Loading…

Manage team members

Updated

Manage who has access to your account and workspaces. Assign full account access (Account Admin), partial account access (Member), or workspace access (Workspace Admin, Author, or Viewer).

Overview

In Account Settings, Account Admins can add up to 300 team members to help you manage your campaigns, people, objects, integrations, and more. We do not charge for team members; you should grant access to anyone that can help you manage communications through Customer.io! Your team members can have any role; we do not limit the number of Admins, Members, etc that you can have, just the total count of team members.

The Team Members page shows you who has access to your account, when they last logged in, whether two-factor authentication is enabled, their roles and permissions, and which workspaces they have access to.

A screenshot of the team members page. There is a table with three team members listed. The column names are Name, Last Login, 2FA, Account, and Workspaces.
A screenshot of the team members page. There is a table with three team members listed. The column names are Name, Last Login, 2FA, Account, and Workspaces.

Every team member has an account-level role - Account Admin or Member. There are also workspace-level roles. Account Admins are Workspace Admins across all workspaces which gives them full access. A Member can be a Workspace Admin, Author, or Viewer in each workspace they have access to:

  • Account Admins have all permissions available across your account and every workspace. Think of them as account owners - they can manage billing, team members, API credentials, integrations, workspace data, and more. We always assign them as Workspace Admins to existing and new workspaces in your account, which gives them full control over your workspaces.

  • Members have partial access to your account. They can view but not manage team members or cookie settings. You can optionally give them the power to access billing and account info, manage API credentials, and enable access for support teams at Customer.io.

    On Team Members, under Account, hover over to see additional permissions each Member has.

    On the Team Members page, there is a table of three team members. The columns from left to right are Name, Last Login, 2FA, Account, and Workspaces. Under Account, the second team member is listed as a Member. To the right of Member is +1. The mouse hovers over +1 which reveals a list of three additional permissions the member could have. The first permission - Access billing & account info - has a checkmark to the left, meaning this person has access. The other two have an x to the left, meaning the person does not have those permissions.
    On the Team Members page, there is a table of three team members. The columns from left to right are Name, Last Login, 2FA, Account, and Workspaces. Under Account, the second team member is listed as a Member. To the right of Member is +1. The mouse hovers over +1 which reveals a list of three additional permissions the member could have. The first permission - Access billing & account info - has a checkmark to the left, meaning this person has access. The other two have an x to the left, meaning the person does not have those permissions.

    By default, Members don’t have access to workspaces, but you can grant access to them through workspace-level roles. For instance, you can assign a Member the role Workspace Admin for full access to Workpace 1, the role Author for partial permissions to Workspace 2, and Viewer for view-only permissions to Workspace 3.

On Team Members, under Workspaces, click the value to see a list of each role a team member has for each workspace.

On the Team Member page, a pop-up appears showing a list of workspaces a team member has access to. In Workspace 1, they have the role of Author. In Workspace 2, they have the role of Viewer.
On the Team Member page, a pop-up appears showing a list of workspaces a team member has access to. In Workspace 1, they have the role of Author. In Workspace 2, they have the role of Viewer.

Roles and permissions

Account-level

Every team member has one account-level role - Account Admin or Member:

  • Account Admins have full control of your account and all your workspaces. Think of them as account owners.
  • Members have partial access to your account. They can view but not manage team members or cookie settings. You can optionally give them the power to access billing and account info, manage API credentials, and enable access for support teams at Customer.io.

Account settings

PermissionAccount AdminMember
Account
Company name, Contacts, and Address - viewcheck_circleoptional, must grant permission "Access billing & account info"
Company name, Contacts, and Address - editcheck_circleoptional, must grant permission "Access billing & account info"
Workspaces
Workspaces - viewcheck_circlehighlight_off
Workspaces - createcheck_circlehighlight_off
Workspaces - editcheck_circlehighlight_off
Workspaces - deletecheck_circlehighlight_off
Security
Two-factor authentication via auth app - viewcheck_circlehighlight_off
Two-factor authentication via auth app - editcheck_circlehighlight_off
SSO - viewcheck_circlehighlight_off
SSO - editcheck_circlehighlight_off
API Credentials
API credentials - viewcheck_circleoptional, must grant permission "Manage API credentials"
API credentials - createcheck_circleoptional, must grant permission "Manage API credentials"
API credentials - deletecheck_circleoptional, must grant permission "Manage API credentials"
Team Members
Team members - viewcheck_circlecheck_circle
Team members - createcheck_circlehighlight_off
Team members - editcheck_circlehighlight_off
Team members - deletecheck_circlehighlight_off
Plans & Billing
Your plan - viewcheck_circleoptional, must grant permission "Access billing & account info"
Your plan - change plancheck_circleoptional, must grant permission "Access billing & account info"
Your plan - cancelcheck_circleoptional, must grant permission "Access billing & account info"
Billing history - viewcheck_circleoptional, must grant permission "Access billing & account info"
Billing history - exportcheck_circleoptional, must grant permission "Access billing & account info"
Privacy & Data
Cookie settings - viewcheck_circlecheck_circle
Cookie settings - editcheck_circlehighlight_off
Access for support teams - viewcheck_circlecheck_circle
Access for support teams - editcheck_circleoptional, must grant permission "Enable access for support teams"
Experimental Features
Experimental features - viewcheck_circlecheck_circle
Experimental features - editcheck_circlecheck_circle

Workspace-level

A workspace-level role controls the set of permissions a team member has in a single workspace. There are three roles - Workspace Admin, Author, and Viewer. These roles cover both our Journeys and Data Pipelines products. You can choose to limit access to sensitive data for Authors and Viewers.

Account Admins are always Workspace Admins in every workspace. This ensures Account Admins have full rights across each of your workspaces. Members can have different workspace-level roles for each workspace they have access to:

Workspace Admin

Workspace Admins have full access to all settings and features in a workspace. This is the only workspace-level role that can:

  • import or export user data
  • manage integrations in Journeys and/or Data Pipelines
  • create, edit, or delete collections

They cannot create or delete workspaces; only Account Admins can.

Author

Authors have partial access to workspace settings and features. They can manage some features like content and campaigns, but only view others like collections.

Account Admins and Workspace Admins can decide whether to hide sensitive attribute data from authors.

 Authors with sensitive data hidden currently can’t edit people

Authors with sensitive data hidden have the same functionality as authors who can view all data, with one exception: they can’t edit people. We’re in the process of enabling all authors to have the same functionality, regardless of whether they can view sensitive data or not.

Viewer

Viewers have no access to workspace settings and partial access to workspace features. They have view-only permissions to all workflows, content, and data in a workspace.

Account Admins and Workspace Admins can decide whether to hide sensitive attribute data from viewers.

Workspace settings

PermissionWorkspace
Admin		AuthorViewer
General workspace settings
General workspace settings - viewcheck_circlecheck_circlehighlight_off
General workspace settings - editcheck_circlehighlight_offhighlight_off
Journeys Settings - Messaging settings
Messaging settings - viewcheck_circlecheck_circlehighlight_off
Messaging settings - editcheck_circlecheck_circlehighlight_off
Email - Suppression List - viewcheck_circlecheck_circlehighlight_off
Email - Suppression List - unsuppresscheck_circlehighlight_offhighlight_off
Email - Suppression List - exportcheck_circlehighlight_offhighlight_off
Journeys Settings - Advanced
Language settings - viewcheck_circlecheck_circlehighlight_off
Language settings - editcheck_circlecheck_circlehighlight_off
Merge options - viewcheck_circlecheck_circlehighlight_off
Merge options - editcheck_circlehighlight_offhighlight_off
Message limit - viewcheck_circlecheck_circlehighlight_off
Message limit - editcheck_circlecheck_circlehighlight_off
Subscription center - viewcheck_circlecheck_circlehighlight_off
Subscription center - editcheck_circlecheck_circlehighlight_off
Time zone match - testcheck_circlecheck_circlehighlight_off
URL parameters - viewcheck_circlecheck_circlehighlight_off
URL parameters - editcheck_circlecheck_circlehighlight_off

Journeys

PermissionWorkspace
Admin		AuthorViewer
Send messagescheck_circlecheck_circlehighlight_off
Campaigns
Campaigns - viewcheck_circlecheck_circlecheck_circle
Campaigns - createcheck_circlecheck_circlehighlight_off
Campaigns - editcheck_circlecheck_circlehighlight_off
Campaigns - deletecheck_circlecheck_circlehighlight_off
Broadcasts
Newsletters and API-triggered Broadcasts - viewcheck_circlecheck_circlecheck_circle
Newsletters and API-triggered Broadcasts - createcheck_circlecheck_circlehighlight_off
Newsletters and API-triggered Broadcasts - editcheck_circlecheck_circlehighlight_off
Newsletters and API-triggered Broadcasts - deletecheck_circlecheck_circlehighlight_off
Transactional
Transactional email or push - viewcheck_circlecheck_circlecheck_circle
Transactional email or push - createcheck_circlecheck_circlehighlight_off
Transactional email or push - editcheck_circlecheck_circlehighlight_off
Transactional email or push - deletecheck_circlecheck_circlehighlight_off
Deliveries & Drafts
Deliveries & Drafts - viewcheck_circlecheck_circlecheck_circle
People
People - viewcheck_circlecheck_circlecheck_circle
People - createcheck_circlehighlight_offhighlight_off
People - edit1check_circlecheck_circle1highlight_off
People - deletecheck_circlehighlight_offhighlight_off
Objects
Object Types - viewcheck_circlecheck_circlecheck_circle
Object Types - createcheck_circlehighlight_offhighlight_off
Object Types - editcheck_circlehighlight_offhighlight_off
Object Types - deletecheck_circlehighlight_offhighlight_off
Objects and Relationships - viewcheck_circlecheck_circlecheck_circle
Objects and Relationships - createcheck_circlecheck_circlehighlight_off
Objects and Relationships - editcheck_circlecheck_circlehighlight_off
Objects and Relationships - deletecheck_circlecheck_circlehighlight_off
Segments
Segments - viewcheck_circlecheck_circlecheck_circle
Segments - createcheck_circlecheck_circlehighlight_off
Segments - editcheck_circlecheck_circlehighlight_off
Segments - deletecheck_circlecheck_circlehighlight_off
Segments - import CSVcheck_circlecheck_circlehighlight_off
Segments - view Ad Audiencecheck_circlecheck_circlecheck_circle
Segments - integrate Ad Audiencecheck_circlehighlight_offhighlight_off
Segments - create Ad Audiencecheck_circlecheck_circlehighlight_off
Segments - pause Ad Audiencecheck_circlecheck_circlehighlight_off
Segments - resume Ad Audiencecheck_circlecheck_circlehighlight_off
Segments - delete Ad Audiencecheck_circlecheck_circlehighlight_off
Activity Logs
Activity Logs - viewcheck_circlecheck_circlecheck_circle
Data & Integrations
Data Index - viewcheck_circlecheck_circlecheck_circle
Data Index - edit attribute descriptionscheck_circlehighlight_offhighlight_off
Data Index - exportcheck_circlehighlight_offhighlight_off
Integrations - viewcheck_circlehighlight_offhighlight_off
Integrations - createcheck_circlehighlight_offhighlight_off
Integrations - editcheck_circlehighlight_offhighlight_off
Integrations - deletecheck_circlehighlight_offhighlight_off
Data importcheck_circlehighlight_offhighlight_off
Data exportcheck_circlehighlight_offhighlight_off
Content
Message Library - viewcheck_circlecheck_circlecheck_circle
Assets - viewcheck_circlecheck_circlecheck_circle
Assets - uploadcheck_circlecheck_circlehighlight_off
Assets - deletecheck_circlecheck_circlehighlight_off
Email Layouts - viewcheck_circlecheck_circlecheck_circle
Email Layouts - createcheck_circlecheck_circlehighlight_off
Email Layouts - editcheck_circlecheck_circlehighlight_off
Email Layouts - deletecheck_circlecheck_circlehighlight_off
In-app Message Library - viewcheck_circlecheck_circlecheck_circle
Snippets - viewcheck_circlecheck_circlecheck_circle
Snippets - createcheck_circlecheck_circlehighlight_off
Snippets - editcheck_circlecheck_circlehighlight_off
Snippets - deletecheck_circlecheck_circlehighlight_off
Collections - viewcheck_circlecheck_circlecheck_circle
Collections - createcheck_circlehighlight_offhighlight_off
Collections - editcheck_circlehighlight_offhighlight_off
Collections - deletecheck_circlehighlight_offhighlight_off
1Authors with sensitive attributes hidden cannot currently edit people, but we will align them to have the same functionality as Authors who can view all attributes soon.

Data Pipelines

PermissionWorkspace
Admin		AuthorViewer
Sources & Destinations - view2check_circlecheck_circlecheck_circle
Sources & Destinations - createcheck_circlehighlight_offhighlight_off
Sources & Destinations - editcheck_circlehighlight_offhighlight_off
Sources & Destinations - deletecheck_circlehighlight_offhighlight_off
2Workspace Admins can view authorization headers in payloads for Sources and Destinations. Auth headers are redacted for Authors and Viewers.

Manage team members

 To add or remove team members, you must be an Account Admin.

Your account can have up to 300 total team members. Contact us if you need more than that.

Add team members

  1. Go to Account Settings > Team Members.
  2. Click Invite team member.
    On the Team member page, there is a button in the top right labelled Invite team member. A red rectangle surrounds the button and a red arrow points to it for emphasis.
    On the Team member page, there is a button in the top right labelled Invite team member. A red rectangle surrounds the button and a red arrow points to it for emphasis.
  3. Enter the new team member’s first and last name followed by their email address.
    The page header reads, Invite team member. Under that is a section titled User details where you can add a person's first name, last name and email address. Below that is a section titled Account level permissions where Member is chosen in the dropdown. Below that are a list of additional permissions, and Enable access for support teams is checked. Below this is a section for Workspace-level permissions. The radial All is selected and the role Workspace admin is selected in the dropdown.
    The page header reads, Invite team member. Under that is a section titled User details where you can add a person's first name, last name and email address. Below that is a section titled Account level permissions where Member is chosen in the dropdown. Below that are a list of additional permissions, and Enable access for support teams is checked. Below this is a section for Workspace-level permissions. The radial All is selected and the role Workspace admin is selected in the dropdown.
  4. Grant account-level access. By default, we assign people the Member role. Decide whether someone should be an Account Admin (full access) or Member (partial access).
    • Members cannot manage team members or cookie settings, but you can optionally grant them the following permissions:
      • Access billing & account info
      • Manage API credentials
      • Enable access for support teams
  5. (Optional) If you’re adding a Member, decide whether to grant workspace-level roles: Workspace Admin, Author, or Viewer. By default, a Member does not have access to workspaces.
    • Choose “All” if you want to give this person the same access across all workspaces. Then select the role from the dropdown.
    • Choose “Custom” if this person should have different roles across multiple workspaces.
      At the bottom of the Invite team member page, there is a a section titled Workspace level permissions. The radial to the left of Custom is selected. Below that is a table with two columns for the name of a workspace and the role the person has in the workspace. The box to the left of each workspace is checked. The first is Workspace 1 and the role Workspace admin is selected. The second is Workspace 2 and the role Author is selected.
      At the bottom of the Invite team member page, there is a a section titled Workspace level permissions. The radial to the left of Custom is selected. Below that is a table with two columns for the name of a workspace and the role the person has in the workspace. The box to the left of each workspace is checked. The first is Workspace 1 and the role Workspace admin is selected. The second is Workspace 2 and the role Author is selected.
  6. Click Send invite in the top right.
    1. You’ll be redirected to the Team Members page. Here you’ll see the person you just created. Their last login will show as “Invite sent.”

Your new team member will receive an email with a link to set a password. The link in the invitation expires after seven days. When the new team member sets their password, they can log in and get started with Customer.io! Note, if you’ve enabled SSO, they will not have to set a password.

Hide sensitive attributes

Premium

If you’re on a Premium plan, account admins and workspace admins can decide whether to hide sensitive attribute data from authors and viewers for each workspace. This redacts values but not attribute names for people. If an event attribute has the same name, those values will also be redacted. You can’t currently hide attributes for objects or relationships.

 Authors with sensitive data hidden currently can’t edit people

Authors with sensitive data hidden have the same functionality as authors who can view all data, with one exception: they can’t edit people. We’re in the process of enabling all authors to have the same functionality, regardless of whether they can view sensitive data or not.

Mark attributes as sensitive

Admins mark attributes as sensitive in the Data Index:

  1. In the Attributes tab, click to open an attribute.
  2. Check the box “Mark as sensitive.”
    data-index-sensitive-mark.png
    data-index-sensitive-mark.png To unhide sensitive attributes, uncheck the box. Changes are saved automatically.
  3. Next, update permissions for team members.

 Not seeing Mark as sensitive?

Check that you’re an account admin or workspace admin in Team Members. If you are, then check whether you’re on a Premium plan or reach out to someone with billing access. Otherwise, you’ll have to upgrade for access.

Choose "Hide sensitive attributes" for authors or viewers

Then admins must update authors or viewers so they can’t view these sensitive attributes:

  1. Go to Team Members.
  2. Create a new team member or edit the team member you want to update.
  3. Under Workspace level permissions, specify Author or Viewer for all or specific workspaces.
    team-member-hide-sensitive.png
    team-member-hide-sensitive.png
  4. Choose Hide sensitive attributes from the dropdown.
  5. Save or invite your team member.

 Do you see the option Hide all attributes?

If so, this is a legacy feature and you can learn more about how this limits authors access to data and functionality.

Manage roles in bulk

You can assign and remove a role across multiple workspaces for a single person. You cannot assign roles and permissions across multiple team members at once, though.

  1. Go to Account Settings > Team Members.
  2. Click Invite team member to add a team member or click then Edit to modify an existing member.
  3. Locate workspace-level permissions at the bottom. Click the radial for Custom. A list of workspaces will appear.
  4. Assign or remove roles across each workspace.
    • If you don’t have many workspaces, you can change the role from the dropdown for each workspace.
      At the bottom of the Invite team member page, there is a a section titled Workspace level permissions. The radial to the left of Custom is selected. Below that is a table with two columns for the name of a workspace and the role the person has in the workspace. The box to the left of each workspace is checked. The first is Workspace 1 and the role Workspace admin is selected. The second is Workspace 2 and the role Author is selected.
      At the bottom of the Invite team member page, there is a a section titled Workspace level permissions. The radial to the left of Custom is selected. Below that is a table with two columns for the name of a workspace and the role the person has in the workspace. The box to the left of each workspace is checked. The first is Workspace 1 and the role Workspace admin is selected. The second is Workspace 2 and the role Author is selected.
    • If you have many workspaces:
      1. Check the box next to each workspace you want to assign the same access for.
      2. Click Select role at the top of the table to assign roles or click Reset to unassign access to workspaces. If you want to assign a role, select the role from the right hand panel. For Authors and Viewers, decide whether to hide attributes.
        On the Invite team member page, there is a right-hand panel that takes up about one fifth of the screen. It is titled Select role. It lists Workspace admin, Author, and Viewer. The Viewer radial is selected. Hide attributes is not checked.
        On the Invite team member page, there is a right-hand panel that takes up about one fifth of the screen. It is titled Select role. It lists Workspace admin, Author, and Viewer. The Viewer radial is selected. Hide attributes is not checked.
      3. Click Confirm. The table will update to reflect your selection.
  5. Click Send invite or Save in the top right. If you created a new team member, they will receive an email invitation. If you updated a team member, they will not receive an email.

Edit team members

Account Admins can edit other team members’ names, email addresses, roles, and the workspace(s) they have access to. Account Admins as well as Members can edit their own names and emails.

  1. Go to Account Settings > Team Members.
  2. On the right, click then choose Edit and make your changes.
  3. Click Save.

Delete team members

To delete or remove a team member, you must be an Account Admin.

You might need to remove team members if they leave your organization. Removing a person does not impact content in your account—anything a person did as a member of your account will remain after you remove them from your team. If you only need to change someone’s settings - their name, email address, roles, or the workspace(s) they have access to - you can edit the team member instead.

  1. Go to Account Settings > Team Members.
  2. Find the team member you want to remove. Click then Delete.
  3. Confirm the action.

Reset a team member’s password

If a team member forgets their password or their password is compromised, you can reset it on behalf of a team member.

  1. Go to Account Settings > Team Members.
  2. Find the team member. Click then Reset password.

We’ll send the team member an email with instructions to reset their password.

Having trouble accepting an invitation?

Did you create a trial account under your email address or did you previously belong to a different Customer.io account?

Your email address can only belong to a single account in Customer.io. So, before you can accept the invitation, we need to free up your email address.

  1. If you created a trial account under your email address, cancel your trial.
  2. Contact us to disconnect your email address from the trial account.

FAQs

How many team members can I have?

You can have up to 300 total team members. Contact us if you need more than 300 team members.

Can I make a team member a Viewer for one workspace, but an Author for another workspace?

Yes! When you add or edit a team member, go to “Workspace-level permissions,” click “Custom,” then assign roles to each workspace.

Why can’t I see all of our team members in my list?

Account Admins see all team members. Members only see team members assigned roles in one or more workspaces they have access to.

Why can’t I see all of our workspaces in my list?

Workspace Admins, Authors, and Viewers only see the workspaces they can access. Ask an Account Admin to add or remove workspaces from a team member’s list.

Have other questions or feedback?

Email win@customer.io to get in touch with our support team.

Copied to clipboard!
  Contents
Is this page helpful?