BreezyCorp Handbook

Appearance

Add, edit, or deactivate a staff user

Who does this: Platform Admin When: Onboarding a new colleague, changing someone's role, or revoking access for a leaver Result: A staff account is created / changed / deactivated, with a corresponding audit trail and (for new users) a one-time password-setup link to share.

Staff user management is restricted to Platform Admins. Any other role opening Team in the staff dashboard sidebar will see an Administrator access only notice. If you need to grant someone access and you're not an admin, ask one of the Platform Admins on the team to do it for you.

NOTE

Staff users are your firm's operators — Payroll Lead, Payroll Specialist, Bookkeeper, Senior Accountant, Administrator. Client contacts (the people at your clients who submit data and approve payroll) are managed separately on each client record. See Add or edit client contacts for those.

Before you start

  • [ ] You're signed in as a Platform Admin.
  • [ ] For new staff: you have the person's work email and full name, and you've agreed which role they should have.
  • [ ] You have a secure way to deliver a one-time setup link (in person, internal chat, etc.) — the link is not emailed automatically.

Add a new staff user

  1. Open Team in the staff dashboard sidebar (under Administration).
  2. Click New staff user (top right).
  3. Fill in:
    • Email — the person's work email. This becomes their identity and cannot be changed later.
    • Full name — what shows in the audit log and on screens.
    • Role — pick one from the dropdown:
      • Payroll Specialist — runs cycles, resolves blocking issues, generates exports, uploads outputs
      • Payroll Lead — Payroll Specialist plus issue overrides, client management, template management
      • Administrator — full platform access including staff and client administration
  4. Click Create staff user.
  5. The next screen shows a one-time password setup link. Copy it with the Copy button and deliver it to the new user out-of-band. The link expires in one hour.

WARNING

The setup link is shown once — there is no way to retrieve it later. If you close the page before copying, open the new user's record and click Generate reset link to mint a fresh one.

When the new user follows their link, they set a password and (on next sign-in) are prompted to enrol in MFA.

Edit a staff user

  1. Open Team in the sidebar, find the row, click Open →.
  2. To change the role: pick a new value from the Role dropdown — it saves immediately.
  3. To fix a typo in the name: edit it on the profile card (saves on blur).
  4. Email is immutable. To change someone's email, deactivate the old account and create a new one with the new email. Audit history stays attributed to the old account.

TIP

If you find yourself viewing your own record, the page shows an amber banner. Demoting yourself out of Administrator is blocked to prevent locking the team out of staff administration entirely.

Deactivate a staff user

Use this for leavers, role changes that involve a long gap, or anyone whose access should be revoked immediately.

  1. Open Team, click into the user.
  2. On the Profile card, click Deactivate.

The platform does the following in one step:

  • Flips the user to Inactive — they can no longer sign in.
  • Revokes every active session immediately — if they were signed in elsewhere, that session is killed on next request.
  • Keeps the user record so historical audit events stay attributed to them by name.

To bring someone back, open their record and click Activate in the same place.

NOTE

Deactivation is the right tool for almost every "remove access" case. The Danger zone → Delete user button at the bottom of the detail page does a hard delete (still preserves audit history, but removes the password hash, MFA secret, and any sessions). Use it sparingly — there is no undo.

How to know it worked

  • Team list shows the new / changed user with the right role badge and the right Status chip (Active / Inactive).
  • Activity log (sidebar → Activity log) shows a matching event:
    • staff_user.created when you add a user
    • staff_user.role_changed when you change a role
    • staff_user.deactivated / staff_user.reactivated when you flip the status
  • For new users: once they follow the setup link and sign in for the first time, the Last login field on their detail page populates.

Common situations

If you see…It means…What to do
Team isn't in your sidebarYour role isn't AdministratorAsk a Platform Admin on the team
"Email already in use" on createA user (active or inactive) already exists with that emailOpen the existing user and reactivate, or pick a different email
User can't sign in even after following the setup linkThe link expired (one hour TTL), or they bookmarked the link itself rather than completing the flowOpen their record, click Generate reset link, deliver the new link
User's name greyed out across the dashboardThey've been deactivated. Past actions stay attributed to them — that's the audit log working as designedIf they shouldn't be deactivated, click Activate on their record
Deactivate button is missing on your own recordThe platform won't let you deactivate yourselfAsk another Platform Admin to do it
MFA — Clear MFA clicked by mistakeTheir existing sessions still work; they'll be re-prompted to enrol on next loginNo action needed — the user re-enrols on next sign-in

Internal use only — BreezyCorp