Security tooling that only one person can log into becomes shadow IT during annual leave. The goal on day one is to get at least three humans into Cyvex with appropriate roles — enough for holiday cover and to avoid the credentials ending up in a shared password manager entry forever.

Roles, in plain English

Owner: billing, user management, destructive actions. Usually 1–2 people per org.
Admin: configure scans, integrations, policies. Most IT/Security leads should be Admins.
Analyst: view findings, triage, comment. Safe default for wider SecOps team members.
Read-only: view dashboards and exports. Good for execs and auditors.

Inviting people

Invites go by email and are valid for 7 days. If an invite expires, you can re-send it from the users page. For larger rollouts, enable SSO first and use your identity provider's group claims to auto-assign roles — much safer than managing role lists in two places.

Common mistakes

Don't give everyone Owner “just in case.” Owner lets someone delete integrations, wipe data, or lock the org out. Keep Owner to a two-person minimum, give day-to-day operators Admin, and review the user list every quarter.