Team & roles Starter+¶

Add teammates to your CredWatch account with one of two roles. The Free tier is single-user; upgrade to Starter or higher to invite others.

Roles¶

Role	Findings	Suppression rules	Scans	GitHub config	Domains	Team	Billing
Admin	Read + write (resolve / FP / restrict)	Read + write	Trigger	Manage	Manage	Invite	Manage
Analyst	Read + suppress + resolve	Read	Read	Read	Read	Read	—

In short:

Admin does everything. The original signup user is always Admin and cannot be downgraded.
Analyst handles day-to-day triage but cannot change configuration that affects billing, security, or scope.

Invite a teammate¶

Go to Team → Invite member.
Enter their email and pick a role.
Click Send invitation.

They'll get an email with a link valid for 48 hours. Clicking it asks them to set a password — after which they're logged in and can use the account immediately.

If the invitation expires, just invite them again. The old link becomes unusable.

Plan limits¶

Plan	Team members
Free	1
Starter	10
Growth	50
Enterprise	Unlimited

Inviting beyond the limit returns an error with an upgrade prompt.

Change a member's role¶

Only admins can change roles.

Go to Team → Members.
Click the role dropdown next to the member.
Pick the new role — saves immediately.

You cannot downgrade the account owner (the original signup user). For ownership transfers, contact [email protected].

Remove a member¶

Team → Members.
Click Remove next to the member you want to revoke.
Confirm.

The member is signed out everywhere and can no longer log in. Their actions remain in the audit log for forensics.

Audit trail¶

Every team action — invitations sent, roles changed, members removed — is recorded in the account's audit log under Team → Audit log (admin-only view).

MFA and teams¶

Each member sets up their own MFA independently. Admins can enforce MFA org-wide so all teammates must enable it before accessing the dashboard.