Skip to content
Create account
 or
Sign in
The Stripe Docs logo
/
Create account
Sign in

Manage access to your organisation

Invite and manage access for team members in your organisation.

Copy page

You can manage your organisation’s team member permission levels from your Team and security settings. Administrators can:

  • Add members to or remove them from an organisation or its accounts.
  • View all members across an organisation or account.
  • Change the user roles assigned to any member.
  • Invite up to ten users to a given role.
  • Manage two-factor (2FA) authentication settings for a member or the entire account.
  • View the security history of all members.

Organisation versus account roles

You can assign users access to your entire organisation or individual accounts within your organisation. Organisation-level roles grant users access to all accounts within the organisation, including the organisation itself. Account-level roles let users access a specific account with the assigned role.

A user can have roles at both the organisation and account levels. However, organisation-level roles are automatically inherited at the account level. For example, you can’t give someone admin rights for the organisation but view-only access for an account within that organisation. Conversely, you can assign admin rights for a specific account without granting organisation-level admin access.

  • Manage your organisation’s team members: Manage user access and roles for specific accounts under the organisation’s Team tab. You can also manage team members by granting access to multiple accounts simultaneously or providing access to the entire organisation. You can only access this page if you have an organisation-level role.

  • Manage an account’s team members: Add, remove, and edit team members of an account, and update the roles of users associated with that account under the account’s Team tab.

For example, assume you have three accounts: Banking, Finance, and Consulting. In this case, organisation- and account-level roles work as follows:

  • Organisation-level role: Assign a user the IAM Administrator role to grant that role in all three accounts and the organisation itself. This provides access to team management for all three accounts and organisation-level team management.

  • Account-level role: Assign a user the IAM Administrator role in the Banking account to limit their access to the IAM role within that account. They can manage account-level teams only within the Banking account. This role doesn’t grant access to other accounts or organisation-level team management.

Update your organisation

You can view all of your organisation’s team members under the Team tab. Additionally, you can:

  • Invite new members.
  • Edit members.
  • Grant members access to one or more additional accounts.
  • Remove members from your organisation.

You add, remove, and edit team members using the following processes from either the organisation or account Dashboard. The only difference is that the account Dashboard only shows actions available for that specific account.

Add a team member

To add new team members:

  1. Navigate to the Team tab.

  2. Click Add member.

  3. Add one or more email addresses, separated by space or comma. Adding users together allows you to assign them all the same roles and access simultaneously.

  4. Select which roles to assign. Users can hold multiple roles within the same account.

  5. Select which accounts to apply the selected roles to.

    • Select one or more accounts to grant the role permissions only in those accounts.
    • Select the organisation to grant the role permissions for the organisation and all accounts within the organisation. Grant the lowest permission required by the user because you can still grant different roles at the individual account level.

  6. Click Assign additional roles to choose different roles to assign for other accounts.

  7. After completing the role assignment for all the accounts, review the configuration, and click Send invites to email the specified users with the steps to accept the invitation.

Remove a team member

To remove an existing team member:

  1. Navigate to the Team tab.

  2. Click the overflow menu () in the user’s row to remove them. You can also click Remove member in the user’s profile.

  3. After you remove a user, they immediately lose access to the organisation.

Edit a team member’s access

To edit an existing team member’s access:

  1. Navigate to the Team tab.

  2. Click the user’s profile from the list of team members.

  3. Click Manage roles.

  4. In the overflow menu () next to the user’s role, click Edit. In the Manage roles drawer, you can also remove or add user roles.

  5. Select the accounts where you want this user to have these new roles. You can add new accounts, remove accounts, or grant organisation-level access.

View all team members

To view all team members within an organisation, navigate to the Team tab. From here, you can also export the entire user table as a CSV file, and filter by:

  • Account
  • Roles
  • Status
  • Name
  • Email

Authenticate team members

Stripe supports 2FA through TouchID, security key, SMS, and authenticator apps, such as Google Authenticator. As an additional security measure, Stripe recommends that all users register for 2FA.

Require 2FA for all users

Only an organisation Administrator or Super Administrator can require 2FA for all team members.

  1. Navigate to the User authentication tab.

  2. Enable Require two-step authentication for all team members.

After you enable this option, all users must register a 2FA device during their next login. This requires them to complete a 2FA challenge during subsequent login attempts.

Reset 2FA for a single user

If a single user loses access to their 2FA devices, an Administrator or Super Administrator must reset the compromised user’s 2FA settings from the account level:

  1. Navigate to the account’s Team tab.

  2. Click the compromised user’s profile.

  3. Click Reset two-factor authentication.

Stripe sends an email to the compromised user’s registered email address with instructions on how they can reset their 2FA devices. You can’t do this by going to the user’s profile at the organisation level.

View your security history

To view your organisation’s security history, navigate to the Security history tab. Here, you can filter your security history by date or action. The Action filter includes hundreds of actions across different categories, including User security, Team, API, and a number of Stripe products. You can also export your entire security history as a CSV file.

Was this page helpful?
YesNo
Need help? Contact Support.
Join our early access programme.
Check out our changelog.
Questions? Contact Sales.
LLM? Read llms.txt.
Powered by Markdoc