Members
The Members page lets Admins manage who has access to your Realm9 organisation — inviting new users, assigning roles, approving sign-up requests, and handling pending invitations.
Path: /members
Members List
The Members page has three tabs:
All Members
A table of all active members in the organisation with the following columns:
- Name — displays an Owner badge for the organisation owner and an SSO provider badge (e.g. SSO (Okta)) for users who authenticated via SSO
- Role — editable inline dropdown (Admins only)
- Status — Active, Suspended, or Locked
- Joined — date the user was created in the organisation
- Actions — change role, suspend, remove
Pending Approvals
Users who have verified their email but are waiting for admin approval to join the organisation (applies when a domain is configured with Require Approval enabled, or when open sign-up is enabled). Columns:
- Name, Email, Role, Requested Date, Email Verification Status
- Approve / Reject actions per row
- Bulk actions — select multiple users with checkboxes to approve or reject in one action
Rejected users are permanently removed (they can re-apply later). Approved users are immediately granted access.
Invitations
Pending invitations that have been sent but not yet accepted. Columns:
- Recipient email, Role, Invited By, Date Sent, Status (Active / Expired)
- Copy Link — copy the invite URL to share directly
- Cancel — revoke the invitation
Invitations expire after 7 days. Expired invitations cannot be accepted but can be re-sent.
Inviting Members
- Click Invite Member
- Enter the recipient's email address
- Select a role
- Click Send Invitation
The recipient receives an email with a sign-up link. The invitation counts toward your organisation's user limit immediately.
If an active invitation already exists for that email, Realm9 will offer to re-send the existing link rather than creating a duplicate.
Roles
Realm9 uses role-based access control. Roles are assigned per user and apply across the entire organisation.
| Role | Description |
|---|---|
| Super Admin | Full system access across all organisations (instance-level) |
| Admin | Full organisation access — manage users, settings, all features |
| Provisioner | Manage Terraform, approve bookings, access credentials; cannot manage users or org settings |
| User | Create and manage own bookings, view environments |
| Viewer | Read-only access to environments and bookings |
Note: A Manager role exists in the system for legacy compatibility but is deprecated. Do not assign it to new users — use Provisioner or Admin instead.
Changing a Member's Role
Select a new role from the dropdown in the Role column. Role changes are subject to these rules:
- You cannot change the organisation owner's role
- You cannot change your own role
- You cannot assign a role equal to or higher than your own (unless you are the org owner)
- Only Super Admins can assign the Super Admin role
- The last Admin in an organisation cannot be demoted
The affected user receives an email notification when their role changes.
User Statuses
| Status | Meaning |
|---|---|
| Active | Full access based on their role |
| Pending Approval | Email verified, awaiting admin approval |
| Suspended | Access disabled; user cannot log in |
| Locked | Account locked due to repeated failed login attempts |
Suspending and Reactivating Members
Suspend: Disables the user's access immediately. The user cannot log in or access any resources. All their data (bookings, settings, history) is preserved. Cannot suspend the organisation owner or yourself.
Reactivate: Restores access. Reactivation checks whether your current licence allows additional active users.
Removing Members
Click Remove to permanently delete a member from the organisation. This action:
- Hard-deletes the user record
- Cannot be undone
- Is blocked for the organisation owner and the last Super Admin
For temporary access removal, use Suspend instead of Remove to preserve the user's history and data.
Domain-Based Sign-up
Configure which email domains can join your organisation without an invitation under Settings → Organisation:
- Add a domain — verify ownership by entering a code sent to an email at that domain
- Auto Sign-up — once a domain is verified, users with matching email addresses can self-register
- Require Approval — self-registered users land in the Pending Approvals tab instead of being activated immediately
- Disable Open Sign-up — block all new registrations; only invited users can join
SCIM Provisioning
If your identity provider supports SCIM 2.0, you can automate user provisioning and deprovisioning. Configure SCIM under Settings → SSO → SCIM.
SCIM provisioning is available on the Enterprise tier and above. See Configuration for setup details.
User Limits
Your licence tier defines the maximum number of active users. Realm9 counts active users and pending invitations toward this limit:
- Suspending a user frees up a slot
- Rejected or cancelled invitations free up a slot
- A warning is shown when approaching the limit
Role-Based Access
| Action | Viewer | User | Provisioner | Admin | Super Admin |
|---|---|---|---|---|---|
| View members list | — | — | — | ✓ | ✓ |
| Invite members | — | — | — | ✓ | ✓ |
| Approve / Reject pending users | — | — | — | ✓ | ✓ |
| Change member roles | — | — | — | ✓ | ✓ |
| Suspend / Reactivate members | — | — | — | ✓ | ✓ |
| Remove members | — | — | — | ✓ | ✓ |
| Cancel invitations | — | — | — | ✓ | ✓ |