Overview

The User Management page allows administrators to view all organization members, manage roles, invite new users, and track user activity. Access at /admin/users.
Access Required: Admin or Owner role

User Roles

RippleCore uses a three-tier role system:

Owner

Permissions: Full access to everything including:
  • Billing and license management
  • Organization settings
  • User management
  • All evidence modules
  • Analytics and reporting
Limitations: Cannot be removed (transfer ownership first)

Admin

Permissions: Administrative access including:
  • User management
  • Analytics and reporting
  • Organization settings (except billing)
  • All evidence modules
Limitations: Cannot access billing or change license tier

Member

Permissions: Standard user access including:
  • Create and view own evidence
  • Participate in evidence modules
  • View personal analytics
  • Submit wellbeing surveys
Limitations: Cannot access admin portal or manage other users

Member List

The user management interface displays all organization members with:
User ID
string
Unique identifier from better-auth
Email
string
User’s email address (primary identifier)
Role
Owner | Admin | Member
User’s permission level with color-coded badge
Join Date
date
When user accepted invitation or signed up
Status
Active | Inactive
Based on last login (30-day threshold)
Actions
buttons
Edit role, Remove user (with confirmation)

Member Statistics

Real-time counts displayed at top of page: 
Total Members: 42
Owners & Admins: 3
Regular Members: 39
Purpose: Quick overview of organization composition

Inviting Users

Invite Process

  1. Click “Invite User” button
  2. Enter email address
  3. Select role (Admin or Member)
  4. Send invitation
Owners can only be promoted from existing members, not directly invited.

Invitation Flow

Invitation Email

Includes:
  • Organization name
  • Role being offered
  • Acceptance link (7-day expiry)
  • Welcome message

Role Management

Changing Roles

Current: View-only role badges Planned (Phase 2): Inline role editing Process:
  1. Click “Edit” next to user
  2. Select new role (Owner/Admin/Member)
  3. Confirm change
  4. User’s permissions update immediately

Role Permissions Table

FeatureOwnerAdminMember
View own evidence
Create evidence
View org analytics
Manage users
Invite users
Edit org settings
Manage billing
Transfer ownership

Role Change Examples

Promote to Admin: 
User: john@example.com
Current role: Member
New role: Admin
Reason: Taking on ESG champion responsibilities
Demote to Member: 
User: jane@example.com
Current role: Admin
New role: Member
Reason: Role change within company

Removing Users

Removal Process

Current: View-only with remove button Planned (Phase 2): Confirmation dialog Steps:
  1. Click “Remove” next to user
  2. Confirm deletion (cannot undo)
  3. User immediately loses access
  4. Evidence data retained (organization-scoped)
Removing a user cannot be undone. Their evidence remains in the system but they lose access.

What Happens to User Data?

When a user is removed:
  • Evidence retained (kindness, volunteer, donations, wellbeing)
  • Analytics preserved (organization-level stats include their data)
  • Login disabled (immediate effect)
  • Session terminated (logged out)

Re-Inviting Removed Users

If you remove someone by mistake:
  1. Send new invitation to their email
  2. They create new account
  3. Previous evidence not automatically linked
  4. Consider data migration (contact support)

User Activity Tracking

Last Active

Calculation: Most recent session creation time Display: Relative format (“2 days ago”, “1 month ago”) Use Cases:
  • Identify inactive users for license optimization
  • Ensure admins are actively monitoring
  • Detect onboarding issues (never logged in)

Activity Thresholds

Active
<30 days
Regular user engagement
Inactive
30+ days
No recent login, candidate for deactivation
Never Logged In
No sessions
Invited but never accepted or signed up

API Integration

User management via REST API:

List Users

GET /api/admin/users
Response: 
{
  "data": {
    "users": [
      {
        "id": "user_abc123",
        "email": "john@example.com",
        "role": "admin",
        "joinedAt": "2025-01-01T00:00:00Z",
        "lastActive": "2025-01-15T10:30:00Z",
        "status": "active"
      }
    ],
    "stats": {
      "total": 42,
      "owners": 1,
      "admins": 2,
      "members": 39
    }
  }
}

Invite User

POST /api/admin/users/invite
{
  "email": "newuser@example.com",
  "role": "member"
}

Best Practices

Regular Audits

  • Monthly: Review user list for inactive accounts
  • Quarterly: Verify role assignments match responsibilities
  • Annually: Clean up users who have left company

Role Assignment

  1. Start with Member - Promote as needed
  2. Limit Admins - Only those needing full access
  3. Protect Owner - Transfer only when necessary

Invitation Management

  • Send invitations immediately after user confirmation
  • Follow up on unaccepted invitations after 3 days
  • Revoke expired invitations and resend if needed

Common Scenarios

Onboarding New Hires

Situation: 5 new employees starting next week Action:
  1. Prepare invitation list with emails
  2. Assign “Member” role initially
  3. Send invitations 1 day before start date
  4. Follow up on acceptance

Role Change (Promotion)

Situation: Member becomes ESG champion Action:
  1. Promote to Admin role
  2. Notify user of new permissions
  3. Provide admin training resources
  4. Update internal documentation

Offboarding

Situation: Employee leaves company Action:
  1. Remove user access immediately
  2. Evidence data remains for compliance
  3. Update license usage
  4. Transfer ownership of any resources

Troubleshooting

Causes:
  • Email in spam folder
  • Incorrect email address
  • Email delivery delay
Solutions:
  • Check spam/junk folders
  • Verify email spelling
  • Wait 10 minutes, then resend
Cause: User is organization ownerSolution: Transfer ownership to another user first, then remove.
Cause: Session cache (max 8 hours)Solution: Sessions expire within 8 hours. For immediate effect, user must log out or clear cookies.
Cause: Removed users vs. active sessionsSolution: License tracks active sessions (24h), not total users. See License Management for details.

Next Steps

License Management

Monitor usage and optimize costs

Organization Settings

Configure company details
Need Help? Contact support@ripplecore.co.uk for user management assistance.