Skip to main content
A Forepost workspace can hold more than one person. Owners invite teammates, assign a role, and (for Members) scope what they see down to a single department.

Roles

RoleReadsWritesCan inviteCan remove
OwnerEverythingEverythingYesAnyone except themselves
AdminEverythingEverythingYesMembers only (not other admins, not the owner)
MemberTheir department + their own agent rowNothingNoNo
Every workspace has exactly one Owner: the original creator. Admins are full collaborators. Members are read-only and scoped.

Inviting someone

In Settings → Team → Teammates, choose a method:
  • By email. Enter their address, pick a role, and send. They receive a Forepost invitation email with a link that expires in 7 days. The invite can only be redeemed by signing in with the same email address (Clerk verifies it).
  • Shareable link. Generate a tokenised link, paste it into Slack or your onboarding doc. Anyone who follows it and signs in joins with the role baked into the link. Stays open until you revoke it or it expires.
For a Member invitation, you can also pick:
  • Department. A free-text label (e.g. Tier 1, Billing). Pulls suggestions from the departments you’ve already typed on agent rows.
  • Their agent row. Optional. Links the invitee to a specific agent in your team list so they can see their own metrics even if their department is different.

What a Member actually sees

Members see the workspace dashboard, briefs, and Horizon, but the Team tab is filtered:
  • Agent rows whose department matches theirs (case-insensitive).
  • Plus the agent row they’re linked to on invite, if any.
Top-line workspace metrics (CSAT, volume, first response, deflection, capacity) are not filtered. Members can see how the whole team is doing in aggregate but not who individually is carrying what outside their department. Saving any change as a Member returns “Read-only role.” If they need to edit, an Owner or Admin has to make the change for them, or promote them to Admin.

Setting up departments

Each agent row in Settings → Team → Update team has a Department field. Keep the labels consistent; that’s how Member scoping resolves. Two ways to organise:
  • By tier. Tier 1, Tier 2, Escalations.
  • By function. Billing, Onboarding, Technical.
Pick one shape and stick to it. The matcher is case-insensitive but exact otherwise: Tier 1 and Tier-1 are different departments.

Managing the roster

In Settings → Team → Teammates:
  • Change a role. Owners only. Use the dropdown next to a teammate to flip them between Admin and Member.
  • Remove a teammate. Owners and Admins. Click the × on their row. Their access is revoked immediately and the next request they make returns 404.
  • Revoke a pending invite. Marks the token as revoked; the accept page will refuse it. Email invites that haven’t been opened are also covered.

Email invitations and Clerk verification

Email invites are tied to the address they were sent to. If the recipient signs in with a different verified email on the same Clerk account, the accept call returns 403 with “Sign in with the invited email address to accept.” This stops a forwarded invite from being redeemed by the wrong person. Shareable links don’t have this guard, by design. Anyone with the link can join.

What invited members do not get (yet)

  • Their own Daily Brief subscription. Briefs and the Weekly Watch digest go to the workspace owner’s address only. Members don’t have an inbox toggle.
  • Cross-workspace membership. A Clerk user can belong to one workspace at a time. Trying to accept an invitation while you’re already a member of a different workspace returns “You are already a member of another workspace.”
Both are on the list. Nudge us at kian@forepost.ai if either one blocks you.