Skip to main content
Team management controls who has access to your Regentra organization and what they can do. Each team member is assigned a role that determines their permissions.

Inviting team members

1

Navigate to team settings

Go to Settings → Team Members.
2

Click Invite Member

Enter the person’s email address and select a role.
3

Send invitation

The invitee receives an email with a link to create their account and join your organization.
Invitations expire after 7 days. If the link expires, you can resend the invitation from the team management page.

Roles

The Team UI displays user-friendly labels (left column below). The right column is the role identifier used by the API and audit logs.
Display labelRole IDPermissions
AdminADMINFull access to a single organization. Manages users, settings, integrations, and all modules.
Compliance AdminCOMPLIANCE_ADMINFull control over the compliance module. Adopts frameworks, manages controls, creates policies, generates reports.
ApproverCOMPLIANCE_OFFICERReviews and approves policies, controls, and assessments. Updates control status and uploads evidence.
Approver (Privacy)PRIVACY_OFFICERSame scope as Approver, signaling a privacy specialization for data-subject requests and privacy impact assessments.
Approver (Security)SECURITY_OFFICERSame scope as Approver, signaling a security specialization for technical controls and incident response.
AnalystEMPLOYEEDoes compliance work but cannot approve. Acknowledges policies, drafts evidence, runs assessments.
Read OnlyREAD_ONLYView-only access to all modules. Cannot create, edit, or delete any data. Useful for auditors and executives.
MSP AdminMSP_ADMINManages the MSP relationship layer — creates client tenants, assigns technicians, oversees cross-tenant operations.
MSP TechnicianMSP_TECHNICIANPSA-focused. Manages tickets, time tracking, assets, and the knowledge base.
A user can hold only one role at a time. To change someone’s role, go to Settings → Team Members, click on the user, and select a new role.

Compliance team designation

Mark specific team members as part of the compliance team to give them visibility in compliance workflows. Compliance team members appear as assignees for controls and risk assessments, and receive notifications for compliance-related events. This designation is separate from roles — a Technician can also be on the compliance team if they need to handle both responsibilities.

Seat limits and billing

Each active team member with PSA access counts against your plan’s bundled seat allotment. The billing page shows your current usage against that allotment, and the Monthly Total reflects the actual Stripe charge — which is your bundled seat limit × per-seat price, not your current user count. See Billing & Subscriptions for the full breakdown. When your active user count exceeds your bundled allotment, the Billing page shows an Over plan limit warning with an “After update” cost projection so you can budget the upgrade.
You can still invite new members when you are over your bundled seat limit — Regentra does not block invites at the user-management layer. The Billing page will show the overage and the projected cost so you can upgrade your plan to match.

Deactivating users

To remove a team member’s access:
  1. Go to Settings → Team Members
  2. Click on the user you want to deactivate
  3. Click Deactivate
Deactivated users immediately lose access. Their historical data (time entries, ticket replies, compliance actions) is preserved. Deactivating a user frees up one seat.
Deactivation is reversible. You can reactivate a user from the same page to restore their access without losing any data.

External auditor invitations

External auditors do not consume a team seat. Instead they get a token-scoped invitation that opens their own portal at /audit/{token} — no Regentra login, no access to your PSA module, no cross-tenant visibility.
1

Open the auditor invites page

Settings → Auditor Access → Invite Auditor.
2

Fill in the auditor's details

  • Name + email — for audit-log attribution and the invitation email
  • Firm name — surfaced on the auditor’s portal banner
  • Audit period (optional) — scope the token to the period; the audit-package download is automatically clamped to that window
  • Expiration — invitation tokens expire on a configurable date and can be revoked at any time
3

Send

The auditor receives an email with a one-time link. On first click, they set a password and gain access to the portal. Subsequent visits go through a login.
From the same page you can resend an invitation (regenerates the one-time link), revoke an active invitation (immediately invalidates the token), and see the complete invitation audit log — who invited whom, when, and every status transition. The auditor portal exposes Audit Requests, the controls and policies in scope for the audit period, the audit- package ZIP download, and per-section CSV exports. The auditor cannot write to your data — they can only approve or flag requests inside their portal, leaving all state-changing actions on the customer side of the relationship.