9. Users

Admin only

Per-tenant user management. Users are pre-created here (no self-signup in the MVP).

Adding a user

  1. Click "+ Add user".
  2. Fill in name + email.
  3. Pick a role (see chapter 2).
  4. Optionally restrict the user to specific organisational units (e.g. "Only the Ethiopia office").
  5. Save. The user receives an invite via magic-link email.

Inviting / re-inviting

Use the "Send invite" button on each row to send a fresh magic-link. Tokens expire after 30 minutes.

Suspending

Toggle "Active". Suspended users keep their data but cannot log in. Use this instead of deleting — it preserves audit trail (notes, edits) attribution.

Multi-Factor Authentication (MFA) is the planned next step on top of the current magic-link flow. The token sent to a user's email is already one factor; adding a TOTP (authenticator-app) or passkey step covers the second factor and brings togrant.com to enterprise sign-in expectations. On the Phase 2 roadmap as a togrant.com-native addition rather than depending on a third-party SSO.
Related