Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.elementum.io/llms.txt

Use this file to discover all available pages before exploring further.

Once your groups, roles, and data access policies are in place, inviting users is the last step. New users inherit their access from the groups you add them to, so a complete invite is just an email plus group membership — no per-user permission configuration required. For organizations that authenticate through an Identity Provider, see SCIM Provisioning to automate user creation from your IdP instead of inviting users manually.
Your ability to invite users depends on the organization’s User Invite Policy, which controls who can send invitations and which email domains are allowed. The policy applies to both invite paths below. See User Invite Policy for details.

Invite a User Through a Group

Inviting users from inside a group is the recommended path. The user lands in the right group as soon as they complete registration, with no extra step required to grant the access that group provides.
  1. Open Settings icon Org SettingsGroups.
  2. Select the group the user should belong to.
  3. Click Add User in the top right corner.
  4. In the popup, select Invite User.
  5. Enter the user’s information:
    • Email Address
    • First Name
    • Last Name
  6. Click Invite User.
The invite is sent to the user’s email inbox, and the user must create their account to complete registration. When registration finishes, the user is already a member of the group, with all roles and data access policies attached to that group applied automatically.
If a user belongs in multiple groups, repeat these steps from each group, or add them to additional groups after registration from Org SettingsUsers.

Invite a User Directly

Use this path only when the user is not yet associated with a group, or when you want to invite first and decide on group membership later. Users invited this way have no access until they are added to a group, assigned a role, or granted object-specific permissions.
  1. Open Settings icon Org SettingsUsers.
  2. Click New User in the top right corner.
  3. Enter the user’s information:
    • Email Address
    • First Name
    • Last Name
  4. Click Invite User.
The invite is sent to the user’s email inbox. From there, the user must create their account to complete registration.

Grant Additional Access After Registration

If you invited the user through a group, they already have the access that group provides. To grant more — additional groups, direct role assignments, or object-specific permissions — use one or more of the following after registration completes:
  • Org Groups — Add the user to additional groups they should belong to. Groups are the most scalable way to manage access because permissions assigned to a group apply to every member automatically.
  • Roles — Assign managed or custom roles directly to the user to grant org-wide or app-level capabilities.
  • Object-specific permissions — For access to a specific app, record, or workflow that is not covered by a group or role, grant permissions directly on the object. Use this sparingly, as direct assignments are harder to audit and maintain than group- or role-based access.
Every new user is automatically added to the built-in All Users group. This group is intended for organization-wide defaults only — do not rely on it to grant sensitive or record-level access, since every active user is a member.

View a User’s Groups

To see which groups a user belongs to:
  1. Open Settings icon Org SettingsUsers.
  2. Select the user’s profile.
The user profile displays all groups the user is a member of.

User Status

The Users page in Organization Settings displays a status next to each user. Status controls how much of the platform a user can reach without removing the user record itself, so mentions, assignments, approvals, and history are preserved no matter the status.
StatusWhat it means
ActiveFull platform access, scoped by the user’s roles and data access policies.
LimitedNo platform visibility. The user can only interact with Elementum updates through email — for example, replying to a notification or completing an emailed form.
InactiveThe user has been deactivated and cannot sign in. Their update history is preserved and continues to appear in the Activity Log.

Change a User’s Status

  1. Open Settings icon Org SettingsUsers.
  2. Click the More icon next to the user.
  3. Choose the action that matches your goal:
    • Downgrade or Upgrade — Move the user between Active and Limited. The label reflects the user’s current status, so an Active user shows Downgrade and a Limited user shows Upgrade.
    • Deactivate — Move the user to Inactive and revoke all platform access. On an inactive user, this same action is labelled Activate User and restores the user’s previous status.
Deactivation preserves the user’s record, mentions, and activity history. If your organization uses SCIM Provisioning, removing the user from your Identity Provider will trigger deactivation automatically.

Groups

Organize users into groups for scalable role and access assignment

Roles & Permissions

Decide what users in each group can do across the organization or within an app

Object Data Access

Control which records users can see using dynamic policies

SSO & SCIM

Centralize authentication and automate user provisioning through your Identity Provider