Team Collaboration
Invite team members to collaborate on your KnoxCall tenant with role-based access control.Overview
Team features:- 👥 Invite unlimited team members
- 🔐 Role-based permissions (Admin, Developer, Viewer)
- 📧 Email invitations with secure links
- 🔄 Easy member management
- 📊 Audit log tracking of member actions
- Dev teams managing API integrations
- Ops teams monitoring traffic
- Security teams auditing access
Team Roles
Administrator
Full access to everything: ✅ Can do:- Create/edit/delete routes
- Create/edit/delete secrets
- Create/edit/delete clients
- Manage team members (invite/remove)
- Change tenant settings
- Roll subdomain hash
- View/export all logs
- Configure alerts
- Manage billing
- Delete tenant (requires owner)
- Engineering leads
- DevOps engineers
- Technical founders
Developer
Create and configure resources: ✅ Can do:- Create/edit/delete routes
- Create/edit/delete secrets
- Create/edit/delete clients
- View logs and analytics
- Test routes
- Configure environments
- Invite/remove team members
- Change tenant settings
- Roll subdomain hash
- Manage billing
- Delete tenant
- Backend developers
- Integration engineers
- QA engineers
Viewer
Read-only access: ✅ Can do:- View routes (cannot edit)
- View logs and analytics
- View alerts (cannot configure)
- View team members
- Create/edit/delete anything
- View secret values
- Test routes
- Configure settings
- Manage billing
- Product managers
- Customer success
- Junior developers
- External auditors
Inviting Team Members
Step 1: Navigate to Team Page
- Click Settings in sidebar
- Select Team
- See current team members
Step 2: Invite Member
- Click + Invite Member
- Enter email address:
- Select role:
- Click Send Invitation
Step 3: Invitation Sent
Email sent to invited user:Step 4: User Accepts
New user:- Clicks “Accept Invitation”
- Creates KnoxCall account
- Sets password
- Gains access to tenant
- Clicks “Accept Invitation”
- Logs in with existing account
- Tenant added to their account
- Can switch between tenants
Managing Team Members
Viewing Team
Team page shows:- Member name and email
- Role (Admin, Developer, Viewer)
- Status (Active, Pending invitation)
- Joined date
- Last active
Changing Member Role
- Navigate to Settings → Team
- Find team member
- Click Change Role dropdown
- Select new role
- Confirm
Removing Team Member
- Navigate to Settings → Team
- Find team member
- Click Remove
- Confirm removal
- User loses access to tenant immediately
- Cannot view routes, secrets, logs
- Can no longer make changes
- Audit logs still show their past actions
Resending Invitation
If invitation expired or email lost:- Navigate to Settings → Team
- Find pending invitation
- Click Resend
- New invitation email sent
Canceling Invitation
Before user accepts:- Navigate to Settings → Team
- Find pending invitation
- Click Cancel
- Invitation link becomes invalid
Audit Logging
All team member actions are logged: View team member activity:- Navigate to Monitoring → Audit Logs
- Filter by user email
- See all changes made by that member
- Compliance audits
- Troubleshooting configuration issues
- Security investigations
Best Practices
1. Principle of Least Privilege
Assign minimum necessary role: ✅ Good:2. Regular Access Reviews
Monthly:- Review team member list
- Remove inactive members
- Verify roles still appropriate
- Check for ex-employees
3. Use Service Accounts for Automation
Don’t share personal accounts for CI/CD: ❌ Bad: Use [email protected] credentials in CI ✅ Good: Create API key for CI/CD Team members = humans only4. Document Team Structure
Maintain team roster:5. Onboarding/Offboarding Process
New team member:- Invite to KnoxCall tenant
- Share documentation links
- Walkthrough key routes/secrets
- Add to on-call rotation (if applicable)
- Remove from KnoxCall tenant
- Rotate any shared secrets they had access to
- Review their audit logs (last actions)
- Update on-call rotation
Role Permissions Matrix
| Permission | Admin | Developer | Viewer |
|---|---|---|---|
| View routes | ✅ | ✅ | ✅ |
| Create/edit routes | ✅ | ✅ | ❌ |
| Delete routes | ✅ | ✅ | ❌ |
| View secrets (names only) | ✅ | ✅ | ✅ |
| View secret values | ✅ | ✅ | ❌ |
| Create/edit secrets | ✅ | ✅ | ❌ |
| Create/edit clients | ✅ | ✅ | ❌ |
| View logs | ✅ | ✅ | ✅ |
| Export logs | ✅ | ✅ | ❌ |
| Configure alerts | ✅ | ✅ | ❌ |
| View analytics | ✅ | ✅ | ✅ |
| Test routes | ✅ | ✅ | ❌ |
| Invite team members | ✅ | ❌ | ❌ |
| Remove team members | ✅ | ❌ | ❌ |
| Change roles | ✅ | ❌ | ❌ |
| Edit tenant settings | ✅ | ❌ | ❌ |
| Roll subdomain hash | ✅ | ❌ | ❌ |
| Manage billing | ✅ | ❌ | ❌ |
| Delete tenant | Owner only | ❌ | ❌ |
Multiple Tenants
If user belongs to multiple tenants: Switch tenants:- Click tenant dropdown (top-left)
- Select different tenant
- UI updates to that tenant
- Separate team with separate roles
- User may be Admin in one, Viewer in another
- Permissions apply per-tenant
Troubleshooting
Issue: “Invitation not received”
Causes:- Email in spam folder
- Typo in email address
- Email server rejecting
- Check spam folder
- Verify correct email
- Resend invitation
- Try different email provider
Issue: “Can’t remove team member”
Causes:- Trying to remove yourself (not allowed)
- Only member (need at least one Admin)
- Have another Admin remove you
- Invite another Admin first
Issue: “Permissions not working”
Cause: Browser cache Fix:- Log out
- Clear browser cache
- Log back in
- Permissions refresh
Related Features
- Audit Logs: Track team member actions
- Tenant Management: Overall tenant settings
- API Keys: Alternative authentication (not tied to user)
Next Steps
Audit Logs
Track team activity
Tenant Settings
Configure tenant
Routes
Start configuring routes
Secrets
Manage credentials
Statistics: Level: beginner | Time: 5 minutes | Tags:
team, collaboration, permissions, access-control