Skip to content

Users and roles

This page is for the person who administers SUPERWISE Chat for their organization. It covers the three things you’ll do most often: invite people, give them the right level of access, and remove access cleanly when someone leaves or changes teams.

Your goal: everyone who needs Chat can get in, with exactly the access their job calls for — no more, no less — and you can prove who can do what at any time.

Three ideas, kept separate, make this simple:

  • A seat is a named license. Each person who uses Chat occupies one seat. Your plan sets how many seats you have.
  • A role is a level of access — from read-only up to full administration. Each person holds one or more roles, and their role decides what they can see and do.
  • An organization (your tenant) keeps your people and data separate from every other customer. Everyone you invite joins your organization and sees only your organization’s data.

Inviting someone fills a seat and assigns a starting role. Changing a role adjusts what they can do. Removing someone frees the seat and ends their access.

SUPERWISE Chat is licensed per named user. A seat belongs to a specific person, identified by their email — it isn’t a shared or concurrent login.

  • One person, one seat. Inviting someone consumes one seat for as long as they have access.
  • Your plan sets the seat count. When all seats are filled, you’ll need to free a seat (by removing someone) or raise your plan before you can invite the next person. Your account team can adjust your seat count at any time.
  • Removing a person frees their seat immediately, so it can be reused for someone else.

Most people sit on a simple ladder of access — from look-around to full administration. On top of that ladder are a few add-on roles you grant when someone needs a specific extra responsibility, like moderating a space or reviewing for compliance. From least to most access:

RoleWhat they can doTypical use
GuestSee shared channels onlyA limited, look-around level of access
ViewerRead conversations and content, but not create or change anythingAuditors, observers, read-only stakeholders
MemberThe everyday user — chat, create and share conversations, use assistants, build personal memory and notesMost of your team
AdministratorManage members, roles, settings, integrations, and governance for the whole organizationYour IT or platform admins

Add-on roles sit alongside Member — grant them on top of someone’s everyday access when they take on a specific extra responsibility:

Add-on roleWhat it addsTypical use
Channel moderatorModerate a shared channel’s contentTeam leads who keep a shared space tidy
Project managerRun a team space — moderate it and manage its contentPeople who run a team workspace
Project ownerRun a team space and manage its knowledge and documentsThe owner of a team’s knowledge base
Compliance reviewerRead-only oversight: review what the AI did, view safety alerts, and export audit records — without the ability to change anythingSecurity, compliance, and risk reviewers

The compliance reviewer role is deliberately read-only. It lets a security or compliance person see exactly what happened — the AI’s activity, any safety alerts, and full audit exports — without giving them the power to change settings, content, or other people’s access. It’s the right choice when someone needs visibility for oversight but should never be able to alter what they’re reviewing. This separation is part of how Chat keeps your governance trustworthy: the people who watch and the people who act are different people.

  • You need an administrator role in SUPERWISE Chat. If the tenant Settings area isn’t visible to you, you don’t have the right role yet — ask an existing administrator to grant it.
  • Decide whether new people sign in through your identity provider (SSO) or are invited directly by email. If you use SSO, set it up first — see Connect your identity provider (SSO).
  • Know your available seats. You can check current usage in Settings → Members.
  1. Open Settings → Members.
  2. Select Send invite (or Add user).
  3. Enter the person’s email address.
  4. Choose the starting role they should have — when in doubt, Member is the right default for an everyday user. You can always adjust it later.
  5. Send the invitation. The person receives an email, signs in (through your identity provider if SSO is enabled), and is placed in your organization with the role you chose.

With SSO enabled, people sign in with their existing corporate credentials, and your provider’s multi-factor and access policies apply automatically. You can still invite people through Members as above. For production we recommend invite-only sign-in, so only people you’ve invited can get in — see Connect your identity provider (SSO) for how to set that.

  1. Open Settings → Members.
  2. Find the person and open their entry.
  3. Adjust their role, then save.

The change takes effect on their next action. A person can hold more than one role where it makes sense — for example, an everyday Member who is also a compliance reviewer for oversight.

When someone leaves the company or no longer needs Chat:

  1. Open Settings → Members.
  2. Find the person and choose Remove (or Revoke access).
  3. Confirm.

Their access ends immediately and their seat is freed for reuse.

Every invite, role change, and removal is recorded in your organization’s audit trail, so you always have a record of who changed access and when. See Audit and usage.

A 60-person company is rolling Chat out across three teams.

  1. The admin enables SSO so everyone signs in with their existing corporate accounts, and sets sign-in to invite-only (Identity and SSO).
  2. They invite the company as Members in batches from Settings → Members — everyday access for everyone.
  3. Three team leads are also made channel moderators so each can keep their team’s shared space tidy.
  4. The head of security is added as a compliance reviewer — full read-only visibility into AI activity and audit exports, with no ability to change anything.
  5. Two IT staff are made administrators to manage members and settings going forward.
  6. When an employee leaves, IT disables the account in the identity provider and removes the user in Chat. The seat is freed and reassigned to a new hire the same day.

“I can’t invite anyone — there’s no Add user option.” You likely don’t hold an administrator role. Ask an existing administrator to grant it, then reopen Settings → Members.

“The invite was sent but the person can’t sign in.” If you use SSO, confirm the person exists in your identity provider and that your sign-in mode admits them (invite-only requires them to be invited first). See the troubleshooting table in Connect your identity provider (SSO).

“I’ve run out of seats.” Free a seat by removing someone who no longer needs access, or ask your account team to raise your seat count. Check current usage in Settings → Members.

“A role I want to assign isn’t available to me.” You can only grant roles below your own level. Ask a higher-level administrator to make the assignment.

“Someone still has access after I removed them.” Removal in Chat is immediate. If they signed in through SSO and can still reach Chat, confirm their account is also disabled in your identity provider — an active provider account can let them sign in again.

If a problem persists after these checks, see Admin troubleshooting.