Skip to main content

Invitations & Provisioning

SecureLink uses an invitation-based provisioning workflow for all user accounts. Instead of creating accounts with temporary passwords, administrators send email invitations that allow users to register their own Keycloak credentials.

Navigate to Settings > Users > Pending Invitations tab to manage outstanding invitations.

Invitation Workflow

The provisioning process follows these steps:

  1. Admin creates an invitation -- Specify the user's email address, role, and tenant assignment.
  2. System sends an invitation email -- The email contains a unique registration link.
  3. User clicks the link and creates their Keycloak account -- The user sets their own password and completes any required profile fields.
  4. User can now log in to SecureLink -- For admin users, they access the management UI. For VPN users, they configure their VPN client.
info

Invitation links expire after a configurable period (default: 7 days). If an invitation expires before the user accepts it, use the resend option to generate a new link.

Invitation States

Each invitation has one of the following states:

StateDescription
PendingInvitation has been sent but the user has not yet accepted it.
AcceptedThe user clicked the link and successfully created their account.
ExpiredThe invitation link timed out before the user accepted it.
RevokedAn administrator cancelled the invitation before it was accepted.

Managing Invitations

Resend an Invitation

For invitations in the Pending or Expired state:

  1. Locate the invitation in the list.
  2. Click the Resend action button.
  3. A new invitation email is sent with a fresh registration link. The previous link is invalidated.

Revoke an Invitation

To cancel a pending invitation before the user accepts it:

  1. Locate the invitation in the list.
  2. Click the Revoke action button.
  3. The invitation link is immediately invalidated and the user will see an error if they attempt to use it.
warning

Revoking an invitation cannot be undone. To re-invite the same user, create a new invitation.

Bulk Invitations

For onboarding multiple users at once, use the bulk invite feature:

  1. Click Bulk Invite above the invitations list.
  2. In the bulk invite modal, either:
    • Enter email addresses manually, one per line or separated by commas.
    • Upload a list from a CSV file containing email addresses.
  3. Select the Role (SuperAdmin, TenantAdmin, or VPN User) and Tenant assignment.
  4. Click Send Invitations.

All invitations in a bulk operation use the same role and tenant. If you need to invite users with different roles or tenants, perform separate bulk operations.

note

Each email address can only have one active invitation at a time. If an email already has a pending invitation, it will be skipped during bulk invite and reported in the results summary.