Team
The Team section lets you manage users, send invitations, and configure roles for your organization.
User List
The team list shows all users in your organization:
- Name — User's full name
- Email — Login email address
- Role — Admin, User, or Viewer
- Devices — Number of enrolled devices
- Last active — Most recent login or activity
- Status — Active or Locked
User Roles
Recoger uses role-based access control with three roles:
| Role | Capabilities |
|---|---|
| Admin | Full access: manage users, view all devices, configure settings, generate reports, manage integrations, access API keys |
| User | View own devices, manage services they own, view organization reports, install agents on their devices |
| Viewer | Read-only access to dashboards and reports, cannot modify anything |
Inviting Users
To invite new team members:
- Click Invite User
- Enter their email address
- Select a role
- Click Send Invitation
The user receives an email with a link to create their account. Invitations expire after 7 days.
Pending Invitations
View and manage pending invitations in the Invitations tab. You can resend or revoke invitations as needed.
Changing User Roles
Admins can change user roles:
- Click on the user
- Select Change Role
- Choose the new role
- Confirm the change
Role changes take effect immediately. The user's current session continues with updated permissions.
Account Security
Multi-Factor Authentication
Users can enable MFA in their profile settings. Admins can require MFA for all users in Settings → Security.
When MFA is required:
- Existing users must set up MFA on next login
- New users set up MFA during onboarding
- Recovery codes are provided for backup access
Account Lockout
Accounts are automatically locked after multiple failed login attempts. The lockout policy is configurable:
| Setting | Default | Description |
|---|---|---|
| Lockout Threshold | 5 attempts | Failed attempts before lockout |
| Lockout Window | 15 minutes | Time window for counting failures |
| Lockout Mode | Admin unlock | Time-based auto-unlock or admin-only unlock |
Unlocking Accounts
Admins can manually unlock accounts from the user details page. Click Unlock Account to restore access.
Authentication Policies
Configure authentication requirements in Settings → Security:
- Password Only — Standard username/password authentication
- MFA Required — All users must enable MFA
- SSO Only — Only allow SSO login (password disabled)
Single Sign-On (SSO)
Enterprise plans support SSO integration with:
- Google Workspace
- Microsoft Entra ID (Azure AD)
- Okta
- Custom SAML/OIDC providers
Contact support@recoger.app to configure SSO for your organization.
Offboarding Users
When someone leaves the organization:
- Deactivate their account (preserves history)
- Reassign services they owned to another user
- Their devices remain in the system until deprecated
Deactivated users cannot log in but their historical data is preserved for audit purposes.
Audit Log
All user management actions are logged:
- Invitations sent and accepted
- Role changes
- Account locks and unlocks
- MFA enabled/disabled
- Account deactivation
View the audit log in Settings → Audit Log.