Manage team members

Updated

Manage who has access to your account and workspaces. Assign full account access (Account Admin), partial account access (Member), or workspace access (Workspace Admin, Author, or Viewer).

Overview

In Account Settings, Account Admins can add up to 300 team members to help you manage your campaigns, people, objects, integrations, and more. We do not charge for team members; you should grant access to anyone that can help you manage communications through Customer.io!

The Team Members page shows you who has access to your account, when they last logged in, whether two-factor authentication is enabled, their roles and permissions, and which workspaces they have access to.

A screenshot of the team members page. There is a table with three team members listed. The column names are Name, Last Login, 2FA, Account, and Workspaces.
A screenshot of the team members page. There is a table with three team members listed. The column names are Name, Last Login, 2FA, Account, and Workspaces.

Every team member has an account-level role - Account Admin or Member. There are also workspace-level roles. Account Admins are Workspace Admins across all workspaces which gives them full access. A Member can be a Workspace Admin, Author, or Viewer in each workspace they have access to:

  • Account Admins have all permissions available across your account and every workspace. Think of them as account owners - they can manage billing, team members, API credentials, integrations, workspace data, and more. We always assign them as Workspace Admins to existing and new workspaces in your account, which gives them full control over your workspaces.

  • Members have partial access to your account. They can view but not manage team members or cookie settings. You can optionally give them the power to access billing and account info, manage API credentials, and enable access for support teams at Customer.io.

    On Team Members, under Account, hover over to see additional permissions each Member has.

    On the Team Members page, there is a table of three team members. The columns from left to right are Name, Last Login, 2FA, Account, and Workspaces. Under Account, the second team member is listed as a Member. To the right of Member is +1. The mouse hovers over +1 which reveals a list of three additional permissions the member could have. The first permission - Access billing & account info - has a checkmark to the left, meaning this person has access. The other two have an x to the left, meaning the person does not have those permissions.
    On the Team Members page, there is a table of three team members. The columns from left to right are Name, Last Login, 2FA, Account, and Workspaces. Under Account, the second team member is listed as a Member. To the right of Member is +1. The mouse hovers over +1 which reveals a list of three additional permissions the member could have. The first permission - Access billing & account info - has a checkmark to the left, meaning this person has access. The other two have an x to the left, meaning the person does not have those permissions.

    By default, Members don’t have access to workspaces, but you can grant access to them through workspace-level roles. For instance, you can assign a Member the role Workspace Admin for full access to Workpace 1, the role Author for partial permissions to Workspace 2, and Viewer for view-only permissions to Workspace 3.

On Team Members, under Workspaces, click the value to see a list of each role a team member has for each workspace.

On the Team Member page, a pop-up appears showing a list of workspaces a team member has access to. In Workspace 1, they have the role of Author. In Workspace 2, they have the role of Viewer.
On the Team Member page, a pop-up appears showing a list of workspaces a team member has access to. In Workspace 1, they have the role of Author. In Workspace 2, they have the role of Viewer.

Roles and permissions

Account-level

Every team member has one account-level role - Account Admin or Member:

  • Account Admins have full control of your account and all your workspaces. Think of them as account owners.
  • Members have partial access to your account. They can view but not manage team members or cookie settings. You can optionally give them the power to access billing and account info, manage API credentials, and enable access for support teams at Customer.io.

Account settings

PermissionAccount AdminMember
Account
Company name, Contacts, and Address - viewcheck_circleoptional, must grant permission "Access billing & account info"
Company name, Contacts, and Address - editcheck_circleoptional, must grant permission "Access billing & account info"
Workspaces
Workspaces - viewcheck_circlehighlight_off
Workspaces - createcheck_circlehighlight_off
Workspaces - editcheck_circlehighlight_off
Workspaces - deletecheck_circlehighlight_off
Security
Two-factor authentication via auth app - viewcheck_circlehighlight_off
Two-factor authentication via auth app - editcheck_circlehighlight_off
SSO - viewcheck_circlehighlight_off
SSO - editcheck_circlehighlight_off
API Credentials
API credentials - viewcheck_circleoptional, must grant permission "Manage API credentials"
API credentials - createcheck_circleoptional, must grant permission "Manage API credentials"
API credentials - deletecheck_circleoptional, must grant permission "Manage API credentials"
Team Members
Team members - viewcheck_circlecheck_circle
Team members - createcheck_circlehighlight_off
Team members - editcheck_circlehighlight_off
Team members - deletecheck_circlehighlight_off
Plans & Billing
Your plan - viewcheck_circleoptional, must grant permission "Access billing & account info"
Your plan - change plancheck_circleoptional, must grant permission "Access billing & account info"
Your plan - cancelcheck_circleoptional, must grant permission "Access billing & account info"
Billing history - viewcheck_circleoptional, must grant permission "Access billing & account info"
Billing history - exportcheck_circleoptional, must grant permission "Access billing & account info"
Privacy & Data
Cookie settings - viewcheck_circlecheck_circle
Cookie settings - editcheck_circlehighlight_off
Access for support teams - viewcheck_circlecheck_circle
Access for support teams - editcheck_circleoptional, must grant permission "Enable access for support teams"
Experimental Features
Experimental features - viewcheck_circlecheck_circle
Experimental features - editcheck_circlecheck_circle

Workspace-level

A workspace-level role controls the set of permissions a team member has in a single workspace. There are three roles - Workspace Admin, Author, and Viewer. These roles cover both our Journeys and Data Pipelines products. You can choose to limit access to sensitive data for Authors and Viewers.

Account Admins are always Workspace Admins in every workspace. This ensures Account Admins have full rights across each of your workspaces. Members can have different workspace-level roles for each workspace they have access to:

Workspace Admin

Workspace Admins have full access to all settings and features in a workspace. This is the only workspace-level role that can:

  • import or export user data
  • manage integrations in Journeys and/or Data Pipelines
  • create, edit, or delete collections

They cannot create or delete workspaces; only Account Admins can.

Author

Authors have partial access to workspace settings and features. They can manage some features like content and campaigns, but only view others like collections. If you check Hide attributes, we will hide sensitive data from them and further limit their feature set.

Viewer

Viewers have no access to workspace settings and partial access to workspace features. They have view-only permissions to all workflows, content, and data in a workspace. If you check Hide attributes, we will mask sensitive data, too.

Hide attributes

You can mask profile and event attribute values that could include Personally Identifiable Information (PII) and Protected Health Information (PHI) from Viewers and Authors. To mask attributes, check Hide attributes when creating or editing a team member. This hides all profile attribute values, except those generated by Customer.io like _created_in_customerio_at and cio_id, within Journeys and Data Pipelines. Team members with attributes hidden cannot preview attributes in messages.

For Authors, this toggle not only hides data, but also changes the features they can manage in your workspace. When you check Hide attributes, authors:

  • cannot manage segments
  • cannot manage objects and relationships
  • cannot manage webhooks (but they can assign one as a campaign trigger)
  • cannot edit people or attribute conditions for broadcasts

Workspace settings

PermissionWorkspace
Admin		Author
Hide attributes OFF		Author
Hide attributes ON		Viewer
General workspace settings
General workspace settings - viewcheck_circlecheck_circlecheck_circlehighlight_off
General workspace settings - editcheck_circlehighlight_offhighlight_offhighlight_off
Journeys Settings - Messaging settings
Messaging settings - viewcheck_circlecheck_circlecheck_circlehighlight_off
Messaging settings - editcheck_circlecheck_circlecheck_circlehighlight_off
Email - Suppression List - viewcheck_circlecheck_circlehighlight_offhighlight_off
Email - Suppression List - unsuppresscheck_circlehighlight_offhighlight_offhighlight_off
Email - Suppression List - exportcheck_circlehighlight_offhighlight_offhighlight_off
Journeys Settings - Advanced
Language settings - viewcheck_circlecheck_circlecheck_circlehighlight_off
Language settings - editcheck_circlecheck_circlecheck_circlehighlight_off
Merge options - viewcheck_circlecheck_circlecheck_circlehighlight_off
Merge options - editcheck_circlehighlight_offhighlight_offhighlight_off
Message limit - viewcheck_circlecheck_circlecheck_circlehighlight_off
Message limit - editcheck_circlecheck_circlecheck_circlehighlight_off
Subscription center - viewcheck_circlecheck_circlecheck_circlehighlight_off
Subscription center - editcheck_circlecheck_circlecheck_circlehighlight_off
Time zone match - testcheck_circlecheck_circlecheck_circlehighlight_off
URL parameters - viewcheck_circlecheck_circlecheck_circlehighlight_off
URL parameters - editcheck_circlecheck_circlecheck_circlehighlight_off

Journeys

PermissionWorkspace
Admin		Author
Hide attributes OFF		Author
Hide attributes ON		Viewer
Send messagescheck_circlecheck_circlecheck_circlehighlight_off
Campaigns
Campaigns - viewcheck_circlecheck_circlecheck_circle2check_circle
Campaigns - createcheck_circlecheck_circlecheck_circle2highlight_off
Campaigns - editcheck_circlecheck_circlecheck_circle2highlight_off
Campaigns - deletecheck_circlecheck_circlecheck_circle2highlight_off
Broadcasts
Newsletters and API-triggered Broadcasts - viewcheck_circlecheck_circlecheck_circle2, 3check_circle
Newsletters and API-triggered Broadcasts - createcheck_circlecheck_circlecheck_circle2, 3highlight_off
Newsletters and API-triggered Broadcasts - editcheck_circlecheck_circlecheck_circle2, 3highlight_off
Newsletters and API-triggered Broadcasts - deletecheck_circlecheck_circlecheck_circle2, 3highlight_off
Transactional
Transactional email or push - viewcheck_circlecheck_circlecheck_circlecheck_circle
Transactional email or push - createcheck_circlecheck_circlecheck_circlehighlight_off
Transactional email or push - editcheck_circlecheck_circlecheck_circlehighlight_off
Transactional email or push - deletecheck_circlecheck_circlecheck_circlehighlight_off
Deliveries & Drafts
Deliveries & Drafts - viewcheck_circlecheck_circlecheck_circlecheck_circle
People
People - viewcheck_circlecheck_circlecheck_circlecheck_circle
People - createcheck_circlehighlight_offhighlight_offhighlight_off
People - editcheck_circlecheck_circlehighlight_offhighlight_off
People - deletecheck_circlehighlight_offhighlight_offhighlight_off
Objects
Object Types - viewcheck_circlecheck_circlecheck_circlecheck_circle
Object Types - createcheck_circlehighlight_offhighlight_offhighlight_off
Object Types - editcheck_circlehighlight_offhighlight_offhighlight_off
Object Types - deletecheck_circlehighlight_offhighlight_offhighlight_off
Objects and Relationships - viewcheck_circlecheck_circlecheck_circlecheck_circle
Objects and Relationships - createcheck_circlecheck_circlehighlight_offhighlight_off
Objects and Relationships - editcheck_circlecheck_circlehighlight_offhighlight_off
Objects and Relationships - deletecheck_circlecheck_circlehighlight_offhighlight_off
Segments
Segments - viewcheck_circlecheck_circlecheck_circlecheck_circle
Segments - createcheck_circlecheck_circlehighlight_offhighlight_off
Segments - editcheck_circlecheck_circlehighlight_offhighlight_off
Segments - deletecheck_circlecheck_circlehighlight_offhighlight_off
Segments - import CSVcheck_circlecheck_circlehighlight_offhighlight_off
Segments - view Ad Audiencecheck_circlecheck_circlecheck_circlecheck_circle
Segments - integrate Ad Audiencecheck_circlehighlight_offhighlight_offhighlight_off
Segments - create Ad Audiencecheck_circlecheck_circlehighlight_offhighlight_off
Segments - pause Ad Audiencecheck_circlecheck_circlehighlight_offhighlight_off
Segments - resume Ad Audiencecheck_circlecheck_circlehighlight_offhighlight_off
Segments - delete Ad Audiencecheck_circlecheck_circlehighlight_offhighlight_off
Activity Logs
Activity Logs - viewcheck_circlecheck_circlecheck_circlecheck_circle
Data & Integrations
Data Index - viewcheck_circlecheck_circlecheck_circlecheck_circle
Data Index - exportcheck_circlehighlight_offhighlight_offhighlight_off
Integrations - viewcheck_circlehighlight_offhighlight_offhighlight_off
Integrations - createcheck_circlehighlight_offhighlight_offhighlight_off
Integrations - editcheck_circlehighlight_offhighlight_offhighlight_off
Integrations - deletecheck_circlehighlight_offhighlight_offhighlight_off
Data importcheck_circlehighlight_offhighlight_offhighlight_off
Data exportcheck_circlehighlight_offhighlight_offhighlight_off
Content
Message Library - viewcheck_circlecheck_circlecheck_circlecheck_circle
Assets - viewcheck_circlecheck_circlecheck_circlecheck_circle
Assets - uploadcheck_circlecheck_circlecheck_circlehighlight_off
Assets - deletecheck_circlecheck_circlecheck_circlehighlight_off
Email Layouts - viewcheck_circlecheck_circlecheck_circlecheck_circle
Email Layouts - createcheck_circlecheck_circlecheck_circlehighlight_off
Email Layouts - editcheck_circlecheck_circlecheck_circlehighlight_off
Email Layouts - deletecheck_circlecheck_circlecheck_circlehighlight_off
In-app Message Library - viewcheck_circlecheck_circlecheck_circlecheck_circle
Snippets - viewcheck_circlecheck_circlecheck_circlecheck_circle
Snippets - createcheck_circlecheck_circlecheck_circlehighlight_off
Snippets - editcheck_circlecheck_circlecheck_circlehighlight_off
Snippets - deletecheck_circlecheck_circlecheck_circlehighlight_off
Collections - viewcheck_circlecheck_circlecheck_circlecheck_circle
Collections - createcheck_circlehighlight_offhighlight_offhighlight_off
Collections - editcheck_circlehighlight_offhighlight_offhighlight_off
Collections - deletecheck_circlehighlight_offhighlight_offhighlight_off
2Authors with attributes hidden cannot manage webhooks in campaigns (Send and Receive Data action) or broadcasts.
3Authors with attributes hidden cannot add attribute conditions to broadcasts.

Data Pipelines

PermissionWorkspace
Admin		Author
Hide attributes OFF		Author
Hide attributes ON		Viewer
Sources & Destinations - view4check_circlecheck_circlecheck_circlecheck_circle
Sources & Destinations - createcheck_circlehighlight_offhighlight_offhighlight_off
Sources & Destinations - editcheck_circlehighlight_offhighlight_offhighlight_off
Sources & Destinations - deletecheck_circlehighlight_offhighlight_offhighlight_off
4Workspace Admins can view authorization headers in payloads for Sources and Destinations. Auth headers are redacted for Authors and Viewers.

Manage team members

 To add or remove team members, you must be an Account Admin.

Your account can have up to 300 total team members. Contact us if you need more than that.

Add team members

  1. Go to Account Settings > Team Members.
  2. Click Invite team member.
    On the Team member page, there is a button in the top right labelled Invite team member. A red rectangle surrounds the button and a red arrow points to it for emphasis.
    On the Team member page, there is a button in the top right labelled Invite team member. A red rectangle surrounds the button and a red arrow points to it for emphasis.
  3. Enter the new team member’s first and last name followed by their email address.
    The page header reads, Invite team member. Under that is a section titled User details where you can add a person's first name, last name and email address. Below that is a section titled Account level permissions where Member is chosen in the dropdown. Below that are a list of additional permissions, and Enable access for support teams is checked. Below this is a section for Workspace-level permissions. The radial All is selected and the role Workspace admin is selected in the dropdown.
    The page header reads, Invite team member. Under that is a section titled User details where you can add a person's first name, last name and email address. Below that is a section titled Account level permissions where Member is chosen in the dropdown. Below that are a list of additional permissions, and Enable access for support teams is checked. Below this is a section for Workspace-level permissions. The radial All is selected and the role Workspace admin is selected in the dropdown.
  4. Grant account-level access. By default, we assign people the Member role. Decide whether someone should be an Account Admin (full access) or Member (partial access).
    • Members cannot manage team members or cookie settings, but you can optionally grant them the following permissions:
      • Access billing & account info
      • Manage API credentials
      • Enable access for support teams
  5. (Optional) If you’re adding a Member, decide whether to grant workspace-level roles: Workspace Admin, Author, or Viewer. By default, a Member does not have access to workspaces.
    • Choose “All” if you want to give this person the same access across all workspaces. Then select the role from the dropdown.
    • Choose “Custom” if this person should have different roles across multiple workspaces.
      At the bottom of the Invite team member page, there is a a section titled Workspace level permissions. The radial to the left of Custom is selected. Below that is a table with two columns for the name of a workspace and the role the person has in the workspace. The box to the left of each workspace is checked. The first is Workspace 1 and the role Workspace admin is selected. The second is Workspace 2 and the role Author is selected.
      At the bottom of the Invite team member page, there is a a section titled Workspace level permissions. The radial to the left of Custom is selected. Below that is a table with two columns for the name of a workspace and the role the person has in the workspace. The box to the left of each workspace is checked. The first is Workspace 1 and the role Workspace admin is selected. The second is Workspace 2 and the role Author is selected.
  6. Click Send invite in the top right.
    1. You’ll be redirected to the Team Members page. Here you’ll see the person you just created. Their last login will show as “Invite sent.”

Your new team member will receive an email with a link to set a password. The link in the invitation expires after seven days. When the new team member sets their password, they can log in and get started with Customer.io! Note, if you’ve enabled SSO, they will not have to set a password.

Manage roles in bulk

You can assign and remove a role across multiple workspaces for a single person. You cannot assign roles and permissions across multiple team members at once, though.

  1. Go to Account Settings > Team Members.
  2. Click Invite team member to add a team member or click then Edit to modify an existing member.
  3. Locate workspace-level permissions at the bottom. Click the radial for Custom. A list of workspaces will appear.
  4. Assign or remove roles across each workspace.
    • If you don’t have many workspaces, you can change the role from the dropdown for each workspace.
      At the bottom of the Invite team member page, there is a a section titled Workspace level permissions. The radial to the left of Custom is selected. Below that is a table with two columns for the name of a workspace and the role the person has in the workspace. The box to the left of each workspace is checked. The first is Workspace 1 and the role Workspace admin is selected. The second is Workspace 2 and the role Author is selected.
      At the bottom of the Invite team member page, there is a a section titled Workspace level permissions. The radial to the left of Custom is selected. Below that is a table with two columns for the name of a workspace and the role the person has in the workspace. The box to the left of each workspace is checked. The first is Workspace 1 and the role Workspace admin is selected. The second is Workspace 2 and the role Author is selected.
    • If you have many workspaces:
      1. Check the box next to each workspace you want to assign the same access for.
      2. Click Select role at the top of the table to assign roles or click Reset to unassign access to workspaces. If you want to assign a role, select the role from the right hand panel. For Authors and Viewers, decide whether to hide attributes.
        On the Invite team member page, there is a right-hand panel that takes up about one fifth of the screen. It is titled Select role. It lists Workspace admin, Author, and Viewer. The Viewer radial is selected. Hide attributes is not checked.
        On the Invite team member page, there is a right-hand panel that takes up about one fifth of the screen. It is titled Select role. It lists Workspace admin, Author, and Viewer. The Viewer radial is selected. Hide attributes is not checked.
      3. Click Confirm. The table will update to reflect your selection.
  5. Click Send invite or Save in the top right. If you created a new team member, they will receive an email invitation. If you updated a team member, they will not receive an email.

Edit team members

Account Admins can edit other team members’ names, email addresses, roles, and the workspace(s) they have access to. Account Admins as well as Members can edit their own names and emails.

  1. Go to Account Settings > Team Members.
  2. On the right, click then choose Edit and make your changes.
  3. Click Save.

Delete team members

To delete or remove a team member, you must be an Account Admin.

You might need to remove team members if they leave your organization. Removing a person does not impact content in your account—anything a person did as a member of your account will remain after you remove them from your team. If you only need to change someone’s settings - their name, email address, roles, or the workspace(s) they have access to - you can edit the team member instead.

  1. Go to Account Settings > Team Members.
  2. Find the team member you want to remove. Click then Delete.
  3. Confirm the action.

Reset a team member’s password

If a team member forgets their password or their password is compromised, you can reset it on behalf of a team member.

  1. Go to Account Settings > Team Members.
  2. Find the team member. Click then Reset password.

We’ll send the team member an email with instructions to reset their password.

Having trouble accepting an invitation?

Did you create a trial account under your email address or did you previously belong to a different Customer.io account?

Your email address can only belong to a single account in Customer.io. So, before you can accept the invitation, we need to free up your email address.

  1. If you created a trial account under your email address, cancel your trial.
  2. Contact us to disconnect your email address from the trial account.

FAQs

How many team members can I have?

You can have up to 300 total team members. Contact us if you need more than 300 team members.

Can I make a team member a Viewer for one workspace, but an Author for another workspace?

Yes! When you add or edit a team member, go to “Workspace-level permissions,” click “Custom,” then assign roles to each workspace.

Why can’t I see all of our team members in my list?

Account Admins see all team members. Members only see team members assigned roles in one or more workspaces they have access to.

Why can’t I see all of our workspaces in my list?

Workspace Admins, Authors, and Viewers only see the workspaces they can access. Ask an Account Admin to add or remove workspaces from a team member’s list.

Have other questions or feedback?

Email win@customer.io to get in touch with our support team.

Copied to clipboard!
  Contents
Is this page helpful?