Team and User Management

Collaborate securely with your team by managing user access, assigning appropriate roles, and controlling permissions in the Omise Dashboard.

Overview

Team Management Features:

• Invite unlimited team members
• Role-based access control
• Granular permissions
• Activity tracking
• Two-factor authentication
• Session management
• Audit logs

Accessing Team Management

Dashboard → Settings → Team

Team Overview Shows:

• All team members
• Assigned roles
• Last activity
• Status (active/inactive)
• Pending invitations
• Quick actions

Screenshot description: Team management page showing list of team members with their roles, last login time, status badges, and action buttons for each user.

User Roles

Available Roles

Owner:

Access: Full control
Default: Account creator

Permissions:
✓ All payment operations
✓ All settings access
✓ Team management
✓ API key access
✓ Billing management
✓ Account deletion
✓ Security settings

Cannot be Changed:
- Only one owner per account
- Cannot be removed
- Cannot transfer via dashboard

Admin:

Access: Nearly full control
Best For: Senior team members, managers

Permissions:
✓ All payment operations
✓ Most settings
✓ Invite/remove team members
✓ View API keys (cannot regenerate)
✓ Refund processing
✓ Report generation
✓ Customer management

Restrictions:
✗ Cannot change account ownership
✗ Cannot regenerate API keys
✗ Cannot delete account
✗ Cannot access billing details

Developer:

Access: Technical operations
Best For: Engineering team

Permissions:
✓ View API keys
✓ Manage webhooks
✓ View transactions
✓ Test mode access
✓ Integration settings
✓ Technical documentation
✓ Sandbox management

Restrictions:
✗ Cannot process refunds (live mode)
✗ Cannot manage team
✗ Cannot change payment settings
✗ Limited financial access

Support:

Access: Customer service operations
Best For: Customer support team

Permissions:
✓ View transactions
✓ Search customers
✓ View customer details
✓ Send receipts
✓ View refunds
✓ Add transaction notes
✓ Export data (limited)

Restrictions:
✗ Cannot process refunds
✗ Cannot change settings
✗ Cannot access API keys
✗ Cannot manage team
✗ No financial reports

Accountant:

Access: Financial data
Best For: Finance team

Permissions:
✓ View all transactions
✓ Generate reports
✓ Export financial data
✓ View settlements
✓ Fee reports
✓ Tax reports
✓ Revenue analytics

Restrictions:
✗ Cannot process payments
✗ Cannot issue refunds
✗ Cannot change settings
✗ Cannot access API keys
✗ Cannot manage team

Viewer:

Access: Read-only
Best For: Stakeholders, auditors

Permissions:
✓ View dashboard
✓ View transactions
✓ View reports (limited)
✓ View analytics
✓ View customers

Restrictions:
✗ Cannot make changes
✗ Cannot process refunds
✗ Cannot export data
✗ Cannot access settings
✗ Cannot view API keys

Role Comparison

Permission	Owner	Admin	Developer	Support	Accountant	Viewer
View Transactions	✓	✓	✓	✓	✓	✓
Process Refunds	✓	✓	✗	✗	✗	✗
Manage Team	✓	✓	✗	✗	✗	✗
View API Keys	✓	View only	✓	✗	✗	✗
Generate Keys	✓	✗	✗	✗	✗	✗
Manage Webhooks	✓	✓	✓	✗	✗	✗
Financial Reports	✓	✓	✗	✗	✓	Limited
Change Settings	✓	Most	✗	✗	✗	✗
Billing Access	✓	✗	✗	✗	✗	✗

Inviting Team Members

Sending Invitations

Step 1: Navigate to Team

Dashboard → Settings → Team → Invite Member

Step 2: Enter Details

Email Address: teammate@company.com
First Name: Jane
Last Name: Smith
Role: Select from dropdown
Personal Message: Optional welcome message

Step 3: Send Invitation

Click "Send Invitation"
Email sent to teammate@company.com
Invitation expires in: 7 days

Screenshot description: Team invitation dialog showing email input, name fields, role selector dropdown, optional message textarea, and send button.

Invitation Email

Email Contents:

From: Omise Notifications
To: teammate@company.com
Subject: You've been invited to join [Your Business] on Omise

Body:
Hi Jane,

[Your Name] has invited you to join [Your Business]'s
Omise Dashboard as an Admin.

[Accept Invitation Button]

This invitation expires in 7 days.

Questions? Contact support@omise.co

Accepting Invitations

New User Process:

1. Click "Accept Invitation" in email
2. Redirected to Omise
3. Create account:
   - Email (pre-filled)
   - Password (create)
   - Verify email
4. Set up 2FA (recommended)
5. Access dashboard

Existing User Process:

1. Click "Accept Invitation"
2. Log in to existing account
3. Invitation automatically accepted
4. New team appears in account switcher
5. Access new team's dashboard

Managing Team Members

Viewing Team Members

Team List:

Dashboard → Settings → Team

Table Shows:
- Name
- Email
- Role
- Status
- Last Login
- Date Added
- Actions

Member Details:

Click on team member to view:
- Full name
- Email address
- Current role
- Join date
- Last activity
- Login history
- Permissions list
- Activity log

Screenshot description: Team member details panel showing user information, role badge, activity timeline, and buttons for role change and removal.

Changing User Roles

Update Role:

1. Click on team member
2. Click "Change Role"
3. Select new role from dropdown
4. Confirm change
5. User notified via email
6. Takes effect immediately

Role Change Confirmation:

Change Role for Jane Smith?

Current Role: Support
New Role: Admin

New Permissions:
✓ Will gain: Refund processing, team management
✓ Will keep: Transaction viewing, customer access
✗ Will lose: None

[Confirm Change] [Cancel]

Notification Email:

Subject: Your role has been updated

Hi Jane,

Your role on [Your Business]'s Omise Dashboard
has been updated from Support to Admin.

You now have access to additional features:
- Process refunds
- Manage team members
- Access more settings

Log in to explore: dashboard.omise.co

Removing Team Members

Remove User:

1. Click on team member
2. Click "Remove from Team"
3. Confirm removal
4. User immediately loses access
5. User notified via email

Removal Confirmation:

Remove Jane Smith from team?

Current Role: Admin
Access: Will be revoked immediately

This action:
✓ Removes dashboard access
✓ Invalidates active sessions
✓ Sends notification email
✗ Cannot be undone

Reason (optional): [Text field]

[Confirm Removal] [Cancel]

What Happens:

Immediately:
✓ Access revoked
✓ Sessions terminated
✓ Removed from team list
✓ Audit log entry created

User Impact:
✓ Cannot access dashboard
✓ Cannot perform operations
✓ Email notification sent
✓ Can be re-invited later

Permissions Management

Custom Permissions (Enterprise)

Available on Enterprise Plans:

Create custom roles with granular permissions

Permission Categories:
- Payment operations
- Customer management
- Financial data
- Settings access
- Team management
- API access
- Reporting
- Webhook management

Custom Role Example:

Role Name: Sales Manager

Permissions:
Payment Operations:
✓ View transactions
✓ Search payments
✗ Process refunds
✗ Void charges

Customer Management:
✓ View customers
✓ Search customers
✓ Export customer data
✗ Delete customers

Reporting:
✓ View reports
✓ Generate reports
✓ Schedule reports
✓ Export reports

Settings:
✗ Change settings
✗ Manage team
✗ Access API keys

Permission Scopes

Test Mode Access:

Control who can access test mode:
✓ Developers: Full test access
✓ Support: View only test data
✗ Accountant: No test access (production only)

API Key Access:

Control API key visibility:
✓ Owner: View and generate all keys
✓ Admin: View keys (cannot regenerate)
✓ Developer: View keys (cannot regenerate)
✗ Others: No access

Financial Data:

Control financial information:
✓ Owner, Admin, Accountant: Full access
✓ Developer: Limited access
✓ Support: Transaction amounts only
✗ Viewer: Summary only

Security Features

Two-Factor Authentication

Enable 2FA (Recommended):

For All Users:
Dashboard → Account Settings → Security → 2FA

Setup:
1. Click "Enable 2FA"
2. Scan QR code with authenticator app
3. Enter verification code
4. Save backup codes
5. 2FA active

Required At:
- Every login
- Sensitive operations
- Role changes
- Team management

Enforce 2FA (Owner/Admin):

Dashboard → Settings → Team → Security

Enforcement Options:
□ Require 2FA for all team members
□ Require 2FA for admins only
□ Require 2FA for API key access
□ Grace period: 7 days

Impact:
Users without 2FA:
- Receive notification
- Must enable within grace period
- Access restricted after deadline

Screenshot description: Two-factor authentication setup screen showing QR code, manual entry key, verification code input, and backup codes display.

Session Management

Active Sessions:

Dashboard → Account Settings → Security → Sessions

View:
- Current devices
- Browser information
- IP addresses
- Location (approximate)
- Last activity
- Session age

Actions:
- Revoke individual session
- Revoke all other sessions
- Set session timeout

Session Timeout:

Auto-Logout Settings:
- 15 minutes of inactivity
- 30 minutes (default)
- 1 hour
- 4 hours
- Never (not recommended)

Security Note:
Shorter timeouts = more secure
Balance security with usability

IP Whitelist (Enterprise)

Restrict Access by IP:

Dashboard → Settings → Security → IP Whitelist

Configuration:
1. Enable IP whitelist
2. Add allowed IP addresses/ranges
3. Set enforcement level:
   - All users
   - Admins and owners only
   - API access only

Example:
203.123.45.0/24 (Office network)
198.51.100.50 (VPN)

Effect:
Login attempts from other IPs blocked

Single Sign-On (Enterprise)

SSO Integration:

Available Providers:
- Google Workspace
- Microsoft Azure AD
- Okta
- SAML 2.0

Benefits:
✓ Centralized authentication
✓ Simplified user management
✓ Enhanced security
✓ Compliance support

Activity Monitoring

Audit Logs

View Activity:

Dashboard → Settings → Team → Activity Log

Tracked Events:
- User logins/logouts
- Permission changes
- Settings modifications
- Refund processing
- API key operations
- Team member changes
- Failed login attempts
- Security events

Log Entry Example:

Timestamp: 2026-02-06 14:32:15 ICT
User: jane.smith@company.com
Role: Admin
Action: Processed refund
Details: Refund of THB 1,500 for charge chrg_live_xxx
IP Address: 203.123.45.67
Device: Chrome on Windows
Result: Success

Screenshot description: Activity log page showing filterable table of events with timestamps, user, action, and details columns, with expandable rows for more information.

Filtering Activity

Filter Options:

By User: Select team member
By Action Type:
  - Login/Logout
  - Payment operations
  - Settings changes
  - Team management
  - API operations

By Date Range: Custom range
By Result: Success/Failed
By IP Address: Specific IPs

Export Activity Logs

Download Logs:

1. Apply desired filters
2. Click "Export"
3. Select format (CSV/Excel)
4. Choose date range
5. Download file

Use For:
- Security audits
- Compliance reporting
- Incident investigation
- Performance review

Best Practices

Team Setup

✓ Assign minimal necessary permissions
✓ Use descriptive names/emails
✓ Document role assignments
✓ Review permissions regularly
✓ Remove inactive users promptly
✓ Use role-based access
✓ Enable 2FA for all users

Security

✓ Enforce two-factor authentication
✓ Use strong passwords
✓ Monitor login activity
✓ Review audit logs regularly
✓ Revoke access promptly
✓ Use session timeouts
✓ Limit admin access
✓ Regular access reviews

Communication

✓ Welcome new team members
✓ Explain role permissions
✓ Provide training
✓ Document procedures
✓ Communicate changes
✓ Maintain contact info
✓ Set expectations

Compliance

✓ Maintain audit trail
✓ Document access policies
✓ Regular access reviews
✓ Separation of duties
✓ Principle of least privilege
✓ Compliance training
✓ Incident response plan

Troubleshooting

Common Issues

User cannot access dashboard:

Check:
1. Invitation accepted?
2. Email verified?
3. Correct login credentials?
4. 2FA set up correctly?
5. Account not suspended?
6. Using correct account?
7. Browser cache cleared?

Solution:
- Resend invitation
- Reset password
- Verify email
- Check spam folder
- Contact support

User has incorrect permissions:

Check:
1. Assigned correct role?
2. Recent role changes?
3. Custom permissions configured?
4. Account restrictions?

Solution:
- Update role assignment
- Check permission settings
- Review audit log
- Contact owner/admin

Cannot remove team member:

Possible Reasons:
- You're not owner/admin
- Trying to remove owner
- User has active operations
- Account suspension

Solution:
- Have owner remove user
- Wait for operations to complete
- Contact support if stuck

Frequently Asked Questions

Q: How many team members can I add?
A: Unlimited. All plans support unlimited team members with role-based access.

Q: Can one person have different roles on different teams?
A: Yes, if invited to multiple Omise accounts, roles are independent per account.

Q: Can I have multiple owners?
A: No, only one owner per account. Owner can be transferred with support assistance.

Q: Do team members need separate Omise accounts?
A: Yes, each team member has their own login credentials.

Q: Can I temporarily suspend a user?
A: Remove user to revoke access. Re-invite when needed. (Enterprise: suspension feature available)

Q: Are team members charged separately?
A: No, team members are free. No per-user fees.

Q: Can team members access API keys?
A: Depends on role. Owner, Admin, and Developer can view keys. Only Owner can regenerate.

Q: How do I transfer account ownership?
A: Contact support@omise.co with details. Identity verification required.

Q: Can I restrict access to specific features?
A: Yes, through role assignment. Enterprise plan offers granular custom permissions.

Q: What happens to data when user is removed?
A: Their actions remain in audit logs. Data stays intact. Only access is revoked.

Q: Can removed users be re-invited?
A: Yes, send new invitation anytime. Previous access history is maintained.

Q: Is activity logged?
A: Yes, comprehensive audit logs track all user actions.

Next Steps

• Dashboard Overview - Dashboard basics
• Managing Payments - Payment operations
• Security Best Practices - Enhance security
• Support Center - Get help

Additional Resources

• Account Security Guide
• Compliance Documentation
• API Authentication
• Support Center

---

Need help? Contact support@omise.co or use in-dashboard chat.