Users and roles
This page is for the person who administers SUPERWISE Chat for their organization. It covers the three things you’ll do most often: invite people, give them the right level of access, and remove access cleanly when someone leaves or changes teams.
Your goal: everyone who needs Chat can get in, with exactly the access their job calls for — no more, no less — and you can prove who can do what at any time.
How access works (in one minute)
Section titled “How access works (in one minute)”Three ideas, kept separate, make this simple:
- A seat is a named license. Each person who uses Chat occupies one seat. Your plan sets how many seats you have.
- A role is a level of access — from read-only up to full administration. Each person holds one or more roles, and their role decides what they can see and do.
- An organization (your tenant) keeps your people and data separate from every other customer. Everyone you invite joins your organization and sees only your organization’s data.
Inviting someone fills a seat and assigns a starting role. Changing a role adjusts what they can do. Removing someone frees the seat and ends their access.
The named-license (seat) model
Section titled “The named-license (seat) model”SUPERWISE Chat is licensed per named user. A seat belongs to a specific person, identified by their email — it isn’t a shared or concurrent login.
- One person, one seat. Inviting someone consumes one seat for as long as they have access.
- Your plan sets the seat count. When all seats are filled, you’ll need to free a seat (by removing someone) or raise your plan before you can invite the next person. Your account team can adjust your seat count at any time.
- Removing a person frees their seat immediately, so it can be reused for someone else.
The roles
Section titled “The roles”Most people sit on a simple ladder of access — from look-around to full administration. On top of that ladder are a few add-on roles you grant when someone needs a specific extra responsibility, like moderating a space or reviewing for compliance. From least to most access:
| Role | What they can do | Typical use |
|---|---|---|
| Guest | See shared channels only | A limited, look-around level of access |
| Viewer | Read conversations and content, but not create or change anything | Auditors, observers, read-only stakeholders |
| Member | The everyday user — chat, create and share conversations, use assistants, build personal memory and notes | Most of your team |
| Administrator | Manage members, roles, settings, integrations, and governance for the whole organization | Your IT or platform admins |
Add-on roles sit alongside Member — grant them on top of someone’s everyday access when they take on a specific extra responsibility:
| Add-on role | What it adds | Typical use |
|---|---|---|
| Channel moderator | Moderate a shared channel’s content | Team leads who keep a shared space tidy |
| Project manager | Run a team space — moderate it and manage its content | People who run a team workspace |
| Project owner | Run a team space and manage its knowledge and documents | The owner of a team’s knowledge base |
| Compliance reviewer | Read-only oversight: review what the AI did, view safety alerts, and export audit records — without the ability to change anything | Security, compliance, and risk reviewers |
A note on the compliance-reviewer role
Section titled “A note on the compliance-reviewer role”The compliance reviewer role is deliberately read-only. It lets a security or compliance person see exactly what happened — the AI’s activity, any safety alerts, and full audit exports — without giving them the power to change settings, content, or other people’s access. It’s the right choice when someone needs visibility for oversight but should never be able to alter what they’re reviewing. This separation is part of how Chat keeps your governance trustworthy: the people who watch and the people who act are different people.
Before you start
Section titled “Before you start”- You need an administrator role in SUPERWISE Chat. If the tenant Settings area isn’t visible to you, you don’t have the right role yet — ask an existing administrator to grant it.
- Decide whether new people sign in through your identity provider (SSO) or are invited directly by email. If you use SSO, set it up first — see Connect your identity provider (SSO).
- Know your available seats. You can check current usage in Settings → Members.
Invite a person
Section titled “Invite a person”- Open Settings → Members.
- Select Send invite (or Add user).
- Enter the person’s email address.
- Choose the starting role they should have — when in doubt, Member is the right default for an everyday user. You can always adjust it later.
- Send the invitation. The person receives an email, signs in (through your identity provider if SSO is enabled), and is placed in your organization with the role you chose.
If you use single sign-on
Section titled “If you use single sign-on”With SSO enabled, people sign in with their existing corporate credentials, and your provider’s multi-factor and access policies apply automatically. You can still invite people through Members as above. For production we recommend invite-only sign-in, so only people you’ve invited can get in — see Connect your identity provider (SSO) for how to set that.
Change someone’s role
Section titled “Change someone’s role”- Open Settings → Members.
- Find the person and open their entry.
- Adjust their role, then save.
The change takes effect on their next action. A person can hold more than one role where it makes sense — for example, an everyday Member who is also a compliance reviewer for oversight.
Remove a person (deprovision)
Section titled “Remove a person (deprovision)”When someone leaves the company or no longer needs Chat:
- Open Settings → Members.
- Find the person and choose Remove (or Revoke access).
- Confirm.
Their access ends immediately and their seat is freed for reuse.
Every invite, role change, and removal is recorded in your organization’s audit trail, so you always have a record of who changed access and when. See Audit and usage.
Worked example
Section titled “Worked example”A 60-person company is rolling Chat out across three teams.
- The admin enables SSO so everyone signs in with their existing corporate accounts, and sets sign-in to invite-only (Identity and SSO).
- They invite the company as Members in batches from Settings → Members — everyday access for everyone.
- Three team leads are also made channel moderators so each can keep their team’s shared space tidy.
- The head of security is added as a compliance reviewer — full read-only visibility into AI activity and audit exports, with no ability to change anything.
- Two IT staff are made administrators to manage members and settings going forward.
- When an employee leaves, IT disables the account in the identity provider and removes the user in Chat. The seat is freed and reassigned to a new hire the same day.
Troubleshooting
Section titled “Troubleshooting”“I can’t invite anyone — there’s no Add user option.” You likely don’t hold an administrator role. Ask an existing administrator to grant it, then reopen Settings → Members.
“The invite was sent but the person can’t sign in.” If you use SSO, confirm the person exists in your identity provider and that your sign-in mode admits them (invite-only requires them to be invited first). See the troubleshooting table in Connect your identity provider (SSO).
“I’ve run out of seats.” Free a seat by removing someone who no longer needs access, or ask your account team to raise your seat count. Check current usage in Settings → Members.
“A role I want to assign isn’t available to me.” You can only grant roles below your own level. Ask a higher-level administrator to make the assignment.
“Someone still has access after I removed them.” Removal in Chat is immediate. If they signed in through SSO and can still reach Chat, confirm their account is also disabled in your identity provider — an active provider account can let them sign in again.
If a problem persists after these checks, see Admin troubleshooting.
Related pages
Section titled “Related pages”- Connect your identity provider (SSO) — let your team sign in with corporate credentials.
- Model access and tiers — what your plan includes and how seats relate to assistants.
- Audit and usage — see who did what, including access changes.
- Admin quickstart — the full first-time setup checklist for new administrators.