DDMARC

Documentation

Learn how to integrate and use DDMARC

Docs/Using DDMARC/Teams
5 minutes

Team Management

Invite team members, assign roles, and collaborate on email authentication management across your organization.

User Roles

DDMARC uses role-based access control to manage what team members can do:

Owner

Full access including billing, team management, and all domains

  • Manage billing
  • Invite/remove users
  • Manage all domains
  • Configure integrations
  • Delete organization

Admin

Manage domains and team members, but no billing access

  • Invite/remove users
  • Manage all domains
  • Configure integrations
  • Manage alerts

Member

View and manage assigned domains only

  • View assigned domains
  • Manage assigned domains
  • Configure personal alerts

Viewer

Read-only access to assigned domains

  • View assigned domains
  • View reports
  • No configuration access

Inviting Team Members

1

Navigate to Team Settings

Go to Settings → Team in your dashboard.

Dashboard → Settings → Team → Invite Member
2

Enter Email Address

Enter the email address of the person you want to invite. They will receive an invitation email with a link to join.

colleague@company.com
3

Select Role & Domains

Choose the role for the new member and optionally restrict access to specific domains.

Role

Admin, Member, or Viewer

Domain Access

All domains or specific selection

4

Send Invitation

Click Send Invitation. The recipient has 7 days to accept before the invitation expires.

Invitation Sent

Pending invitations appear in the team list with "Invited" status.

Managing Team Members

After members join, you can manage their access from the Team page:

Change Role

Promote or demote a member to a different role

Update Domain Access

Add or remove access to specific domains

Remove Member

Revoke access and remove from team

Resend Invitation

Send a new invitation email if pending

View Activity

See recent actions by the team member

Transfer Ownership

Make another admin the organization owner

Domain-Level Access Control

For larger organizations, you can restrict team members to specific domains:

Example: Marketing Team Access

MemberRoleDomains
marketing@company.comMembermarketing.company.com, news.company.com
it@company.comAdminAll domains
ciso@company.comViewerAll domains (read-only)

Tip: Use domain-level access to give different teams visibility into only the domains they manage, while keeping central oversight with Admins.

Enterprise

Single Sign-On (SSO)

Enterprise plans support SAML-based SSO integration with your identity provider (Okta, Azure AD, Google Workspace, etc.). Users are automatically provisioned and roles can be synced from directory groups.

Learn about SSO setup

Audit Log

Track all team activity with the audit log (available on Team and Enterprise plans):

2 hours agoadmin@company.comInvited user marketing@company.com
Yesterdayadmin@company.comChanged role for it@company.com to Admin
3 days agoowner@company.comRemoved user contractor@agency.com
1 week agoadmin@company.comAdded domain access for marketing@company.com

Best Practices

  • Have at least two Admins for redundancy
  • Use Viewer role for stakeholders who only need reports
  • Review team access quarterly and remove inactive users
  • Use SSO for enterprises to centralize access control

Next Steps

Domain Management

Learn how to add and configure domains

Configure Alerts

Set up notifications for your team