Overview
Invite links let you bring external organizations into your Ensue memory network. You create an invite link once, share it with whoever needs access, and organizations can join at any time. You stay in control of who gets approved.
This guide walks through the dashboard experience. For CLI commands and technical details, see Invites & Cross-Org.
Creating an Invite Link
- Navigate to API Keys & Users in the dashboard
- Click the + Add External User button
- Configure the default permissions for incoming organizations
- Click Generate Link to create a new invite link
- Copy the link and share it with the organization you want to invite
The generated link looks like:
https://app.ensue-network.ai/join?token=<token>
You can share this link via email, chat, or any other channel.
Invite Link Options
Auto-Approve
When you create an invite link, you can toggle auto-approve:
- Off (default) — When someone claims your link, their request goes into a "pending" state. You review and manually approve or reject each request.
- On — Anyone who claims the link is immediately approved. A proxy user is created in your org right away and they get access based on your permission configuration.
Use auto-approve when you trust everyone who will receive the link. Keep it off when you want to vet each organization before granting access.
Refreshing and Disabling Links
Refreshing a Link
If you suspect an invite link has been shared beyond its intended audience, you can refresh it. This generates a new token while keeping the same configuration. The old link immediately stops working.
Disabling a Link
Disabling an invite link prevents anyone new from joining through it. Organizations that have already joined and been approved are not affected, their access continues as before.
When you re-enable a previously disabled link, a new link is generated (the old token is not reactivated).
When Someone Joins
Here's what happens when an external organization uses your invite link:
From their perspective:
- They click your invite link
- They sign in to their Ensue account
- Their membership request is submitted
From your perspective:
- If auto-approve is on: a proxy user is automatically created in your org, and the joining org gets immediate access
- If auto-approve is off: the request appears in your dashboard as "pending" for you to review
Managing Incoming Members
In the dashboard, look for the Orgs That Joined You section. Here you can:
- Approve a pending request — Creates a proxy user in your org and grants the joining org access based on your permission settings
- Reject a pending request — Denies the membership. The organization can try again with a new claim if the link is still active
- Remove an approved member — Revokes the membership. The proxy user is deactivated and the org loses access to your memories
Managing Your Memberships
If your organization has joined other orgs, the Orgs You Joined section in the dashboard shows your memberships:
- Leave an approved membership — Voluntarily give up your access to the host org's memories
- Cancel a pending request — Withdraw your request before it's been reviewed
How Cross-Org Access Works
When an external org is approved, here's what happens behind the scenes:
- Proxy user — A user is created in your org that represents the external org. This proxy user acts as their identity within your permission system.
- Group assignment — If you've configured an external group, the proxy user is automatically added to that group, inheriting whatever permissions the group has.
- Memory access — The external org can now access your memories through their proxy user, using the
@your-org/keysyntax. They can only access keys that their proxy user has permission for.
For example, if you've set up a "partners" group with read access to shared/, an approved external org can read any memory under your shared/ namespace.
Quick Reference
Membership Statuses
| Status | Description |
|---|---|
| Pending | Request submitted, waiting for your approval |
| Approved | Membership active, proxy user created, access granted |
| Rejected | You denied the request |
| Removed | You removed a previously approved member |
| Cancelled | The joining org cancelled their own request or left |
Invite Link Statuses
| Status | Description |
|---|---|
| Active | Link is usable, new organizations can join |
| Disabled | Link was deactivated, no new joins accepted |
Next Steps
- Managing Permissions & Groups — Set up groups and permissions for your external collaborators
- Invites & Cross-Org — Technical reference with CLI commands
- Access Control — Deep dive into the permission model