Settings

Team Management

Invite, manage, and organize your support team in Keva

Team management lets you invite colleagues, assign roles, and control access to your Keva workspace. All team actions are logged for SOC 2 compliance.

Overview

Keva uses organization-based access powered by Clerk. Each organization can have multiple team members with different roles and permissions.

Inviting Team Members

Send an Invitation

  1. Navigate to Settings > Team
  2. Click Invite Member
  3. Enter the team member's email address
  4. Select a role (Owner, Admin, Agent, or Viewer)
  5. Click Send Invite

The invitee receives an email with a link to join your workspace.

Invitation Status

StatusDescription
PendingInvitation sent, awaiting acceptance
AcceptedUser joined the workspace
ExpiredInvitation expired (7 days)
RevokedInvitation manually cancelled

Resend or Cancel Invitations

From the Team page, find pending invitations and click:

  • Resend to send another email
  • Revoke to cancel the invitation

Managing Team Members

View Team Members

The Team page shows all members with:

  • Name and email
  • Assigned role
  • Join date
  • Last active

Change a Member's Role

  1. Find the team member in the list
  2. Click the Role dropdown
  3. Select the new role
  4. Confirm the change

Role changes take effect immediately.

Remove a Team Member

  1. Find the team member in the list
  2. Click the Remove button (trash icon)
  3. Confirm removal

Removed members immediately lose access to the workspace.

Permission Requirements

ActionRequired Permission
View team listteam.view
Invite membersteam.invite
Remove membersteam.remove
Change rolesteam.edit_roles

Default Roles

Keva provides four built-in roles:

RoleDescription
OwnerFull access including billing
AdminFull access except billing
AgentHandle tickets and approvals
ViewerRead-only access

See Roles & Permissions for details.

Best Practices

Principle of Least Privilege

Assign the minimum role needed for each team member's job:

  • Customer support staff: Agent
  • Managers needing reports: Viewer or Agent
  • Technical administrators: Admin
  • Business owners: Owner

Regular Access Reviews

For SOC 2 compliance, review team access quarterly:

  1. Check if all members still need access
  2. Verify roles are appropriate
  3. Remove inactive users
  4. Document the review

Offboarding Checklist

When a team member leaves:

  1. Remove them from the workspace
  2. Rotate any API keys they created
  3. Review their recent activity in audit logs
  4. Update any shared credentials

Audit Trail

All team actions are logged:

  • team.member_invited - Invitation sent
  • team.member_removed - Member removed
  • team.role_changed - Role updated

View the audit log at Settings > Security > Audit Log.