Skip to main content
The Staff page allows the super-administrator to invite team members and assign them to specific roles and brand scopes. Instead of sharing credentials, each staff member logs in using their own email, password, and optional two-factor authentication (2FA).

Getting here

  1. Log in to the OwnPay admin dashboard
  2. Under the PEOPLE section in the left sidebar, click Staff

Page sections

1. Staff members table

Lists all administrative users configured under the active brand:
  • NAME: Display name of the staff member
  • EMAIL: Email address used for authentication
  • ROLE: Assigned role type (e.g., Owner, Manager, or Support)
  • 2FA: Status of Two-Factor Authentication (displays ON or OFF)
  • LAST LOGIN: Timestamp of the user’s last login
  • STATUS: Account status (active or suspended)
  • ACTIONS: Click Edit to update details, reset passwords, or suspend access

2. Add staff member panel

Accessed by clicking the + Add Staff button:
  • Name / Email / Password: Authentication credentials
  • Role Dropdown: Select the role definition to assign
  • Permissions Checkbox Grid: Select specific permission nodes to override or assign to this user

Fields and options reference

Step-by-step: creating a staff member

  1. Click the + Add Staff button in the header
  2. Enter the member’s Name (e.g., John staff) and login Email (e.g., [email protected])
  3. Set a strong Password (e.g., at least 8 characters with numbers)
  4. Select their Role (e.g., Owner)
  5. Choose specific capability flags under the Permissions list if you need to restrict their access
  6. Click Create to save

Permissions resolution flow

When a staff user logs in:
  1. The middleware resolves the user’s role and retrieves default permissions
  2. Any custom permission checkboxes checked under the user’s profile override the role defaults
  3. The user’s sidebar and navigation options are filtered dynamically based on these permission flags. If they attempt to load a restricted page, the router returns a 403 Forbidden error

Best practices

  • Require all staff members to enable Two-Factor Authentication (2FA) under their account profile settings
  • Apply the Principle of Least Privilege by only ticking checkboxes for sections they need
  • Do not share your primary Owner password with other staff members. Create a distinct account for each user
  • Do not set weak default passwords when creating new staff accounts
When creating a staff member, verify that their brand scoping is set correctly. Standard staff members cannot switch to other brands unless explicitly granted multi-brand access in their database profile.

Common mistakes and troubleshooting

Last modified on July 15, 2026