For organizations

Bring your whole team.Keep everyone in their lane.

Invite recruiters, reviewers, and compliance into one workspace, give each person a precise role, and protect every account with multi-factor authentication. Access is enforced on the server, so nobody can reach what their role does not allow.

Five roles, per-member multi-factor authentication, and a tamper-evident audit trail.

studentlifeos.com/admin/organization/team
4 active members / 5 on this plan
Invite
J
Jordan Avery
jordan@acme.com
Admin MFA
P
Priya Nair
priya@acme.com
Recruiter MFA
S
Sam Wells
sam@acme.com
Reviewer Enroll
L
Lena Cho
lena@acme.com
Compliance MFA
Collaboration with guardrails

Hiring is a team sport. Access should not be all or nothing.

A recruiter should post roles and talk to students. A reviewer should move candidates, not change billing. Compliance should read the audit log, not your applicants. Give every person exactly the access they need, and nothing they do not.

Invite in seconds

Add a colleague by name and email. They set their own password through a secure, single-use link and join your workspace.

Least privilege by default

Five clear roles map to the work people actually do, so nobody carries more access than their job requires.

Protected and accountable

Per-member multi-factor authentication, required for admins, and a tamper-evident log of every sensitive action.

Invite

Add your team by email in seconds

From the Team tab, invite a colleague by name and email and pick their role. They receive a secure invitation that expires in seven days, set their own strong password, and they are in. We warn you when an email does not match your organization domain, and the invitation link is stored only as a one-way hash, so it can never be replayed.

  • Single-use invitation link, expires in seven days
  • Each person sets their own strong password
  • Domain-mismatch warning when an email looks off
  • See who invited whom, right on the roster
studentlifeos.com/admin/organization/team
Invite team member
Priya Nair
priya@acme.com
This email matches your domain
Admin
Recruiter
Reviewer
Cancel
Send invite

Roles

Five roles, each scoped to the real work

Assign the role that matches the job. Admin runs the organization. Recruiter posts and talks to students. Reviewer moves applicants. Compliance officer audits and exports, read-only on content. Viewer watches the dashboard. Change a role at any time, and the new permissions apply on the very next request.

  • Admin: full access except deleting the organization
  • Recruiter: post roles, message, interview, manage documents
  • Reviewer: move applicants, read documents only
  • Compliance officer: audit logs, DEI, export, read-only content
studentlifeos.com/admin/organization/team
PermissionARRvCV
Team management····
Billing and settings····
Post opportunities···
Move applicants··
Audit log and DEI···
Dashboard and analytics

A admin, R recruiter, Rv reviewer, C compliance, V viewer

Account security

Multi-factor authentication for every member

Every team member can turn on multi-factor authentication, and admins are required to. Until an admin enrolls, they can read the portal but the server blocks every action they take, so the people with the most access are always the most protected. Each person has their own one-time email codes. Nothing is shared, mixed, or stored in plain text.

  • Required for admins, gently enforced by the server
  • Per-member one-time codes, never shared between people
  • Each person manages their own enrollment in Settings
  • Codes go to the member's own primary inbox only
studentlifeos.com/admin/organization/settings
Multi-factor authentication
On for your account
Enter the 6 digit code we emailed you
4
1
9
2
0
7
Admins must enable MFA before they can take actions

Accountability

A clean removal and a record of everything

Role changes, removals, exports, and billing changes are written to a tamper-evident audit log, so you always know who did what and when. When you remove someone, they are signed out of every device instantly and their security enrollment is erased. Nothing lingers, and a re-invited person starts over from scratch.

  • Tamper-evident log of every sensitive action
  • See the previous and new role on every change
  • Removal signs the person out everywhere at once
  • Security enrollment erased on removal, fresh start on re-invite
studentlifeos.com/admin/organization/audit
Tamper-evident activity
Jordan Avery changed Sam Wells from Reviewer to Recruiter
just now
Priya Nair exported the applicant list
2h ago
Jordan Avery removed a deactivated member
yesterday
Lena Cho enabled multi-factor authentication
2 days ago
Clear lines of responsibility

Everyone knows what they own

The organization is responsible for the people it invites and for what they do in the workspace. Each member is responsible for keeping their own credentials secure and for their own actions. The audit log keeps both sides honest, so a sensitive change is never a mystery.

Read the team responsibility terms
  • You invite only people authorized to act for your organization
  • Each member secures their own login and codes
  • Sensitive actions are written to a tamper-evident log
  • Removal is immediate and complete, everywhere at once
  • Role changes apply on the very next request
  • The owner alone can permanently delete the organization

Everything in the Team tab

One place to invite, organize, secure, and account for your whole hiring team.

Email invitations

Add colleagues by name and email with a secure, single-use link.

Five roles

Admin, recruiter, reviewer, compliance officer, and viewer.

Server-enforced access

Permissions hold on every request, not just by hiding buttons.

Required admin MFA

Admins must enroll before they can act, gently enforced.

Per-member codes

Each person has their own one-time codes, never shared.

Role change history

Every promotion or demotion is recorded with before and after.

Tamper-evident audit

Sensitive actions land in a forensic, hash-chained ledger.

Clean removal

Sign someone out everywhere and erase their security enrollment.

Read-only viewers

Give stakeholders visibility without any ability to change things.

Domain warnings

We flag invitations to emails outside your organization domain.

Invited-by attribution

See who invited each person directly on the roster.

Seats that scale

Higher plans include more seats. See Pricing for the exact counts.

Schools and departments get their own team management too, scoped to their portals.

Questions, answered

How do I add people to my organization?

Open the Team tab and invite a colleague by name and email. They receive a secure, single-use invitation link that expires in seven days, set their own strong password, and join your workspace. You assign their role when you invite them, and you can change it any time. Invitations are rate-limited and the link is stored only as a one-way hash, so a leaked email or log can never be replayed to hijack an invite.

What roles can a team member have?

There are five roles. Admin has full access to everything except permanently deleting the organization, which only the owner can do. Recruiter posts opportunities, messages students, runs interviews, and manages the document library. Reviewer moves applicants through the pipeline and reads documents. Compliance officer audits logs, reads DEI analytics, and exports data, read-only on content. Viewer sees the dashboard and analytics and nothing else. Every role is enforced on the server for every request.

Can a team member reach a tab their role does not allow by editing the URL?

No. Permissions are enforced on the server on every single request, not by hiding buttons in the interface. If a viewer types the URL of a billing page or sends a request directly to a restricted endpoint, the server refuses it. Hiding the button is a convenience; the server is the boundary.

Do team members need multi-factor authentication?

Admins are required to turn on multi-factor authentication. Until an admin enrolls, they can read the portal but the server blocks every action they take, so the people with the most access are always the most protected. Multi-factor authentication is available to every role and we recommend it for everyone. Each person manages their own enrollment, with their own one-time email codes. Nothing is shared between members.

Who is responsible for what a team member does?

The organization is responsible for the people it invites and for everything they do in the workspace. By inviting someone you confirm you are authorized to grant them access on the organization's behalf, and each member is responsible for keeping their own credentials secure and for their own actions. Sensitive actions such as role changes, removals, exports, and billing changes are written to a tamper-evident audit log so the organization can always see who did what and when.

What happens when I remove a team member?

Removal is immediate and complete. The person is signed out of every device at once, their multi-factor enrollment and any pending verification are erased, and they lose all access. Nothing is left behind. If you later invite the same person again, they start over from scratch with a fresh account and must set up multi-factor authentication again.

How many team members can I add?

The number of seats included scales with your plan, and higher plans include more. You can see exactly how many seats each plan includes on the Pricing page. The limit is enforced on the server, counting both active members and pending invitations, so it can never be exceeded, even by accepting an old invitation after a plan change.

Get your team in one workspace

Invite your colleagues, give them the right roles, and start recruiting together today.