Announcing our new API documentation!
Check it out here
Knowledge Base
/
Managing Users

Managing users in your organization

Complete reference for inviting users, assigning permission levels, managing API tokens, and using SSO.

On this page:

Overview

Your SiteDetour organization can have an unlimited number of users. Each user has exactly one permission level in the org; they can optionally be members of teams for resource-level scoping. This article is the complete reference.

Permission levels

SiteDetour implements Role-Based Access Control. Four roles:

  1. Owner — the super-user role. Full access to every resource, plus exclusive rights to manage the subscription, payment method, and transfer ownership. Exactly one Owner per organization. Ownership transfers are handled through support.
  2. Administrator — full read/write on redirects, Smart Links, landing pages, audiences, analytics, and users. Cannot change the subscription or transfer ownership.
  3. View/Edit — full read/write on resources. Cannot manage users, change the subscription, or modify organization-wide settings.
  4. Read Only — read access only. Can view resources and analytics but cannot create, edit, or delete anything.

All four roles can generate their own API token. The token inherits the user's permission level.

Inviting a user

Go to Organization and click Invite New Member. Required fields:

  • Name
  • Email address
  • Access Level

SiteDetour sends a verification email. The invitee clicks the link, sets a password, and logs in. Until their email is verified, they appear with an Email not confirmed warning on the Organization page.

Changing a user's permission level

On the Organization page, use the dropdown next to each user's row. Changes take effect immediately — the user's existing session is re-checked on the next request and API tokens start honoring the new permission level without rotation.

Removing a user

Click the delete icon on the user's row. This:

  • Revokes the user's active SiteDetour session.
  • Invalidates their API token immediately.
  • Leaves any resources they created in place (the creator field points at a deleted user stub).

If the user comes back later, you can re-invite them — they'll get a new account and new token.

API tokens and user permissions

Every user can generate an API token from API. The token authenticates API requests using that user's permission level. A Read Only user's token cannot create redirects, by design.

For automated systems (CI/CD, webhooks, scheduled jobs), create a dedicated service user and invite them like a normal member. Assign the minimum permission level needed for the job. This keeps the audit log clean — actions are attributable to the service user rather than a real human.

SSO and user management

If your organization has SSO enabled (Business and Enterprise), users still need to be added to the Organization page before they can sign in via SSO. SiteDetour does not auto-provision users from the IdP; this is intentional so that the permission level is stored and controlled in SiteDetour, not in your directory.

Once a user is added on the Organization page, they can sign in at sitedetour.com/login/sso. See SSO overview.

MFA enforcement

On Business/Enterprise plans, Administrators can require MFA for every user. See Enabling MFA. Users who sign in via SSO authenticate through the IdP; their MFA is controlled by the IdP.

Using teams

Teams subdivide an organization's users and resources. See Teams Support.

Audit trail

Every user CRUD, permission change, and invitation is captured in the Activity Log.

Next steps

SiteDetour Logo
Join our newsletter to stay updated on features and releases.
By subscribing, you agree to our Privacy Policy and consent to receive updates from our company.
Thank you! Please check your inbox for a confirmation email.
Oops! Something went wrong while submitting the form.
Product
Support
Documentation
Find us
© All rights reserved. Sitedetour.com
Terms of ServicePrivacy Policy