Skip to content
Helpdesk / Administration

Inviting teammates + role defaults

Published May 23, 2026

Anyone with the Owner role can invite teammates. This article covers the invite flow, what new invitees see, the role defaults we shipped (and why), and the teardown path when someone leaves.

Sending an invite

Settings → Members → Invite.

  • Enter an email address (or paste a comma-separated list for bulk).
  • Pick the role. Defaults to Member — see "Why Member is the default" below.
  • Add an optional message — the recipient sees it in the invite email.
  • Send.

Invites are valid for 14 days. If the recipient doesn't accept within that window, the invite expires and you'll need to send a new one.

What the recipient sees

The invite email contains:

  • The inviter's name + the organization name.
  • A signed link to accept.
  • Your optional message.
  • The role they'll get on accept.

On clicking the link they sign in (or sign up) with the email address the invite was sent to. They cannot accept the invite from a different email address — the link is bound to the invitee email at send time.

Why Member is the default

We changed the default role from Owner to Member in May 2026 after observing the same mistake on three separate occasions: an Owner invites a teammate, leaves the role at its previous Owner default, and the teammate's first action is to do something that should have required an approver.

Defaulting to Member means:

  • Accidental invites don't grant the ability to modify policies or billing.
  • Owners are an explicit promotion, not an oversight.
  • The Owner adding the role change is logged in the audit trail — giving you a paper trail of "who was made an Owner and when".

If you actually want to invite a new Owner, just flip the role explicitly in the invite form. Kommit won't second-guess it.

Owner promotions and demotions

Promotions require an existing Owner. Demotions of an Owner require a different Owner (you can't demote yourself if you're the last Owner — Kommit refuses).

Every role change generates an audit-log row with the actor, the target user, the old role, and the new role.

Off-boarding

When someone leaves the organization:

  1. Owner → Settings → Members → Remove. This revokes their session immediately and removes their membership row.
  2. Their authored actions remain in the audit log (immutable).
  3. If they owned policies or agents, reassign those before removal — Kommit will warn you about orphans on the removal flow.
  4. If they had API keys or CLI tokens, revoke those separately under Settings → API keys.

For SSO-managed identities, removing them from the IdP also removes their Kommit access at next session expiry; the Members list will reflect the SSO state on the next sync. See [#single-sign-on-setup] for the SSO behaviour.

Bulk invite via CSV

For onboarding a team of 20+ at once, contact hello@getkommit.ai — we can bulk-create invites from a CSV without you needing to paste into the UI. Each row needs email,role,message (message optional).