepted
  • Review invitation requests submitted by members
  • Track seat usage and open Plans to add seats when needed
StatusMeaning
ActiveAccepted and using the platform
PendingInvitation sent, awaiting acceptance
ExpiredInvitation expired after 7 days
Removing a member automatically pauses all of their Loops so recurring work does not keep running under an account that has left, and the removal is recorded in the audit log.

Seats

The Membership page shows active member count against available seats. If your workspace is at capacity, admins can open Plans to add seats. Non-admins should ask an admin to add seats or approve invites.

Access and Sharing

Team membership controls who can use the organization workspace. Access to individual files, folders, integrations, and external systems may still depend on sharing settings, org-wide access, OAuth scopes, API key permissions, and roles in the connected service.

Settings

Configure workspace preferences

Security

Data protection and privacy