# Manage Users ## Invite Users {% hint style="info" %} Ensure the user is part of the Slack workspace before they're invited to ClearFeed {% endhint %} 1. Head over to the [Users section](https://web.clearfeed.app/settings/users) on the ClearFeed WebApp 2. Click on **Invite Users** and enter the Email ID of the user 3. Choose the relevant **Role** (Admin, Manager, or User Role) 4. If you select **User** role, pick the Collections this teammate should have access to. By default, the **All current and future Collections** option is selected. 5. You can invite multiple users at once by clicking **Add Invite** The Collection access set is applied when the invitee accepts and joins the account. ## Whitelisted Domains & User Joining Every ClearFeed account is associated with one or more email domains. Domains control who can discover, sign up for, and be invited to your ClearFeed account. ### Understanding Domains in ClearFeed Your company's email domain (the part after the `@` in an email address, like `acme.com`) is the primary identifier for your ClearFeed account. When you sign up for ClearFeed, your email domain becomes your account's primary domain. For example, if you signed up with `jane@acme.com`, then `acme.com` is your account's primary domain. ### Who Can Join Your Account By default, ClearFeed accounts operate in a **closed invite-only mode** for security and control: | User Type | Can they join? | | -------------------------------------- | -------------------------------------------------- | | **Users from your domain** | Only if invited by Admin | | **Users from other domains** | Only if domain is whitelisted and invited by Admin | | **Users from non-whitelisted domains** | Not allowed | ### Whitelist Domains Admins can whitelist additional domains to allow users from those domains to be invited to the account.

Whitelist domains in the Users section of the ClearFeed WebApp

This is useful for: * Contractors, vendors, or partners with their own company domains * Subsidiaries or related organizations with different domains * Team members with personal email addresses during testing When you whitelist a domain: * Users with email addresses from that domain can be invited to the account * You can optionally enable Joining Allowed for whitelisted domains (see below) {% hint style="info" %} **Your primary domain is auto-whitelisted:** The domain you used to sign up for ClearFeed is whitelisted automatically. Users from this domain can sign in to your workspace by default. {% endhint %} ### Joining Allowed for Whitelisted Domains By default, **Joining Allowed** is **disabled**. Admins must explicitly invite each user. When you enable **Joining Allowed** for a whitelisted domain: * Any user with an email from that domain who signs up to the ClearFeed WebApp is automatically added to your account * Users who join automatically receive **Manager Role** privileges * This is convenient for rapidly onboarding teams but reduces admin control and can expose data to a wider set of users than intended

Enable or disable Joining Allowed for each whitelisted domain

{% hint style="warning" %} **Important:** We strongly recommend keeping **Joining Allowed** disabled except for very small teams. Users who join automatically get Manager access and can configure most aspects of your ClearFeed account. {% endhint %} ### Admin Controls Admins have full control over domain-based access: * **View and edit whitelisted domains** from the Users section in the ClearFeed WebApp * **Enable or disable Joining Allowed** for each whitelisted domain * **Remove domains** from the whitelist to prevent future signups and invitations from that domain * **Remove users** who have already joined, regardless of their domain ### Domain Aliases If your company uses multiple email domains that should be treated as equivalent (for example, `acme.com` and `acmecorp.com`), contact ClearFeed Support to set up **domain aliases**. With aliases, a user registered in Slack with one domain can be added to ClearFeed with the other domain. {% hint style="info" %} **Your primary domain is auto-whitelisted:** The domain you used to sign up for ClearFeed is whitelisted automatically. Users from this domain can sign in to your workspace by default. {% endhint %} ## Add or Remove Users {% hint style="info" %} Only Admins can remove existing users, change their roles, or update their Collection access. {% endhint %} From the [Users page](https://web.clearfeed.app/settings/users), an admin can: * Remove existing users * Change a user's role between Admin, Manager, and User role * Update which Collections a user in User Role has access to * See which users are invited * Modify `Agent` access for a user ## Roles in ClearFeed Users in ClearFeed can have one of three roles: **Admin**, **Manager**, and **User** role. Each role is progressively more restrictive in configuration capability. The **User** role additionally supports restricted Collection visibility, while Admins and Managers always see every Collection.
RoleConfigurationCollection access
Admin RoleEverything, including account governance (managing user roles, billing, integrations, and authentication)All Collections in the account
Manager RoleEverything except account governanceAll Collections in the account
User RoleNone; cannot configure anything in the productOnly the Collections an admin has explicitly granted them
{% hint style="info" %} Users of any role, who are not designated as Agents, cannot post public replies to tickets in the Triage channel or ClearFeed WebApp and cannot be ticket assignees. They can view tickets and post private comments on tickets they have visibility to. {% endhint %} ### 1. Admin Role Admins have full access to the product. In addition to everything a Manager can do, only Admins can: * Manage user roles and invite new users * Manage billing and plans * Configure integrations * Configure authentication (SSO, SAML, login methods) * Access audit logs * Create and manage [Child accounts](/clearfeed-help-center/account-setup/child-accounts.md) ### 2. Manager Role Managers can configure everything in the product except the account-governance items listed under [Admin](#admin). This covers all Collection setup, Automations, Workflows, AI features, Forms and Fields, Schedules, SLAs, Announcements, Quick Replies, and every other product setting outside account governance. Managers see every Collection in the account. ### 3. User Role The **User** role is designed for teammates who should work on a subset of the tickets and will not be configuring the product. A User has access only to the Collections an admin grants them, and within those Collections they can view tickets, post private comments, edit fields in a ticket or resolve them. If they are also designated as Agents, then can post public replies and be assigned to tickets. They can also file new tickets into any Collection they have access to, save personal views, and use `/cf-query` and `/cf-start-thread` in Slack triage channels they are members of. Users role members cannot configure anything in the product, cannot create personal access tokens, and cannot download CSVs or configure scheduled reports. In the side navigation, Collections they don't have access to are shown in a disabled state with a tooltip; their channels, customers, counts, and badges are hidden. {% hint style="info" %} **The User role is evolving.** Today the User role focuses on ticket work and intentionally hides all configuration surfaces in the product. We are actively expanding what a User can see within their granted Collections (for example, read-only views of Collection settings, connected forms, and related configuration). If you have a specific surface you'd like opened up to Users, let us know. {% endhint %} ### 4. Agents Relevant for the Internal & External Helpdesk Product Edition. The Agent designation is independent of the Admin / Manager / User role. Any user with any role can be designated as an Agent - which enables them to post public replies from the triage channel or the ClearFeed WebApp and to be assignees on tickets and requests. * To add team members as Agents, go to [Manage Users](https://web.clearfeed.app/settings/users), click **Invite Users**, and enable the **Agent** checkbox. * Under Collection Settings → Responder settings, you can add these agents as responders. {% hint style="danger" %} Non-Agents cannot post public replies to tickets in the triage channel or the ClearFeed WebApp, they cannot be ticket assignees, but may view tickets, post private comments and edit ticket fields. {% endhint %} ## Collection Access Control for User Role The **User** role is the only role with bounded Collection access. Admins and Managers always see every Collection. When you invite or edit a User, you choose one of the following access shapes from the Collection picker: * **All current and future Collections.** The User has access to every Collection in the account, including any Collection created later. * **All current Collections.** A shortcut that snapshots every Collection that exists at the moment of saving. New Collections created later are **not** auto-included. Switch the User to "All current and future Collections" if you want that behavior. * **Selected Collections.** Pick an explicit list of Collections. ### Setting Collection access 1. Go to the [Users page](https://web.clearfeed.app/settings/users). 2. Find the row of the User you want to update. 3. Set their role to **User** role (if it isn't already), then open the Collection-access picker next to the role dropdown. 4. Pick the access shape and save. The same picker appears in the **Invite Users** form when you invite someone as a User. ### Who has access to a Collection Each Collection's settings page has a read-only **Users with access** section that shows: * All Admins and Managers * Users with all-Collection access * Users who have been explicitly granted access to that Collection This is the easiest way to audit who can see a specific Collection. ### Collection owners A Collection's owner must always have access to it. ClearFeed enforces this when you edit roles or access: * **Demoting a Manager or Admin to User Role** is blocked if the new access set would not include Collections they own. Transfer ownership of those Collections first. * **Removing a Collection from a User Role's access set** is blocked if the user owns that Collection. In the picker, owned Collections stay selected and disabled. * **Transferring ownership** does not automatically update Collection grants. After transferring, update the previous owner's access set if you want to narrow it. ### What User Role members see in saved views and search Saved views (personal or shared) can reference Collections a member in User role does not have access to. This can happen if the view was created by a Manager, or if the user had access at view-creation time but lost it later. In these cases: * The filter options for inaccessible Collections appear in a disabled state. * A warning icon appears next to the saved-view title with the message: "Some requests in this view are hidden because you don't have access to all the Collections in this view." * The view's data only includes requests from Collections the User has access to. * If access is later restored, the warning disappears and the missing data appears on the next load. Search results (including CF-ID lookups and full-text search) only surface results from Collections the user has access to. ### Effect of role changes * **Manager or Admin demoted to User Role**: The Admin making the change specifies the user's Collection access at the moment of demotion. Configuration entities the demoted user created (automations, workflows, scheduled reports, shared views, and the Events API owner) are transferred to the demoting admin so they continue to run. Personal access tokens belonging to the demoted user are deleted, and the weekly digest is turned off for them. * **User Role promoted to Manager or Admin**: The user immediately gains access to every Collection in the account and can configure the product. Existing entities are unchanged. * **Switching between Admin and Manager Roles**: Only governance authority changes (managing user roles, billing, integrations, and authentication). Collection visibility and configuration capability are unaffected. ## **FAQs** 1. **Can I restrict a Manager to specific Collections?**\ **Answer:** No. Managers always see every Collection. To bound someone's access to specific Collections, change their role to **User** and pick the Collections in the access picker. 2. **What's the difference between "All current Collections" and "All current and future Collections"?**\ **Answer:** "All current and future Collections" auto-includes any Collection created later. "All current Collections" snapshots the list at save time. New Collections created afterwards are not included unless you re-update the access set. 3. **Can a User create a ticket in a Collection they don't have access to?**\ **Answer:** From the ClearFeed WebApp, the file-ticket destination picker only lists Collections the User has access to. This is because the WebApp lets you file tickets on behalf of other users, so Users are restricted to Collections they already have visibility into. From Slack, the file-ticket form selector shows all Collections, since anyone in a Slack channel can raise a request from there. Collection access only gates viewing existing data, not filing a new request. 4. **Can a member in User Role be the owner of a Collection?**\ **Answer:** Yes, but only if that Collection is in their access set. The system blocks any role or access change that would leave an owner without access to their own Collection. Transfer ownership first if you need to narrow their access. 5. **Do Users get the weekly digest?**\ **Answer:** No. The weekly digest is available only to Admins and Managers. 6. **I am getting an error adding users because they are not part of our Slack workspace, but the users are registered from a different domain in the Slack workspace. What do I do?**\ **Answer:** If your company uses multiple domains and users should be treated identically across them, then ClearFeed can add an alias domain in your account. If `myco.com` and `alsomyco.com` are declared as aliases, then `joe@myco.com` can be added to ClearFeed as long as either `joe@myco.com` or `joe@alsomyco.com` are registered in Slack. Please contact ClearFeed Support to get a domain alias added to your account. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.clearfeed.ai/clearfeed-help-center/account-setup/manage-users.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.