Invite links

Invite links let you onboard new users without sharing passwords out of band. The recipient clicks the link, sets their own password, and their account is created scoped to the correct tenant with the correct role.

How invite links work

An MSP admin or client admin generates an invite for a specific email, role, and tenant
Tether generates a single-use token and returns a link like: https://atechsolutions.org/invite/abc123...
You share the link with the recipient (email, Slack, wherever)
The recipient opens the link and sees a branded account setup page (showing the client's logo and name)
They enter their name and choose a password
Their account is created and they are logged in immediately
The token is marked as used and cannot be reused

The invite page is white-labelled

When a client user follows an invite link to acme.atechsolutions.org/invite/token, they see the Acme Corp logo and accent colour — not Tether branding. They set their password and land directly in the Acme client portal.

Creating an invite

Inviting a client user (MSP admin)

Go to Clients
Click Invite next to the client you want to add a user to
Fill in the invite form:
- Email — the recipient's email address (pre-fills on the invite accept page)
- Name — optional pre-fill for their display name
- Role — the role the user will have after accepting
- Expires in — 24 hours, 3 days, or 7 days
Click Generate Invite Link
Copy the link and share it with the recipient

Inviting MSP staff

Go to Users in the MSP sidebar
Click Invite
Select an MSP role (msp_admin or msp_technician)
Check MSP Staff
Generate and share the link

Client admins sending invites

Users with the client_admin role can invite new users within their own tenant from Team → Invite. They can only assign roles up to client_admin — they cannot create MSP staff.

Expiry and single-use tokens

Tokens expire after the chosen period (24 hours, 3 days, or 7 days). Expired tokens show an error message and cannot be used.
Tokens are single-use. Once a user accepts and creates their account, the token is marked used. Sharing the link a second time will show an "already used" error.
If you generate a new invite for an email address that already has an unused invite, the old invite is revoked and the new one is active.

Invite links contain authentication tokens

Treat invite links like temporary passwords. Do not share them publicly or post them in any location accessible to people other than the intended recipient. If you think a link was intercepted, revoke it immediately and generate a new one.

Viewing and revoking pending invites

MSP admins can see all pending (unused, unexpired) invites from Users → Pending Invites. From this page you can revoke any invite before it is accepted.

Revoking an invite makes the link immediately invalid — anyone who tries to use it after revocation will see an error.

Creating invites via the API

http
POST /api/invites
Authorization: Bearer {msp-admin-token}
Content-Type: application/json

{{
  "email": "alice@acme.com",
  "name": "Alice Smith",
  "role_id": 3,
  "tenant_id": 5,
  "expires_hours": 72
}}

# Response:
{{
  "token": "abc123...",
  "invite_url": "https://acme.atechsolutions.org/invite/abc123..."
}}

See Users API for the full invite endpoint reference including validation and revocation.

← Previous

Permissions reference

White-labelling

Last updated: May 2026