Overview

Organization settings control the shared workspace details for your FTE Tree organization. User and access settings control who can enter the workspace, what they can do, and which departments they can access.

Keep these settings current before expanding rollout, importing data, or adding approval workflows. Organization settings affect sign-in, notifications, reports, imports, and the way users identify the workspace.

Access needed

Activity Access needed
Update organization settings Manage organization profile
View users View users
Invite users Invite users
Assign access Assign user access
Review user sessions Security or user-session access
Access setup See Permissions and roles.

General settings

General organization settings can include:

  • Organization name.
  • Organization time zone.
  • FTE Tree address.
  • Organization help note.
  • Import and report numbering settings.
  • Default comment email behavior.

The organization time zone affects displayed dates, reminders, reports, and effective-date defaults.

The FTE Tree address is the link users open for your organization. Change it only with care because bookmarked links and user instructions may need to be updated.

The organization help note can give users a short organization-specific instruction, such as who to contact before submitting a position request or where to find local policy guidance. Keep it concise and avoid storing confidential information there.

Invitations

Use invitations to add users to your organization.

  • Invitations are sent by email.
  • Users must create an account or sign in with an existing account and accept the invitation.
  • Invitations can be active, scheduled, expired, cancelled, accepted, or blocked.
  • Cancel invitations that should no longer be accepted. Cancelled invitations remain visible for history.

Assign access roles when inviting users if you have access-assignment authority. Administrators can assign only roles they are allowed to grant.

If an invitation is blocked, expired, or sent to the wrong address, correct it before the user accepts. A cancelled invitation cannot be accepted, but it remains visible so administrators can understand what happened.

When email domain restrictions are enabled, invitation addresses must match an allowed domain. The invitee must also accept with a verified email address that matches the invitation.

Existing users

The user list shows active and inactive organization users. From a user detail page, authorized administrators can review access, sessions, Activity history, and contact details.

Deactivate a user when they should no longer access the organization. Deactivation preserves historical evidence on positions, requests, comments, imports, and reports connected to that user.

Do not rename or reuse a user account to represent another person. Each person should have their own account so approvals, comments, imports, and Activity history remain clear.

Reactivation restores organization membership, but it does not automatically grant new responsibilities. Review the user's roles, department scopes, MFA posture, and active sessions before returning access.

Access assignment

Access roles grant permissions. Department scopes limit where department-sensitive permissions apply. Keep role assignments focused on real responsibilities.

Sensitive roles such as Billing admin, Security admin, Sensitive data admin, and Collaboration admin require appropriate assignment authority. Access admin alone should not grant a role whose permissions exceed the administrator's own authority.

Use department scopes when a user should manage or view only part of the organization. For example, a department leader may need position and approval access for one department branch, while a finance administrator may need reports across the full organization.

Review access after department reorganizations. A department move can change which records fall under a scoped assignment.

Sessions and account activity

Security administrators can review user sessions and revoke sessions when needed. Users can also manage their own profile, authentication methods, and active sessions from their account settings.

Revoke sessions when a device is lost, a user changes roles, an account is suspected to be compromised, or a user should be forced to sign in again after security settings change.

Access review

Run the Access review report to review assigned roles, department scopes, external group sources, MFA or SSO posture, and recent access-change activity.

Use access review before audits, after a rollout, after department restructuring, and whenever sensitive roles are changed. Keep a clear separation between people who manage security, billing, sensitive data, and ordinary staffing work when your organization has enough administrators to support that separation.

Practical setup checklist

Before inviting a large group of users:

  1. Confirm the organization name, time zone, FTE Tree address, and help note.
  2. Confirm allowed email domains and sign-in requirements.
  3. Configure the roles users need for their responsibilities.
  4. Decide which roles require department scopes.
  5. Test an invitation with one user before inviting a larger group.
  6. Review the Access review report after users accept their invitations.