Manage tenant members
Tenant members are the operators of your tenant: the people who can administer Applications, write authz policy, approve OAuth clients, and review audit logs. End users (consumers of your published Applications) live elsewhere — see Manage end users.
Where to find it
Settings → Team in the admin UI (/settings/team).
What you can do
- List members with filters by status and type.
- Suspend a member — they keep their identity, but every token they hold against this tenant immediately fails introspection. Membership precheck runs before any role binding evaluation.
- Reactivate a previously suspended member.
- Remove a member entirely — drops the
tenant_membershipsrow. The underlying user identity is preserved (they may belong to other tenants).
Member fields
| Field | Description |
|---|---|
| Status | active, invited, suspended, left |
| Type | owner, admin, member, contractor, service_operator, readonly_auditor. Lifecycle metadata, not RBAC — see below. |
| Source | How the member was created: signup, invite, scim, oidc_jit, saml_jit, api, migration |
| External ID | For SCIM/SAML-synced members, the directory's stable ID |
| Invited by | The operator who created this membership (if applicable) |
| Joined at | Timestamp when status first became active |
Membership type is not a role
A member of type admin does not automatically receive administrative permissions. Permissions come from role_bindings. Membership type is metadata about the relationship — useful for filtering and reporting, but enforcement happens at the role-binding layer.
To grant a member admin permissions, bind them (or a group they're in) to the appropriate role under Authz → Assignments.
API reference
| Method | Path | Purpose |
|---|---|---|
GET | /uflow/v2/tenants/:tenant_id/memberships | List members (filterable by status/type) |
POST | /uflow/v2/tenants/:tenant_id/memberships | Create a membership (invite / link) |
GET | /uflow/v2/tenants/:tenant_id/memberships/:user_id | Get a single member |
PATCH | /uflow/v2/tenants/:tenant_id/memberships/:user_id | Update status / type / external_id |
DELETE | /uflow/v2/tenants/:tenant_id/memberships/:user_id | Remove a member |
Cannot-remove-last-owner
The UI guards against removing the last owner membership of a tenant. Use ownership transfer (Phase D) to move ownership before removing.