General organization settings

These general settings allow you to configure miscellaneous settings for your organization:

  • Organization name: This is the name of your organization as it is displayed across FTE Tree. When you update it here, it will be updated across your entire account, including the account name for your billing.
  • Time zone: Select the time zone for your organization. Dates and times throughout FTE Tree are displayed in each user's selected time zone. New accounts default to the organization's time zone, and users can change their time zone at any time.
  • Settings message: This is a general message displayed when a user attempts to access a page they may not have access to, or there is no data available for them to view on that page.
  • Limit email domains: Restricts invitation email addresses and outbound organization email delivery to exact domains you list. Leave this blank to allow any domain.
  • Import number format: Controls how import job references are displayed. The default format is IMP-0001; the hyphen is part of the prefix and can be removed by changing the prefix.

How time zones work

FTE Tree stores all dates and times in UTC. This standardization allows coordination across users in different time zones. FTE Tree also accounts for changes such as daylight saving time and leap years.

System-generated timestamps, such as those for approval requests or position version updates, are displayed in each user's selected time zone. FTE and cost values for a position are calculated as of today's date in the organization's default time zone.

Organization users

Organization users are the people you have given access to your organization's account. Each user has their own account, independent of your organization's account, allowing them to be part of multiple organizations. You can remove a user's access at any time.

Access is managed through access roles. A user can belong to one or more access roles, and each role grants permissions with its own department access.

The Settings home page is a searchable directory. It shows only the sections and links that match your access and any organization features that are enabled for your account. Use the search box to find settings by label or common terms such as "access", "billing", "approval", or "audit".

For user administration, this means:

  • Users appears for users who can view, invite, update, deactivate, review, or manage sessions for organization users.
  • Access roles appears for users who can view access roles, manage access roles, assign user access, manage department access rules, or manage external group mappings.
  • Access review appears for users with access-review visibility.
  • User sessions appears for users who can manage organization user sessions.

Organization user sessions are separate from the user's general account sign-in. Revoking organization sessions ends workspace access for the affected organization, and the user must re-enter the organization under the current security policy.

Some permissions control actions inside another page rather than opening their own standalone settings page. For example, Deactivate users is available from an individual user record, and Assign user access is available through user invitations, user records, and access role membership tools.

Inviting new users

Users are added through Settings > users > invitations. Create a new invitation with the user's email address, access dates, and access roles if you also have access-assignment authority. The invitation is stored as a pending organization user until the recipient accepts it, so access can be reviewed and adjusted before access begins.

Active invitations send the first email when they are created. Invitations with a future start date remain scheduled and send after they become active. Editing an invitation updates the pending access record but does not resend the email; use the reminder action when you want to send another invitation email manually.

The recipient accepts the invitation from User profile > invitations after signing in. They must use an account with a verified email address that matches the invited email address. Existing users and new users follow the same invitation list and acceptance flow.

Invitation statuses include:

  • Scheduled: The invitation start date is in the future.
  • Active: The invitation can be accepted.
  • Expired: The invitation is past its end date.
  • Deactivated: The pending invitation has been turned off.
  • Accepted: The invitation has been accepted and is now an active organization user.
  • Blocked: The invitation cannot currently be accepted, usually because the organization subscription limit has been reached.

If Single sign-on, MFA, or domain restrictions are enabled, the invitee must also satisfy those security requirements before accessing the organization.

Security policy changes such as enabling SSO, changing an enforced identity provider, or requiring MFA can invalidate existing organization workspace sessions. This protects the organization by making users re-enter under the updated requirements.

Managing user access

Administrators can update an active user's access from the organization user list. Assign or remove access roles to change what the user can do. Inviting a user, updating user profile information, and assigning access roles are separate permissions so organizations can separate onboarding from access administration.

Access role membership may be managed by an administrator or through an identity-provider group mapping. A user cannot change their own access roles, and an access administrator cannot assign a role containing permissions they do not already have.

If a membership is externally managed, review the identity-provider group mapping before making local changes. External groups map to local access roles only; permissions and department access remain controlled inside FTE Tree.

Create or update access roles rather than managing one-off user access. Role-based access is easier to audit, easier to update when permissions change, and better suited for organization defaults.

Invitation settings

The following settings control how invitations are managed:

  • Default optional additional message to user in invite email: Sets a default message for new user invitations.
  • Invite reminder email days: Sets the number of days between reminder emails.
  • Invite reminder email days back-off: Increases the delay between reminder emails.
  • Invite reminder email total: Limits the total number of invitation emails sent to a user.
  • Invite reminder email business days only: Counts only business days between reminder emails.
  • User invitation days open: Limits the number of days an invitation is active.

Security settings

Security settings such as Multi-factor authentication (MFA) and Single sign-on (SSO) are managed separately under Settings > Security. Organization email domain restrictions are managed in Settings > Organization > General settings. For full details, see Authentication and security.

Approval delegations

Approval delegations allow one user to approve requests on behalf of another user. This is useful when an approver is unavailable or needs a trusted delegate to handle approvals on an ongoing basis.

How it works

When a delegation is active, the delegate will see the delegator's approval requests in their own Dashboard and approval lists. They can approve, deny, or take any action just as the original approver would.

Admin management

Administrators with the required user-management access can manage delegations from the user settings area. Administrators can create delegations between any two users in the organization.

Self-service delegation

If enabled by your organization, users can create their own delegations without admin involvement. To enable this feature, navigate to Settings > organization settings and enable Allow self-service delegation.

Delegation fields

  • Delegator: The user whose approval requests will be handled by the delegate.
  • Delegate: The user who will be approving requests on behalf of the delegator.
  • Start date: The date when the delegation becomes active.
  • End date: The date when the delegation expires. Leave this blank for a delegation with no expiration.
  • Active: Whether the delegation is currently enabled.
  • Reason: An optional note explaining the purpose of the delegation.

A user cannot delegate to themselves, and each delegator/delegate pair can only have one record. Delegation does not bypass separation of duties: a delegate who is also the requester of a request cannot approve that request through delegation.

Need help?

If you have any questions about configuring your organization or managing users, please contact us or email us at support@ftetree.com.