Get Started

Team Members

Team Members (the Staff page) is where advisory firms manage who works inside the firm and what they can reach. Roles determine breadth of access — owners and admins see every business, while members see only the businesses assigned to them directly or through a team. You can also toggle each user's programmatic access and track the delivery status of staff invitations end to end. It lives in the /settings Practice Management section.

Key capabilities

  • Three staff roles: owner, admin, member (changed inline via a dropdown)
  • Owners and admins see all businesses; members are scoped to assigned businesses
  • Manage access modal to assign specific businesses to a member (direct or via team)
  • Per-user programmatic access toggle (disabling it blocks that user's connection keys)
  • Invite staff by email with optional first/last name
  • Pending Invitations panel with live email delivery badges
  • Delivery states: not sent, sent, delivered, opened, bounced, spam-reported
  • Resend invitations (1-hour cooldown, auto-lifted after a bounce or complaint)
  • Cancel pending invitations and an "Expired" flag for stale invites
  • Remove a member to revoke firm access immediately

How it works

Role sets the default reach; members are then narrowed to specific businesses directly or through team membership.

flowchart TD
  role{"Staff role"}
  role -->|"Owner / Admin"| all["All businesses"]
  role -->|"Member"| assigned["Assigned businesses only"]
  assigned --> direct["Direct assignment"]
  assigned --> viaTeam["Via team membership"]
  direct --> access["Effective access"]
  viaTeam --> access

How to use it

  1. Open Settings > Staff.
  2. Click Invite Member, enter their email (and optional name), and send.
  3. Set each person's Role from the inline dropdown: Owner, Admin, or Member.
  4. For a member, click Manage access to check the businesses they should reach — team memberships also grant access automatically.
  5. Toggle programmatic access per user to allow or block their programmatic tokens.
  6. In Pending Invitations, watch the delivery badge; use Resend (refresh icon) or Cancel (X) as needed.
  7. Click the trash icon to remove a member and revoke their access at once.

Pro tips

  • Use the Member role for bookkeepers who should only see their assigned clients — not the whole firm.
  • Watch for Bounced or Spam reported badges: the resend cooldown is automatically lifted so you can retry or fix the address immediately.
  • Client portal access is managed separately under Settings > Clients — staff roles never grant portal access and vice versa.
  • Disable programmatic access for staff who shouldn't script against the integration; their existing tokens stop working until re-enabled.
  • Removing a member is immediate and firm-wide; reassign their teams/clients first if continuity matters.

In-depth guide

Roles & permissions

Role Business visibility Typical use
Owner All businesses Firm principals; full control
Admin All businesses Operations leads who manage members and settings
Member Only assigned businesses (direct or via team) Bookkeepers/staff scoped to specific clients

Member access assignment

The Manage access modal controls which businesses a member can reach:

  • Lists every firm business with a checkbox for direct assignment.
  • Businesses reached via a team are marked "(via team)" and shown as granted even if the direct box is unchecked.
  • Select all / Deselect all speeds up setup; Save writes the direct assignments.
  • Team-based access is managed separately on the Teams page.

programmatic access toggle

Each staff row has an programmatic access switch:

  • On by default — owners/admins control it per user.
  • Turning it off causes that user's connection key connection services to return 403, disabling programmatic access without deleting their tokens.

Invitation delivery states

Badge Meaning
Not sent No delivery recorded yet — try resending
Sent Handed to the mail provider; awaiting delivery confirmation
Delivered Reached the recipient's mail provider, not opened yet
Opened Recipient opened the email
Bounced Address rejected; resend cooldown is overridden
Spam reported Recipient marked it as spam; resend cooldown is overridden

Resend cooldown logic

  • Resends are rate-limited to once per hour per invitation to avoid spamming recipients.
  • The cooldown is automatically bypassed when an invite has bounced or been marked as spam, since a one-off retry (or a corrected address) is the right next step.
  • Invitations carry an expiry; expired ones show an "Expired" flag.

Audit implications

Role changes, removals, and invitation actions are sensitive account events:

  • Use Settings > Audit Log to see who changed a role or removed a member.
  • This matters for SOC reviews and offboarding.

Edge cases

  • Only members get the Manage access control; owners/admins always show "All businesses."
  • Removing a member revokes access immediately but does not delete the businesses or teams they touched.
  • If no firm is selected, the page shows a "No firm selected." placeholder.