Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.lasscyber.com/llms.txt

Use this file to discover all available pages before exploring further.

Organizations use Auth0 Organizations under the hood, which gives Agnes a first-class invitation flow: you enter an email, Agnes asks Auth0 to send a signed invitation link, the recipient clicks it, signs up or signs in, and lands inside your organization with the role you picked.

Sending an invitation

  1. Sign in at agnes.lasscyber.com and switch to the right organization in the tenant switcher.
  2. Open Settings → Teams (or agnes.lasscyber.com/teams).
  3. Click Invite member.
  4. Enter the recipient’s email address and pick a role (default: member). See Roles & permissions for what each role can do.
  5. Send. Auth0 emails the recipient an invitation link signed with your organization’s identity.
The invitation row shows up under Pending invitations until the recipient accepts. You can revoke at any time before acceptance.

Required role

Sending invitations requires tenant:invite_users. Owners and admins have it; members and viewers do not.

Programmatic invitations

Available via POST /api/v1/tenants/{tenant_id}/invitations (JWT auth only — invitations are admin-managed). See the auto-generated API reference.

Accepting an invitation

The recipient receives an email with a one-click link. Clicking it:
  1. Routes them through Auth0 Universal Login.
  2. Creates an Auth0 user if one does not exist (passwordless / social options follow your Auth0 tenant config).
  3. Adds them to the Auth0 Organization as a member.
  4. Triggers Agnes’s first-sign-in flow, which creates the corresponding Agnes user record bound to your tenant with the role from the invitation.
The recipient can then sign in to agnes.lasscyber.com and pick your organization in the tenant switcher. If the recipient is already an Agnes user (because they’re already in another tenant), the invitation simply adds your tenant to the list they can switch between.

Revoking an invitation

Pending invitations show a Revoke action. Revoking deletes the Auth0 invitation and prevents the link from being used. Already-accepted invitations cannot be “revoked” — to remove an accepted user, see Removing a member below.

Changing a member’s role

In Settings → Teams, click a member row and pick a new role. Changes take effect immediately on the next request that user makes; their existing Auth0 session is not invalidated, but the API re-evaluates their role on every call. Owners can change any role. Admins can grant member / viewer. Admins cannot grant owner (only owners can transfer ownership; see below).

Removing a member

In Settings → Teams, click a member row and pick Remove. The user is removed from your tenant immediately:
  • Their Auth0 Organization membership is deleted.
  • Their Agnes user record is detached from your tenant. (The Auth0 user account itself is not deleted; they may still belong to other tenants.)
  • All their API keys (if any) are deleted.
A removed user retains no data access. If you accidentally remove someone, re-invite them; the data they previously authored remains under your tenant.

Transferring ownership

Today, ownership transfer is a manual step — file a ticket from agnes.lasscyber.com/support and the team will handle the transfer. A self-serve flow is on the roadmap.

SSO

If your Auth0 tenant has an enterprise connection (SAML / OIDC), you can pin your organization to that connection so members must sign in via SSO. Configure this in Auth0’s organization settings, not in Agnes.

Next