> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flowx.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Inviting Users

> Learn how Organization Admins can invite designer users to their organization via email with role assignments and secure activation.

## Overview

Organization Admins can invite designer users to their organization via email. Invited users receive a secure invitation link, can be pre-assigned roles and groups, and go through a guided activation flow before becoming active members.

<Note>
  Only users with the **Organization Admin** role can invite new designer users.
</Note>

<Info>
  **SMTP is required.** Invitations and password-recovery emails are dispatched by Keycloak. On self-hosted deployments the client must configure SMTP in Keycloak (per realm) before either flow will work — without it, invitations fail silently. See [Email (SMTP) configuration](/5.9/setup-guides/access-management/configuring-an-iam-solution#email-smtp-configuration).
</Info>

## Accessing user invitations

The invitation feature is available from the Designer Users page:

<Steps>
  <Step title="Navigate to Designer Users">
    Go to **Organization Settings** → **Designer Users**
  </Step>

  <Step title="Open the invite dialog">
    Click **Invite User** from the contextual menu or action bar

    <Frame>
      ![Invite User button in Designer Users page](https://s3.eu-west-1.amazonaws.com/docx.flowx.ai/5.x/mti3.png)
    </Frame>
  </Step>
</Steps>

## Invitation form

When inviting a new user, you can configure the following options:

| Field               | Required | Description                              |
| ------------------- | -------- | ---------------------------------------- |
| **email address**   | Yes      | Valid email format for the invitation    |
| **Designer role**   | No       | Organization Admin or Organization Owner |
| **Runtime Roles**   | No       | Assign runtime roles to the user         |
| **Runtime Groups**  | No       | Add user to runtime groups               |
| **User attributes** | No       | Set custom user attributes               |

<Frame>
  ![Invitation form with email, roles, and groups fields](https://s3.eu-west-1.amazonaws.com/docx.flowx.ai/5.x/saas2.png)
</Frame>

<Tip>
  Pre-assigning roles and groups during invitation saves time and ensures users have the correct access from their first login.
</Tip>

## Invitation workflow

### Sending an invitation

<Steps>
  <Step title="Enter email address">
    Provide the email address of the user you want to invite
  </Step>

  <Step title="Configure access (optional)">
    Select a designer role, runtime roles, groups, and any custom attributes
  </Step>

  <Step title="Send invitation">
    Click **Send invite** to create the user and trigger the invitation email
  </Step>
</Steps>

When you send an invitation:

1. A user account is created in Keycloak with:
   * The provided email address
   * Selected runtime roles and groups
   * email verified set to `false`
   * Required actions: update password and update profile

2. A user record is created in FlowX with:
   * Assigned selections (roles, groups, attributes)
   * Status: **Pending**
   * Organization Owner role (if selected)

3. An invitation email is sent to the user

<Check>
  A success notification confirms: "Invitation sent successfully"
</Check>

### Invitation email

The invited user receives an email with the following content:

<Frame>
  **Subject:** You've been invited to your FlowX.ai account

  Hi,

  You've been invited to join the FlowX Platform to test our new Agentic Apps.

  This early access will let you explore how Agentic Apps work and give feedback on the experience before the broader rollout.

  **\[Accept Invitation]**

  Best
</Frame>

<Warning>
  Invitation links are valid for **2 days**. After expiration, the user will need a new invitation.
</Warning>

## User activation flow

When the invited user clicks the invitation link, they complete a two-step activation process:

### Step 1: Set password

The user creates a secure password for their account:

* Minimum 8 characters, maximum 64 characters
* Must include at least one uppercase letter, one lowercase letter, one number, and one special character (`!@#$%^&*()_+-`)
* Cannot be the same as the user's email address
* Upon submission, proceeds to profile setup

### Step 2: Complete profile

The user provides their profile information:

| Field          | Required | Description       |
| -------------- | -------- | ----------------- |
| **First name** | Yes      | User's first name |
| **Last name**  | Yes      | User's last name  |

Upon submission:

* User profile is updated with the provided information
* email is marked as verified
* User is redirected to the login page with a success message

### First login

After completing activation and logging in for the first time:

* User status changes from **Pending** to **Active**
* First name and last name are populated in the FlowX user profile
* User appears in the Designer Users list with Active status

## Handling expired invitations

If a user clicks an invitation link after it has expired (more than 2 days), they see an "Invite link expired" page.

<Warning>
  To resolve an expired invitation, the Organization Admin needs to send a new invitation to the user.
</Warning>

## User statuses

| Status       | Description                                               |
| ------------ | --------------------------------------------------------- |
| **Pending**  | User has been invited but hasn't completed activation     |
| **Active**   | User has completed activation and logged in at least once |
| **Disabled** | User account has been deactivated by an administrator     |

### Disabling and enabling users

Administrators can change a user's status from the Designer Users or Runtime Users page:

<Steps>
  <Step title="Open user actions">
    Find the user in the users list and open the context menu (three-dot menu)
  </Step>

  <Step title="Select the action">
    Choose **Disable** to deactivate an active user, or **Enable** to reactivate a disabled user
  </Step>

  <Step title="Confirm the action">
    Confirm the action in the dialog. The user's status updates immediately.
  </Step>
</Steps>

<Note>
  The Disable/Enable actions are available only for **Runtime Users**. Disabled users cannot log in until their account is re-enabled.
</Note>

### Resending invitations

If a user's invitation has expired or was lost, you can resend it:

<Steps>
  <Step title="Find the pending user">
    Find the user with **Pending** status in the Designer Users or Runtime Users list.
  </Step>

  <Step title="Select Resend invite">
    Open the context menu and select **Resend invite**.
  </Step>

  <Step title="Invitation sent">
    A new invitation email is sent with a fresh activation link.
  </Step>
</Steps>

<Tip>
  Resend invitations are available for both Designer and Runtime users with Pending status.
</Tip>

## Best practices

<AccordionGroup>
  <Accordion title="Pre-assign appropriate roles">
    Configure the correct designer role and runtime roles during invitation to ensure users have proper access from day one.
  </Accordion>

  <Accordion title="Use runtime groups for team organization">
    Add users to runtime groups during invitation to automatically organize them into teams and apply group-based permissions.
  </Accordion>

  <Accordion title="Monitor pending invitations">
    Regularly check the Designer Users page for users with Pending status to identify invitations that may need to be resent.
  </Accordion>

  <Accordion title="Communicate invitation timing">
    Let invited users know to expect the invitation email and complete activation within 2 days to avoid expiration.
  </Accordion>
</AccordionGroup>

## Limitations

<Note>
  The following features are planned for future releases:

  * **Cancel invite** - Ability to cancel a pending invitation
  * **Copy invite link** - Ability to copy the invitation link directly
</Note>

## Related documentation

<CardGroup cols={2}>
  <Card title="FlowX SaaS Overview" icon="cloud" href="/5.9/docs/saas/saas-overview">
    Learn about FlowX SaaS deployment and multi-tenancy
  </Card>

  <Card title="Access Management" icon="shield" href="/5.9/setup-guides/access-management/access-management-overview">
    Configure IAM and Keycloak settings
  </Card>

  <Card title="Workspaces" icon="folder" href="/5.9/docs/projects/workspaces">
    Understand workspace organization
  </Card>

  <Card title="Roles & Permissions" icon="user-lock" href="/5.9/setup-guides/access-management/roles-permissions-matrix">
    View the complete roles and permissions reference
  </Card>
</CardGroup>