Invite and manage organization members.
OneOrg member management works best when admins treat every invite as an access decision: add the person, assign the right role, then review whether that access still matches their responsibility.
Membership workflow
Organization membership is managed from the Members area in settings. Admins can add a user directly or send an invitation by email. Keep the workflow simple: confirm the person's identity, choose the invitation path, assign the least-permissive role that lets them do the work, then review the pending invitation separately from active members.
Use roles deliberately. A new member should usually start with the narrowest role that matches their job. Move them to admin only when they need to manage organization-level settings, members, provider keys, MCP tools, integrations, or other governed capabilities. If the default roles are too broad, create a custom role instead of making the person an admin.
Review pending invitations as operational debt. If an invite is stale, cancel it and issue a new one when the person is ready to join. If a member changes teams or leaves the project, update their role or remove them before cleaning up related project access.
The useful pattern is add, scope, review.
A useful access review asks three questions: who still needs access, what role do they need now, and which pending invites should be removed. Run that review after onboarding waves, contractor changes, client transitions, and major project handoffs. Do not wait for a security incident to clean up membership. If a person needs temporary elevated access, agree on the review point before granting it. That keeps admin access from becoming permanent just because nobody remembered to remove it.
Access review habit
Use member management when you need to add a teammate, invite someone into the organization, adjust their role, rotate access after a responsibility change, or remove a person from the workspace. Pair it with Organization roles and permissions when access needs to be narrower than the default role ladder.
Do not use member management as a substitute for project membership, channel privacy, or MCP tool restrictions. Membership answers who belongs to the organization. Other settings answer what that person can do in a specific workspace, channel, or tool surface.