Onboarding is where trust is won or lost. A new team member joining an organization has an implicit first impression of every tool they encounter on day one — whether the tool felt ready for them, or whether they had to chase an admin for access, decipher an ambiguous welcome email, or create yet another account from scratch. A platform that makes the first five minutes smooth earns credit that lasts. A platform that makes the first five minutes awkward spends the next six months digging out of the impression. We've treated user invitations as a first-class feature precisely because this is where a new user's relationship with the platform begins, and we'd rather that relationship start well.
Send an invitation in one click. An admin types the new user's email address, picks the role they should have, and clicks send. The invitation email goes out immediately; no separate coordination is required; no manual account setup; no temporary password to share through a side channel. The admin's job is done in seconds, and the invitation is on its way.
Role pre-assignment means the invitee lands with the right permissions from the moment they accept. The role is chosen at the time of invitation — Sales Rep, Project Manager, Read-Only Auditor, whatever fits the invitee's responsibilities — and the platform applies it automatically when the invitation is accepted. The user doesn't arrive in a permission-less limbo, waiting for an admin to provision their access; they arrive able to do the work they were hired to do.
Accept-and-continue is the invitee-side experience. Clicking the invitation link opens the platform, completes the account setup with a minimum of ceremony, and drops the user straight into their first task — either a home page tailored to their role or a specific page the invitation was pointing to. There's no intermediate "please go to login.example.com and enter the credentials we'll send separately" step; the invitation is the link, and clicking the link is signing in.
Password setup on acceptance covers the default case for tenants using passwords. The invitee is prompted to set a password as part of accepting the invitation, so they don't have to deal with a generated temporary credential that they'd just change anyway. For tenants using magic-link login, acceptance can skip the password step entirely — the invitation itself functions as a magic link, and subsequent sign-ins go through the same email-based flow. For tenants using SSO, acceptance routes through the identity provider, and the account is linked to the provider's identity on first sign-in. Each authentication style has its own invitation flavor, and the admin doesn't have to think about it — the platform uses whichever one the tenant is configured for.
Bulk invitations handle the case where a team, a department, or an entire cohort needs to be onboarded at once. The admin provides a list of email addresses — pasted into a field, uploaded from a spreadsheet, imported from an HR system export — along with the role that should apply to the batch. The platform sends individual invitations to each address, tracks the state of each one separately, and reports on which have been accepted and which are still pending. For scenarios like "we hired fifteen people this quarter, get them all set up," bulk invitations turn a forty-five-minute task into a two-minute one.
Resend and revoke give admins control over pending invitations. An invitation that hasn't been accepted can be resent — useful when the original email got lost in a spam folder, or when the invitee missed it entirely. An invitation that shouldn't be used — because the invitee changed their email, because the hire fell through, because the wrong address was typed — can be revoked before acceptance. The revoked link stops working immediately; nothing the invitee can do at that point gets them in. For the kind of small course-corrections that real-world onboarding always includes, these two controls handle the common cases without requiring any cleanup after the fact.
Expiry closes the loop on invitations that are never accepted. An invitation that's been outstanding longer than the configured window expires automatically — typically on the order of a week or two, tenant-configurable — which keeps stale invitations from accumulating and keeps the access surface clean. An expired invitation can be reissued if the invitee is still expected to come aboard; otherwise it's simply gone, with no special action required from the admin.
Branded invitation emails make the arrival feel native to the organization rather than feeling like an automated message from a generic system. The email uses the tenant's configured branding — logo, colors, reply-to address, sender name — so the invitee sees a message that looks like it came from their employer rather than from an anonymous platform. For external invitees (customers, partners, contractors) this branding is what keeps the invitation from being dismissed as a phishing attempt; for internal invitees it reinforces the sense that the platform is part of the organization's toolset rather than an afterthought.
Audit trail integrates with the event log. Every invitation sent, every invitation accepted, every invitation revoked, every invitation that expired — all of it is recorded with the admin who initiated it, the invitee's email, and the timestamp. For compliance audits where "who granted access to whom" is a standing question, the invitation history is a fully-queryable part of the platform's activity log. There's no separate record-keeping burden on admins.
For the adjacent topics: the authentication article covers the password-based sign-in that most invitations lead to, the magic-link login article covers the password-less alternative that invitations can lead to instead, the roles and permissions article covers what role pre-assignment actually grants, and the email engine article covers the delivery of the invitations themselves. Invitations are the start of a user's relationship with the platform. We've made them simple to send, predictable to receive, and fully auditable afterward — the combination that lets organizations actually trust their onboarding.