Invitations
Guardian Pro uses a secure invitation system to add new users to your organisation. Invitations are sent via email and contain a time-limited, encrypted token that allows the recipient to create their account and begin using the platform.
Accessing Invitations
You can send invitations from two places:
- Settings > Users -- Click the Invite User button.
- Settings > Invitations -- View all pending, accepted, and expired invitations, and send new ones.
You need the users:invite permission to send invitations. By default, only Admin users have this permission.
Sending an Invitation
To invite a new user:
- Navigate to Settings > Users or Settings > Invitations.
- Click Invite User.
- Enter the recipient's email address.
- Select the role to assign: Admin, Standard, or Read-Only.
- Optionally, add a personal message that will be included in the invitation email.
- Click Send Invitation.
The recipient will receive an email from Guardian Pro containing:
- A welcome message explaining what Guardian Pro is.
- The name of your organisation.
- The role they have been assigned.
- Any personal message you included.
- A secure link to accept the invitation and create their account.
You can invite multiple users simultaneously by entering multiple email addresses separated by commas. All recipients will receive the same role assignment. You can change individual roles after they accept.
Invitation Lifecycle
Each invitation progresses through a defined lifecycle:
| Status | Description |
|---|---|
| Pending | The invitation has been sent but not yet accepted by the recipient |
| Accepted | The recipient has clicked the link and created their account |
| Expired | The invitation was not accepted within the 7-day validity window |
| Revoked | An Admin cancelled the invitation before it was accepted |
Invitation Expiry
Invitations are valid for 7 days from the time they are sent. After 7 days, the invitation link expires and the recipient will see a message explaining that the invitation is no longer valid.
If an invitation expires, you can resend it. Resending generates a new encrypted token with a fresh 7-day validity window.
Expired invitation tokens cannot be reactivated. You must resend the invitation to generate a new token. This is a security measure to ensure that old links cannot be used to gain access.
Accepting an Invitation
When a recipient clicks the invitation link, they are taken to the Guardian Pro registration page where they:
- Confirm their email address (pre-filled from the invitation).
- Set their name.
- Create a password that meets the platform's security requirements.
- Complete account creation.
After account creation, the user is signed in and lands on the Guardian Pro dashboard with the permissions associated with their assigned role.
Managing Pending Invitations
The Invitations page shows all invitations with their current status. From this page, you can:
Resend an Invitation
If a recipient has not received the email or the invitation is about to expire, click Resend next to the pending invitation. This sends a new email with a fresh token and resets the 7-day expiry window.
Revoke an Invitation
To cancel a pending invitation before it is accepted:
- Find the invitation in the list.
- Click Revoke.
- Confirm the action.
Once revoked, the invitation link immediately becomes invalid. The recipient will see an error message if they attempt to use a revoked link.
Revoking an invitation is immediate. If the recipient clicks the link after revocation, they will not be able to create an account. You can send a new invitation if needed.
Invitation History
The Invitations page maintains a history of all invitations, including accepted, expired, and revoked entries. This history is useful for auditing purposes, showing:
- Who was invited and when.
- Which Admin sent the invitation.
- When the invitation was accepted, expired, or revoked.
- The role that was assigned.
Invitation Limits
The number of active (pending) invitations counts toward your organisation's user limit. For example, if you are on the Starter tier with a 5-user limit and already have 3 active users and 2 pending invitations, you cannot send additional invitations until a slot becomes available.
| Tier | Total User Slots (Active + Pending) |
|---|---|
| Starter | 5 |
| Business | 25 |
| Enterprise | Unlimited |
See Subscription for details on tier limits.
Security
The invitation system incorporates several security measures:
- Encrypted tokens -- Each invitation link contains an encrypted, single-use token that cannot be forged or reused.
- Time-limited validity -- Tokens expire after 7 days, reducing the window for potential misuse.
- Single-use acceptance -- Once an invitation is accepted, the token is invalidated and cannot be used again.
- Revocation -- Admins can revoke invitations at any time, immediately invalidating the associated token.
Invitation tokens are cryptographically signed and verified on acceptance. They cannot be modified, extended, or reused. This ensures that only the intended recipient can use the invitation link.
Troubleshooting
Recipient did not receive the email
- Check the recipient's spam or junk folder.
- Verify the email address is correct.
- Resend the invitation from the Invitations page.
- If the issue persists, contact Support.
Invitation link shows an error
- The invitation may have expired (older than 7 days). Resend it.
- The invitation may have been revoked by an Admin.
- The link may have been modified or truncated. Ask the recipient to use the full link from the email.
User limit reached
- Remove inactive users or revoke unused invitations to free up slots.
- Upgrade your subscription tier for a higher user limit.
Next Steps
- Users -- Manage existing users in your organisation.
- Roles and Permissions -- Understand what each role allows.
- Subscription -- Check your user limits and upgrade options.