Team Management
Certivu supports multi-member organizations with role-based access control. Owners invite teammates by email, assign roles, and manage per-member API keys — all from the dashboard.
Plan limits
Section titled “Plan limits”| Plan | Members | Admin role |
|---|---|---|
| Free | 1 (solo) | — |
| Starter | Up to 5 | — |
| Growth | Up to 15 | ✓ |
| Scale | Up to 50 | ✓ |
| Enterprise | Unlimited | ✓ |
Upgrade from Settings → Plan & Usage to increase your seat limit.
| Role | Invite members | Change roles | Remove members | Manage generators | Billing |
|---|---|---|---|---|---|
| Owner | ✓ | ✓ | ✓ | ✓ | ✓ |
| Admin | ✓ | — | ✓ (non-owners) | ✓ | — |
| User | — | — | — | — | — |
Admin role is only available on Growth and above plans. On Starter, you can invite members with User role only.
Every organization must have at least one Owner. The last owner cannot be demoted or removed.
Inviting a team member
Section titled “Inviting a team member”- Go to Team in the dashboard sidebar.
- Enter the invitee’s email and choose a role.
- Click Send invite — Certivu sends an email with a 7-day accept link.
- The invitee clicks the link, sets a password, and is immediately joined to your org.
Pending invites appear in the Pending invites section. You can cancel an invite before it is accepted.
If you reinvite the same email, the previous pending invite is automatically expired and a fresh link is sent.
Accepting an invite
Section titled “Accepting an invite”When you receive a Certivu invite email:
- Click the Accept invitation link.
- Set a password (minimum 8 characters).
- You are immediately signed in and redirected to the dashboard.
Your account is created with your email pre-verified. No separate verification step is needed.
Changing a member’s role
Section titled “Changing a member’s role”Owners can change any non-owner member’s role from the Team page. Select the new role from the dropdown next to the member’s name.
Removing a member
Section titled “Removing a member”Owners and Admins can remove members from the Team page. Owners can remove anyone (including other owners, as long as one owner remains). Admins can remove Users only.
When a member is removed, their personal API keys are no longer valid for API calls.
Per-member API keys
Section titled “Per-member API keys”Each team member has their own personal API keys, separate from org-level keys. Personal keys appear in audit logs with the member’s email — useful for tracing which team member performed a signing action.
Creating a personal API key
Section titled “Creating a personal API key”- Go to Settings → Personal API Keys.
- Click Create API Key.
- Copy the key — it is shown once only and cannot be retrieved again.
- Use this key as the
Authorization: Bearertoken in SDK and API calls.
Revoking a personal API key
Section titled “Revoking a personal API key”From Settings → Personal API Keys, click Revoke next to the key. Revocation is immediate — any integrations using that key will stop working.
Audit attribution
Section titled “Audit attribution”When a signing or verification API call is made using a personal API key, the audit log records the individual member’s email in addition to the org. This enables:
- Identifying which team member signed a specific piece of content
- Tracing incidents (“who signed this image at 2am?”)
- Per-member activity reporting
Org-level API keys (from Settings → the org-wide key section) attribute events to the org but not to a specific member.