Organization

Users, Roles & MFA

Manage organization members, understand the Owner, Admin, and Member roles, and reset a user's multi-factor authentication when they lose access to their device.

Overview

Your organization's people and their access are managed under Settings → Organization → Users. From here you can review every member, see the role each person holds, and—when someone is locked out of their authenticator—reset their multi-factor authentication (MFA) so they can set it up again.

This page covers three things:

The roles that govern what members can do (Owner, Admin, Member, plus any custom roles)
Where to find and review users in your organization
How an Admin or Owner resets a user's MFA

Roles

Every member holds exactly one role, which determines what they can do across the organization. Each organization starts with three:

Owner — full, unrestricted access to everything, including the ability to reset MFA for any member (including other Owners). There is exactly one Owner role per organization, and it can't be renamed, retuned, or deleted, so administration is never locked out.
Admin — manages organization settings, people, and content, including resetting MFA for Members and other Admins.
Member — a standard contributor without organization-administration privileges.

Roles are now customizable

Admin and Member are editable starting points, not fixed presets — you can retune what each one can do, and you can create your own custom roles. What a role can do is configured in Configure Settings → Permissions. For the full model, see Roles & Permissions and Understanding Permissions.

Roles are scoped to the organization

Role-based permissions are enforced per organization. The actions described below depend on the role you hold in the organization you're currently working in.

Viewing Users

In the left sidebar, click Settings to expand the settings menu.
Click Organization, then select Users.
The organization user table lists every member. Each row shows the member and their role.
To see full details for a member, click the Full Details (info) icon at the end of that member's row.

This opens the User Info dialog, which shows the member's:

Username
Email
Phone
Timezone
MFA status (Enabled or Not Enabled)
Password age (shown as PW Age)
Role
Labels

Resetting a User's MFA

When a user loses access to their authenticator device or phone, an Admin or Owner can clear their MFA. After a reset, the user is no longer prompted for an MFA code at login and can set MFA up again themselves.

Who can reset MFA

Both Admins and Owners can reset MFA for users in their organization.
A reset is only possible for a member who currently has MFA enabled. If a member's MFA status is Not Enabled, there's nothing to reset and no Reset button appears.

Owners are protected

An Admin who is not an Owner cannot reset MFA for an Owner. The Reset button is hidden in that case, and the action is blocked with the message "You can not reset MFA for an owner." Only an Owner can reset another Owner's MFA.

How to reset

Open Settings → Organization → Users.
Find the member in the user table and click the Full Details icon to open the User Info dialog.
In the MFA row, confirm the value reads Enabled. A red outlined Reset button appears next to it.
Click Reset. A confirmation dialog titled Reset MFA asks, "Reset MFA for ?"
Click the red Reset MFA button to confirm.

On success, you'll see the message: "MFA has been reset for ." If the reset fails, an error message asks you to try again and to contact support if the problem persists.

A reset clears MFA—it doesn't set a new method

Resetting MFA removes it entirely. It does not choose or re-issue a method on the user's behalf. After a reset, the affected user must set up MFA again themselves the next time they need it.

Setting Up MFA Again

After their MFA has been reset, a user can re-enroll from their own account using the Setup Multi Factor Authentication dialog. Two methods are supported:

Auth App (recommended) — use an authenticator app such as Google Authenticator or Microsoft Authenticator to get auto-generated codes.
Text Message — receive a verification code by SMS.

Self-service re-enrollment

Only the user can re-enroll their own MFA. An Admin or Owner reset clears the lockout; the user chooses and sets up the new method themselves.

Org Profile — configure your organization's name, domain, timezone, and other profile details.
Roles & Permissions — define what each role can do, in Configure Settings → Permissions.
Understanding Permissions — how roles and per-object sharing combine.
Workstream & Item Permissions — the object-level access these roles underpin for workstreams and items.
Board & Folder Permissions — the object-level access these roles underpin for boards and folders.

Org Configuration

Set up your organization's profile, logo, and workflow automation, and navigate the reorganized Settings area.

Cadences