Managing users

User management in DonorIntel is about matching real-world employment and volunteer relationships to accounts that authenticate through WorkOS—without leaving dormant logins or ambiguous shared credentials. This guide covers day-two operations: changing roles, suspending access, and coordinating with IT when someone’s corporate identity changes.

Tenant admins and security-conscious team leads are the primary audience.

Overview

Every user should map to a single named individual; shared inboxes belong in integrations, not as human users with super-admin rights. When roles change, update RBAC in DonorIntel and your IdP in the same change window so SSO group mappings do not fight manual assignments.

Offboarding is a security event: deactivate the user, review permission overrides they may have held, and scan activity logs for recent sensitive exports or bulk edits. Procedures for access reviews (quarterly or annual) will be expanded here as we publish checklist templates.