Skip to main content
Use Settings > Users to control who can access your Roomote deployment. Users are deployment-level. Roomote does not make each deployment manage separate organizations or workspaces inside the app. Instead, admins choose who can sign in, invite new people, assign roles, remove access, and create password reset links for email/password accounts.

Roles

Roomote has two user roles:
RoleWhat it can do
AdminConfigure the deployment, manage users, connect providers, edit environments, configure automations, and use Roomote.
MemberUse Roomote without changing deployment-wide settings. Members can launch and review tasks, manage their own profile, and link their own accounts.
The first user in a deployment becomes the founding admin. After that, admins can invite people as either Admin or Member, and can change another user’s role from the user list. Roomote protects the deployment from losing all admins:
  • you cannot change your own role
  • you cannot demote the last active admin
  • you cannot remove yourself
  • you cannot remove the last active admin
If you need to step down as admin, promote another user first.

Who can sign in

Roomote supports several sign-in paths. Which ones appear depends on how the deployment is configured.
MechanismWho it is forNotes
Invite linksNew users who should join the deployment directlyAdmins create invite links from Settings > Users.
Email and passwordUsers who join through an invite and want a local credentialExisting email/password users can keep signing in with that credential.
SlackDeployments that use a Slack workspace as their identity boundarySlack can admit users from the connected workspace when Slack sign-in is configured.
MicrosoftDeployments that use Microsoft Teams or Microsoft Entra accountsMicrosoft sign-in can admit users from the configured Microsoft tenant.
An invite link can be used with email/password or with any configured sign-in provider. This is useful when you want to invite someone who is outside your Slack workspace or Microsoft tenant, or when you want to grant a specific role at join time. Operators can also configure an email allowlist for a self-hosted deployment. When that allowlist is active, a user still needs to pass the normal sign-in rules and have an allowed email address.

Create invites

Admins create invites from Settings > Users. Each invite has:
  • a label, such as the person or team it is for
  • a role, either Admin or Member
  • a maximum number of uses
  • a 14-day expiration
When an invite is created, Roomote copies the link to your clipboard when the browser allows it. The full invite URL is only shown at creation time, so copy it before leaving the page. You can revoke an invite before it is used. Revoking an invite does not affect people who already joined with it.

Manage existing users

The user list shows active users, their email address, join date, and current role. Admins can:
  • promote a member to admin
  • demote an admin to member, as long as another admin remains
  • remove a user from the deployment
  • create a password reset link for users with an email/password credential
Removing a user signs them out immediately and removes their linked auth accounts. Their task history stays in Roomote so old work still has useful attribution. A removed person can join again later through a new invite or through an allowed organization sign-in path.

Password reset flow

Roomote uses admin-created password reset links for email/password accounts. There is no public self-serve “forgot password” email flow. To reset a user’s password:
  1. Open Settings > Users.
  2. Find the user.
  3. Click the reset password action.
  4. Create the reset link.
  5. Send the link to the user through your preferred secure channel.
Reset links expire after one hour. When the user opens the link, they choose a new password on the Roomote reset page and then sign in again. Existing sessions are revoked after the password is reset. The reset action is only available for users who have an email/password credential. If a user signs in only through Slack, Microsoft, or another OAuth provider, reset their password in that provider instead.

Common issues

  • A new teammate cannot create an account. Send them an invite link, or confirm they belong to the configured Slack workspace or Microsoft tenant.
  • The invite link no longer works. It may be expired, revoked, or used up. Create a new invite from Settings > Users.
  • The password reset action is disabled. The user is OAuth-only. Reset their password in Slack, Microsoft, or the identity provider they use.
  • An admin cannot be demoted or removed. Promote another active admin first.