Team Management & Collaboration

Xitoring supports team collaboration through user management, role-based permissions, and sub-accounts for complete organizational isolation. Whether you're a small team or managing monitoring for multiple clients, Xitoring provides the structure you need.

Overview

Team management features:

• User Invitations - Add team members via email
• Role-Based Access - Control permissions per user
• Sub-Accounts - Complete isolation for departments or clients
• Activity Logs - Track user actions for security and auditing
• Collaboration Tools - Shared dashboards, notification roles, incident notes

User Management

Inviting Team Members

Navigate to: Dashboard → Account → Team → Invite User

Steps:

1. Click "Invite User"
2. Enter email address
3. Select role/permissions
4. Send invitation
5. User receives email with signup link
6. They create account and gain access

Invitation Status:

• Pending: Sent but not accepted
• Active: User logged in and has access
• Expired: Invitation older than 7 days (resend needed)

Access Levels & Permissions

Xitoring uses an Access Control List (ACL) system to manage permissions. Users can have different access levels based on their role and responsibilities.

Full Access

Full Access users have the same privileges as the account owner with no limitations. They have access to:

• Notification Roles - Manage team alerting and notification configurations
• Support Tickets - View and manage support tickets
• Audit Logs - Access activity logs and audit trails
• API - Full API access for integrations and automation
• Billing - View and manage billing information and invoices
• Maintenance Schedule - Schedule and manage maintenance windows
• Email Reports - Configure and receive email reports
• Status Page - Create and manage status pages
• Advisor - Access to recommendations and optimization suggestions

Server and Check Access

Beyond feature-level permissions, access is controlled at the server/check group level:

Access Levels:

• Read and Write - View and modify servers/checks within the group
• Read Only - View-only access to servers/checks within the group
• No Access - No access to servers/checks within the group

Group Configuration Example:

Ungrouped                    → Read and Write
Xitoring                     → Read and Write
Testing                      → Read and Write
Dev                          → Read Only

You can assign different access levels to each group/sub-group independently, allowing granular control over who can view or modify specific servers and monitoring checks.

Setting Permissions:

1. Go to Account → Team → Users
2. Click user's name
3. Select access level (Full Access, Custom)
4. If custom, configure:
   • Feature access (toggle each permission)
   • Group-level access (set Read/Write, Read, or No Access per group)
5. Save changes
6. Changes apply immediately (user sees on next login)

Managing Existing Users

View All Users: Dashboard → Account → Team → All Users

Actions Available:

• Edit Permissions - Change role or access level
• Suspend User - Temporarily revoke access (preserve settings)
• Remove User - Permanently delete access
• Resend Invitation - For pending users who didn't receive email
• View Activity - See user's recent actions

Removing a User:

1. Account → Team → Users → Select User
2. Click "Remove User"
3. Confirm removal
4. User loses access immediately
5. Their configurations (dashboards, etc.) preserved

Sub-Accounts

Sub-accounts provide complete isolation for different teams, departments, or clients. Each sub-account is entirely separate with its own:

• Servers and monitoring checks
• Notification roles and channels
• Dashboards and status pages
• User access (no cross-access between sub-accounts)
• Billing (optional separate billing per sub-account)

Note: Sub-Accounts are not available in the free plan. Upgrade to a paid plan to access this feature.

Creating a Sub-Account

To create a new sub-account, navigate to Account → Sub Accounts and click "Add Sub Account". You'll be presented with a form to configure the new sub-account.

Sub-Account Information

Provide the following details:

• Email - The email address for the sub-account user
• Username - Login username for the sub-account
• Password - Secure password for account access
• First Name - First name of the user
• Last Name - Last name of the user
• Title - Job title or role
• Mobile - Mobile phone number
• Phone - Additional phone number
• Timezone - Operating timezone for the sub-account user
• Language - Preferred language for the interface
• Avatar - Profile picture/avatar

Sub-Account Access Configuration

After providing basic information, configure the sub-account's access level:

Full Access Option: Enable to grant the sub-account identical privileges to the main account with no access restrictions.

Custom Access: Selectively enable access to specific features:

• API Access
• Report Access
• Billing Access
• Support Tickets
• Email Reports
• Status Pages
• Notification Roles
• Maintenance Schedule

Server/Check Group Access: Configure access per group as described in the Access Levels & Permissions section above. Set each group to Read and Write, Read Only, or No Access based on the sub-account's needs.

Email Preferences

Configure which types of emails the sub-account should receive:

• Billing - Invoices and payment updates
• Advisor - Recommendations and optimization suggestions
• Technical - Alerts about new servers, paused checks, and server-related issues

When to Use Sub-Accounts

Scenarios perfect for sub-accounts:

1. Managed Service Providers (MSPs)

   • Each client gets isolated sub-account
   • Complete data separation
   • Client-specific branding on status pages
   • Separate billing per client

2. Multi-Department Organizations

   • Infrastructure team isolated from application team
   • Security team separate from development
   • Each department controls own monitoring

3. Environment Separation

   • Production sub-account
   • Staging sub-account
   • Development sub-account
   • Prevent accidental cross-environment actions

4. Multi-Tenant SaaS

   • Each customer's monitoring isolated
   • White-label capabilities
   • Customer-specific configurations

5. Agency/Consultant Model

   • Monitor multiple client infrastructures
   • Hand off sub-account to client when project completes
   • Maintain separate access for each engagement

Sub-Account Benefits

• Data Isolation: No data leakage between sub-accounts
• Independent Configuration: Each sub-account configured separately
• Scalability: Add unlimited sub-accounts as you grow
• Billing Flexibility: Charge clients independently
• Security: Sub-account users can't access parent or sibling accounts

Activity Logs & Auditing

Tracking User Actions

Navigate to: Dashboard → Account → Team → Activity Log

What's Logged:

• User login/logout events
• Check creation/modification/deletion
• Server additions/removals
• Trigger changes
• Notification role modifications
• Settings changes
• Permission updates
• Dashboard creation/sharing

Log Details: Each entry includes:

• Timestamp (with timezone)
• User who performed action
• Action type (create, modify, delete, view)
• Affected resource (which server, check, trigger)
• Old vs new values (for modifications)
• IP address and device information

Security Monitoring

Watch for suspicious activity:

• Logins from unusual locations
• Bulk deletions
• Permission escalation attempts
• After-hours configuration changes
• Rapid succession of critical changes

Security Best Practices:

1. Review activity logs weekly
2. Set up alerts for critical actions (user added, permissions changed)
3. Require 2FA for admin-level users
4. Rotate API keys after team member departures
5. Document who should have access to what

Collaboration Features

Shared Dashboards

Create dashboards visible to entire team:

1. Build custom dashboard
2. Enable "Shared with Team" option
3. All users see same view
4. Customize per team role (operations vs executive)

See Custom Dashboards for details.

Team Notification Roles

Notification Roles enable group alerting:

• Define "Operations Team" role with multiple users
• Assign role to triggers
• All team members receive alerts
• Add/remove team members dynamically
• Different channels for different roles (email for all, SMS for on-call)

Incident Collaboration

When incidents occur, teams collaborate through:

• Incident Notes - Comment threads on incidents
• Notification Channels - Slack/Teams integration for team discussion
• Manual Resolution - Mark incidents resolved with reason
• Root Cause Documentation - Record RCA for future reference

Best Practices

Organizational Structure

Recommended setup for medium teams (10-50 users):

Main Account (Company)
├── Sub-Account: Production Monitoring
│   ├── Users: Operations Team (5 users)
│   └── Permissions: Monitor Management, Alert Configuration
├── Sub-Account: Staging Environment
│   ├── Users: Development Team (15 users)
│   └── Permissions: Monitor Management only
└── Sub-Account: Client Monitoring (if MSP)
    ├── Users: Client Admin + Your Account Manager
    └── Permissions: View Only for client, Full for account manager

Permission Strategy

• Start restrictive: Grant View Only by default
• Expand as needed: Add permissions when users request
• Regular audits: Quarterly review who has what access
• Offboarding: Remove access same day employee leaves
• Role-based: Create permission templates per job function

Communication

• Document access: Maintain list of who has admin rights
• Change notifications: Announce permission changes to affected users
• Training: Ensure users understand their access level
• Escalation path: Define who to contact for permission requests

Common Scenarios

Scenario 1: New Operations Engineer Joins

1. Invite user via email
2. Grant "Monitor Management" + "Alert Configuration" permissions
3. Add to "Operations Team" notification role
4. Share operational dashboards
5. Grant access to relevant sub-accounts
6. Provide training on team conventions

Scenario 2: Client Wants Read-Only Access

1. Create sub-account for client
2. Migrate client's monitoring to sub-account
3. Invite client admin with "View Only" permission
4. Share relevant dashboards
5. Enable status page for public visibility
6. Set up white-label branding (Enterprise)

Scenario 3: Contractor Project Ends

1. Review contractor's access level
2. Export any custom dashboards/configurations if needed
3. Remove user from all notification roles
4. Revoke user access
5. Rotate any shared API keys
6. Review activity log for contractor's actions during engagement

Frequently Asked Questions

How many users can I have? Depends on plan. Most plans include 3-10 users. Unlimited users typically on Business/Enterprise plans.

Can users access multiple sub-accounts? Yes. Add same user to multiple sub-accounts with different permissions per sub-account.

What happens to a user's dashboards when removed? Dashboards created by the user are preserved and transferred to account owner.

Can I limit users to specific servers? Not directly, but use sub-accounts to segregate servers into isolated environments.

How do I hand off a sub-account to a client?

1. Create sub-account
2. Configure client's monitoring
3. Invite client's admin
4. Transfer ownership (contact support)
5. Client becomes sub-account owner

Is there an audit log retention limit? Varies by plan: typically 30-90 days for Standard, unlimited Enterprise.

See Also

• Notification Roles - Team alerting setup
• Custom Dashboards - Shared visibility
• Account Overview - Account management hub
• Security Best Practices - Protect your monitoring