Members
Invite, accept, suspend, remove. The member lifecycle inside an organization vault.
Members are SikkerKey users who can act inside your organization vault. You invite them by email, they accept from their own account, and they show up on your member roster. From there you assign a template (or leave them with none), set their project scope, and the audit log starts attributing their actions to them.
This page walks the lifecycle: invite, accept, decline, suspend, unsuspend, remove. The capability matrix lives in Capabilities reference; the template editor in Templates.
Inviting someone
From the Organization → Members page, click Invite member. Enter the email of the person you want to add. Optionally pre-assign a template and set whether they have global project access.
The invitee must already have a SikkerKey account, because membership joins an existing user identity to your vault. If they don't, ask them to sign up first; you can then invite the email they signed up with.
What the inviter sees
The response is the same whether the email belongs to a SikkerKey customer, is already on your organization, has a pending invite to your organization, or is a brand-new invitation. This is deliberate: it prevents your dashboard from being used to enumerate which emails are SikkerKey customers. If the invite was actionable, the recipient will see it on their next dashboard load.
What the recipient sees
A pending invitation appears in their sidebar and on their Members page. The invitee's preview shows:
- The username of the inviting owner.
- The template that will be assigned on acceptance (if any), with a category summary of what it grants.
- Whether they will have access to all projects in the vault or a limited subset.
The invitee accepts or declines from that panel. Invites expire 7 days after they are sent; expired invites cannot be accepted and have to be re-sent.
Invite lifecycle
| Status | What it means |
|---|---|
| Pending | The invite has been sent. The recipient hasn't responded yet. |
| Accepted | The recipient accepted. They are now a member of your organization. |
| Declined | The recipient declined. The invite is closed. Send a new one to retry. |
| Expired | The 7-day window passed without a response. Send a new invite. |
You can revoke a pending invite from your invites list at any time before it's accepted. Revoking is silent: it removes the invite without notifying the recipient.
Accepting an invite
When you log into SikkerKey, your pending organization invitations appear in the sidebar. Open the invitations panel to review the template name, the capabilities it grants by category, and the project access type before deciding.
Accepting adds you to the organization's member roster. The organization's vault now appears in your post-login picker, alongside your own personal vault. On your next login, pick whichever vault you want to act inside for the session.
If you decline, the invite is closed. The owner can send a new one if they change their mind.
The member roster
The Members page lists every member of the organization with their username, email, assigned template, project scope, joined date, and suspension state. Search by username or email, filter by template or status, and page through if you have a large member list.
From a member's row you can:
- Change template (owner-only). Promotes, demotes, or swaps the capability bundle the member holds.
- Change project scope (owner-only). Switches between global access and a specific project list, or adjusts the list.
- Suspend / unsuspend. Suspension takes effect immediately on the member's next request; their session is cut and they cannot enter the vault until unsuspended. Their audit log entries stay intact.
- Remove. Drops the member entirely. Their personal vault and SikkerKey account stay; only their membership in your organization is gone.
Suspension is reversible; removal is permanent. To temporarily lock someone out (incident response, departure on hold, investigation), suspend them. To end the relationship for good, remove them.
Audit attribution
Every action a member takes inside the organization is attributed to that member in the audit log. When you read your audit log as the owner, member actions show the member's username. When the member reads their own audit log (if their template grants the capability), they see their own actions only. A separate capability expands their view to include every actor in the vault.
The two-actor case (a member accepts an invite or declines an invite) is handled so the system, not the owner, is recorded as the actor of the row in the owner's audit log. The detail string carries the member's username so the row is still useful as forensics.
Limits
Plans cap the number of members per organization. The cap is enforced at invite-send time; an invite that would push you past the limit is rejected with a clear error and a link to your plan. The current plan, used count, and cap are visible on the Members page.
Self-leave
A member who wants to end their own membership opens their Settings page while acting inside the organization vault and uses the Leave organization card.
The leave flow asks the member to confirm by typing the organization name, then ends their membership and revokes their project access immediately. The member's SikkerKey account, their personal vault, and any other organization memberships they hold stay intact. The owner sees an org_member_leave entry in their audit log attributed to the leaving member, and their member roster updates in real time.
After leaving, the member's session falls back to their personal vault on the next page load — they don't have to sign back in.
If the owner only wants the member gone from their organization (not their own SikkerKey account), use Remove from the roster instead. Remove is the involuntary version of the same operation.