Skip to main content

Team management

The Portal supports multiple users per workspace. Use this page to add teammates, manage their roles, secure your account with 2FA, and create API clients that act on behalf of your workspace.

Inviting team members

To invite a teammate to your workspace:

  1. Open the user menu in the top-right and select Users.
  2. Select Invite user.
  3. Enter the teammate's email address and select a role.
  4. Send the invitation.

The teammate receives an email with a link to set a password. Once they verify their email, they can sign in and access the workspace with the role you assigned.

Roles

Roles control what a teammate can see and change in the Portal. Roles are workspace-wide — a user has the same role across every programmeProgramme A programme represents your application within Weavr. Everything you create — Identities, Instruments, Transactions — sits beneath a Programme. When you register as an Embedder, you receive a Programme in the Sandbox and, once approved, one in Production. in the workspace.

The available roles are configured for your workspace; ask Weavr support if you need a role that isn't available. As a rule:

  • Admins can invite users, manage configuration, and view every programmeProgramme A programme represents your application within Weavr. Everything you create — Identities, Instruments, Transactions — sits beneath a Programme. When you register as an Embedder, you receive a Programme in the Sandbox and, once approved, one in Production..
  • Operators can use the Console (manage end-customer identities and instrumentsInstrument A financial product owned by an Identity. There are two types: Managed Accounts (stored-value accounts that hold balances and can receive wire transfers) and Managed Cards (prepaid cards — virtual or physical — used for purchases).) and the Simulator, but can't change configuration.
  • Viewers can read but not change anything.

If you need to change a teammate's role, edit the user from the Users screen.

Removing a user

Open Users, select the user, and remove them. Removed users can no longer sign in. Audit logs of their past actions stay attached to your workspace.

Securing your own account

Each user manages their own credentials under Security in the user menu.

Change your password

Open Security > Login methods > Change password. You'll need your current password to set a new one.

Two-factor authentication

Open Security > Login methods > Factor authentication to enrol an authenticator app (TOTP). After enrolment, every sign-in requires a code from your app.

We strongly recommend enabling 2FA for every user. There is no self-service recovery if you lose your second factor — you'll need to contact Weavr support to regain access.

API clients (delegated API access)

API clients let an external system — your backend, a partner, or an internal tool — call the Back-office API on behalf of your workspace without using a human user's credentials. Each API client has its own credentials and a public key for signing requests.

Open API clients in the user menu to:

  • Create a new API client. You'll provide a name and a public key (used to verify request signatures).
  • Rotate the public key on an existing client when keys expire or are compromised.
  • Disable a client to revoke its access immediately.

The API clients screen shows each client's type (User or Delegated), status, and creation date.

For request signing, JWKS endpoints, and the full delegated authentication flow, see Delegated authentication.

Next steps