Inviting Team Members

SpoofWard supports team collaboration with role-based access control. This guide explains how to invite colleagues and manage their permissions.

Why Invite Team Members?

Collaboration benefits:

• Shared Responsibility - Multiple people managing security
• Knowledge Distribution - Reduce bus factor
• Specialized Roles - Analysts, viewers, admins
• Audit Trail - Track who made what changes
• Backup Access - Ensure access if one person is unavailable

Inviting a Team Member

Step 1: Access Team Settings

1. Log in to SpoofWard
2. Click your organization name (top-left)
3. Select Organization Settings
4. Click Team tab

Step 2: Click Invite

Click the blue Invite Member button

Step 3: Enter Email

Enter the email address of the person you want to invite:

• Can be personal or corporate email
• Must be valid (we send invitation there)
• If they already have a SpoofWard account, they auto-join

Step 4: Choose Role

Select their permission level:

Viewer (Read-only)

• View all domains and reports
• Cannot make any changes
• Good for executives, clients, auditors

Analyst (Configure & Respond)

• View all domains
• Configure DNS records
• Manage email sources
• Cannot add/remove team members
• Good for daily operators

Admin (Full Management)

• All analyst permissions
• Invite new team members
• Remove members
• Change domain settings
• Cannot change billing
• Good for IT managers

Owner (All Permissions)

• Full system access
• Change billing and plans
• Delete organization
• Invite/remove members
• Good for account holder only

Step 5: Send Invitation

Click Send Invitation

The invitee receives an email with:

• Your invitation
• Role they're being invited as
• Activation link
• Deadline (usually 7 days)

Invitation Email

The invitee receives:

Subject: You've been invited to SpoofWard

[Your Name] has invited you to join [Organization] on SpoofWard
as an [Role].

[Activation Link]

Link expires in 7 days.

If They Have an Account

If they already have a SpoofWard account:

1. Click link
2. Review invitation
3. Accept
4. Auto-joins your organization
5. Can start immediately

If They Don't Have an Account

If they're new to SpoofWard:

1. Click link
2. Create account (email pre-filled)
3. Set password
4. Accept invitation
5. Can start immediately

Managing Invited Members

View All Invitations

In Team section, see:

• Members who have accepted
• Pending invitations
• Expiration date for pending invitations

Resend Invitation

If invitee didn't receive email:

1. Find their pending invitation
2. Click Resend
3. New email sent (old link still works)

Cancel Invitation

If you change your mind:

1. Find pending invitation
2. Click Revoke
3. Invitation cancelled
4. Can't be used to join

Update Member Role

After someone joins, change their role:

1. Click member in team list
2. Select new role
3. Save changes
4. Changes take effect immediately

Their access updates automatically.

Remove Team Member

To remove someone from your organization:

1. Click member in team list
2. Click Remove Member
3. Confirm removal
4. They immediately lose access
5. Cannot recover access (can be re-invited)

Role Permissions Matrix

| Permission | Viewer | Analyst | Admin | Owner |

|-----------|--------|---------|-------|-------|

| View reports | ✓ | ✓ | ✓ | ✓ |

| View domains | ✓ | ✓ | ✓ | ✓ |

| Configure DNS | ✗ | ✓ | ✓ | ✓ |

| Manage senders | ✗ | ✓ | ✓ | ✓ |

| Change policies | ✗ | ✓ | ✓ | ✓ |

| Invite members | ✗ | ✗ | ✓ | ✓ |

| Remove members | ✗ | ✗ | ✓ | ✓ |

| Change billing | ✗ | ✗ | ✗ | ✓ |

| Delete org | ✗ | ✗ | ✗ | ✓ |

Common Invitation Scenarios

Scenario 1: Invite Your IT Manager

What to do:

1. Invite with their work email
2. Assign Admin role
3. They can manage the system

They can:

• View all domains
• Configure DNS
• Invite other team members
• Manage email sources
• Update policies

They cannot:

• Change your billing
• Delete the organization

Scenario 2: Invite Analyst for Daily Operations

What to do:

1. Invite with their email
2. Assign Analyst role
3. They handle day-to-day

They can:

• View all domains
• Configure DNS and SPF
• Investigate senders
• Update DMARC reports

They cannot:

• Invite new members
• Change billing
• Delete domains

Scenario 3: Invite Executive for Reporting

What to do:

1. Invite with their email
2. Assign Viewer role
3. They see reports, make no changes

They can:

• View all domains
• See all reports
• Export data
• Access dashboard

They cannot:

• Make any configuration changes
• Change team membership
• Update policies

Scenario 4: Invite Consultant (Temporary)

What to do:

1. Invite with email
2. Assign Analyst role
3. They work on specific issues
4. Remove after project ends

Benefits:

• They can do work without limiting access
• Specific role limits their permissions
• Can be removed when done

Scenario 5: Backup Owner

What to do:

1. Invite with their email
2. Assign Owner role
3. They have full access as backup

Why needed:

• If primary owner is unavailable
• Ensures access continuity
• Recommended for business continuity

Team Best Practices

Least Privilege

Give the lowest role needed:

• Executives → Viewer
• Operators → Analyst
• Managers → Admin
• Account holder → Owner

Regular Audits

Monthly:

1. Review team membership
2. Check for inactive members
3. Remove people no longer needed
4. Verify roles are appropriate

Quarterly:

1. Full team review
2. Update based on role changes
3. Onboard new team members
4. Offboard departures

Backup Ownership

Rule: Always 2+ Owners minimum

Why:

• If primary owner leaves, access preserved
• Reduces single point of failure
• Recommended for business continuity

Offboarding

When someone leaves:

1. Document their work - What were they responsible for?
2. Reassign responsibilities - Who takes over?
3. Remove from SpoofWard - Click remove
4. Update team settings - Adjust other roles if needed
5. Schedule handover - Brief replacement on system

Secure Password Practices

For your account:

• Use strong password (16+ characters)
• Enable 2FA if available
• Store in password manager
• Never share credentials

For team members:

• Each person has their own login
• Don't share accounts
• Easier to track changes in audit log

Managing Notification Settings

Default Notifications

Set organization-wide notification settings:

1. Organization Settings → Notifications
2. Choose what to notify about:

• Daily digest
• Alerts on DNS changes
• Policy updates
• Threat alerts
• Weekly reports

Individual Member Settings

Members can customize their own notifications:

1. Profile → Notification Preferences
2. Subscribe/unsubscribe from different alerts
3. Set frequency (daily, weekly, real-time)

Admin can't override personal preferences, but can set defaults.

Troubleshooting

Invitation Won't Send

Check:

• Email address is valid
• Person not already in organization
• Organization hasn't exceeded team member limit for plan

Invitee Can't Join

If they get an error:

• Invitation may have expired (resend)
• Email mismatch (must use email from invitation)
• Browser cache issue (clear and try again)
• Contact support if still failing

Can't Change Someone's Role

Check:

• You have Admin or Owner role
• They've accepted invitation (pending can't have role changed)
• You're not trying to remove the last Owner

Team Member Can't See Domains

Verify:

• They accepted invitation
• They have at least Viewer role
• Domains are in same organization

Role Transitions

Promoting Someone to Admin

1. Click member in team list
2. Change role from Analyst to Admin
3. Save changes
4. They now have team management permissions

Demoting Someone from Admin

1. Click member
2. Change role to Analyst
3. Save changes
4. They lose team management permissions
5. Still have analyst access

Making a Backup Owner

1. Invite with their email
2. Assign Owner role
3. They have full permissions
4. Can manage everything

Keep this list minimal (2-3 people).

Related Documentation

• Organizations - Team and org structure
• API Tokens - Team API access
• Plans & Billing - Team member limits per plan