Team Management & Role-Based Access Control - Cardrender

Cardrender supports teams of all sizes with role-based permissions, bulk user management, and centralized directory controls. Scale from 10 to 10,000 users without losing control over branding, data, or access.

Role-Based Permissions

Cardrender uses a flexible permission system that balances autonomy with governance. Assign roles based on responsibility level and operational needs.

Owner

Full administrative access to the workspace. Owners can:

• Manage billing, subscription plans, and payment methods
• Add or remove team members and change their roles
• Configure workspace branding, templates, and settings
• Access all analytics and export data
• Delete the workspace or transfer ownership

Best practice: Limit Owner access to 1-2 trusted administrators (e.g., VP of Operations, IT Director).

Admin

Operational control without billing access. Admins can:

• Invite and manage team members (but cannot change Owner role)
• Create and edit templates for the entire workspace
• View all team analytics and export reports
• Configure integrations (CRM, SSO, API keys)
• Approve or reject card designs when approval workflows are enabled

Typical users: Marketing operations, sales enablement, IT administrators.

Member

Standard user access for creating and managing personal cards. Members can:

• Create and edit their own digital business cards
• Choose from approved templates and customize within branding guidelines
• View their own analytics (views, clicks, contact saves)
• Share cards via link, QR code, or email signature
• Update contact details, photos, and social links

Restrictions: Members cannot access other users' cards, modify workspace settings, or view team-wide analytics.

Guest (Optional)

Limited access for external collaborators or temporary staff. Guests can create cards but cannot see directory listings or team analytics. Useful for contractors, event staff, or partner organizations.

Inviting Team Members

Add users individually or in bulk depending on your rollout strategy.

Single Invitations

From the Team dashboard, click "Invite Member" and enter:

• Email address
• Role (Owner, Admin, Member, Guest)
• Optional: Pre-assign a template or card URL

The recipient receives an email invitation with a secure link to join your workspace. They'll create their account and land directly in your branded environment.

Bulk Import

For teams larger than 20 users, use the CSV bulk import tool. Upload a spreadsheet with columns for:

• email (required)
• first_name and last_name (required)
• title (optional)
• department (optional)
• phone (optional)
• role (defaults to Member if not specified)

Cardrender will send invitation emails to all valid addresses and provide a summary of successful and failed imports. This reduces onboarding time from hours to minutes.

Directory Sync & SSO

Enterprise plans support SCIM 2.0 directory sync with Okta, Azure AD, Google Workspace, and OneLogin. When enabled:

• New employees are automatically provisioned with Cardrender accounts on their first day
• Role changes in your directory sync to Cardrender permissions in real time
• Departing employees are immediately deprovisioned, ensuring security compliance

Combine directory sync with SSO (SAML 2.0 or OIDC) for seamless, secure authentication. See the Security documentation for setup instructions.

Team Directory

The team directory provides a searchable, filterable list of all active cards in your workspace. Use it to:

• Find colleagues' cards for internal sharing
• Generate a public-facing team directory page (optional)
• Export the directory as a CSV for offline use

Public vs. Private Visibility

Control whether your team directory is publicly accessible:

• Public directory: Anyone with the link can browse all team members (useful for sales teams, agencies, event staff)
• Private directory: Only authenticated workspace members can see the directory (default for enterprises)
• Opt-out: Individual members can hide their cards from the public directory while keeping them shareable via direct link

Approval Workflows

For organizations with strict branding requirements, enable card approval workflows. When activated:

1. Members create or edit their cards as usual
2. Changes enter a "Pending Approval" state and are not yet published
3. Admins receive a notification to review the card
4. Admins approve the card (publishes immediately) or request revisions (sends feedback to the member)

This ensures brand consistency while maintaining member autonomy. Most organizations only enable approvals for new hires or major rebrand periods.

Department & Team Segmentation

Organize members into departments or teams for easier management and reporting:

• Create custom departments (Sales, Marketing, Engineering, Customer Success, etc.)
• Assign members to one or more departments
• Filter analytics by department to measure team-specific performance
• Apply department-specific templates or branding overrides

Offboarding Team Members

When an employee leaves, Admins or Owners can:

• Deactivate their card: Card becomes unavailable, but data is retained for analytics
• Reassign their card: Transfer ownership to another team member (useful for role transitions)
• Delete their account: Permanently removes the user and all associated data

With directory sync enabled, offboarding happens automatically when a user is removed from your identity provider.

Best Practices for Large Teams

• Start with a pilot: Roll out to one department (e.g., Sales) before expanding company-wide
• Assign department admins: Distribute management workload by appointing admins for each business unit
• Standardize onboarding: Include Cardrender setup in new hire checklists alongside email, Slack, and CRM access
• Review permissions quarterly: Audit roles to ensure proper access levels as team structure evolves
• Use templates: Reduce design overhead by creating department-specific templates that members can personalize