Organizations
Invites and onboarding
Organization onboarding in Tragentics is explicit. The admin chooses an email, chooses permissions, chooses access scope, and then sends an invite. There is no silent “everyone in the company gets full access” shortcut.
Sending an invite
The Invite Member dialog asks the admin for three required things:
- the recipient's email address
- at least one enabled permission
- an explicit access scope
The send button stays disabled until all three are present. Tragentics does not default a member to “all access” or to an empty no-op permission set.
Existing users vs future users
The invite flow works whether the recipient already has a Tragentics account or not.
If the user already exists
Tragentics stores the invite and sends an in-app notification so the user can review and accept it from inside the product.
If the user does not exist yet
Tragentics still stores the invite against that email. When the person eventually signs up with the same email address, the pending invite is waiting for them.
Pending invites
Pending invites appear in two places:
- for admins, inside the organization Members tab under Pending Invites
- for recipients, through the pending invite experience when they have not yet accepted or declined
Pending invites include the email, permission set, access scope, creation time, and expiration time.
A pending invite is considered active only while its status is pending and its expiration time is still in the future. Once the 1-hour window passes, Tragentics normalizes that invite to expired and it no longer blocks a resend.
The original invite notification stays in the user's history. When the invite expires, Tragentics adds a separate notification telling the recipient that the invitation is no longer valid.
Accepting an invite
Accepting an organization invite does more than flip a status flag. It creates the actual organization membership boundary for that user.
On acceptance, Tragentics:
- creates the member record
- creates the member access-scope rows
- sets the user's active organization context
- marks the invite as accepted
That acceptance path is treated as a context transition because the user now has a live org view available to them.
If the invite is already expired by the time the user tries to accept it, Tragentics rejects the action and requires the admin to send a new invite.
Declining an invite
Declining an invite does not create any organization membership rows and does not change active context. It closes the invite immediately and keeps the user out of the organization.
A decline also counts as one invite attempt inside the same rolling 1-hour rate window. That means an admin can resend if needed, but repeated decline/resend loops are still bounded by the 3-invites-per-hour rule.
Resend and anti-spam rules
Tragentics is intentionally strict about re-invites so organizations cannot spam the same address while still leaving room for legitimate retries.
- while an invite is still pending, the admin cannot send another one for that same organization/email pair
- once an invite is declined, it stops being active immediately and a resend is allowed if the rolling 1-hour limit has not been reached
- once an invite expires, it stops being active immediately and a resend is allowed if the rolling 1-hour limit has not been reached
- after 3 invite attempts in the same rolling 1-hour window, Tragentics blocks additional sends until the window moves forward
SSO-aware invites
If the organization has SSO enabled and the admin enters an email address on the configured domain, the invite dialog gives an SSO hint. That does not replace the invite. It just tells the admin that the user will also be able to sign in through the organization's identity provider.
Next
After a member accepts, the most important concept is context: organization context and switching →