Team invites & enterprise invites
Skilladder provisions people through two different invitation styles. Both use one-time links that expire—this is deliberate so old HR spreadsheets cannot resurrect dormant access forever.
:::tip Quick distinction
- Team invite → “Join my company’s Skilladder roster as staff.”
- Enterprise invite → “Kick off enterprise / contract onboarding for a designated contact at a company.”
:::
Company team invites (/team-invite/[share-id])
What happens for the recipient
- Someone at the customer organisation (normally the primary company administrator) sends an invitation from Account settings → Team with name, email, and company role.
- The new person receives an email with a link shaped like
/team-invite/{share-id}(exact host depends on environment). - The page resolves the token: valid invites show company name, inviter, and role label; expired or malformed links show a clear error.
- New users set a password (and confirmation) then are sent toward sign-in with verification hints downstream.
- Existing active users may receive a notification email instead of a password-setup flow—they already have credentials; the copy explains they were added to the company roster.
Why it works this way (rationale)
| Design choice | Why |
|---|---|
| Token in URL | Proves possession of the inbox the administrator typed; no separate “paste six digits” flow for v1. |
| Primary admin sends | API-side only company primary or platform operators may create invites—prevents every deputy silently provisioning accounts unless product policy adds exceptions. Staff may see the Team tab depending on configuration, but inviting stays elevated. |
| Email mismatch handling | If the recipient is logged into SSO / Skilladder under a different email than the invite, acceptance surfaces INVITE_SESSION_EMAIL_MISMATCH messaging—almost always resolved by signing out or switching browser profile. |
| TTL / expiry | Short-lived links reduce risk if an inbox is compromised later; ops should treat “invite expired” as normal, not bug-only. |
Common escalations
| Symptom | First step |
|---|---|
| “Wrong account” on accept | Sign out completely; reopen invite link in a clean session; verify inbox matches invite email. |
| Link expired | Send a fresh invite from Team settings; confirm email spelling. |
| No email received | Spam / IT allowlist; resend; confirm address is not a group alias that strips links. |
Enterprise invites (/enterprise-invites/[share-id])
What happens (plain language)
Used when Skilladder provisions or extends an enterprise relationship—for example onboarding a named contact after contract steps. An internal or platform workflow creates an enterprise_client_invites record with:
- Company context
- Named contact email
- Share id embedded in
/enterprise-invites/{share-id} - Expiry timestamp (implementation uses a configured number of days—do not quote a number externally without checking the deployment)
The recipient follows the marketing/legal copy tier your programme uses; failures emphasise TTL and compliance, not generic 404s.
Why separate from team invites
| Reason | Explanation |
|---|---|
| Different risk profile | Enterprise flows may pair with contractual verification, not just HR adding a colleague. |
| Operational traceability | Support can search invite records + share_id (redacted externally) tied to company provisioning, not everyday staff churn. |
| Email templates | Enterprise messages use distinct flow keys (enterprise_company_invite, etc.) so deliverability reporting stays clean. |
Operations note
Packet for Product–Tech when debugging: tenant id, invite share_id prefix (redacted in customer comms), approximate timestamp, whether email bounced (message id if available).
Cross-cutting reminders
- Assessment participant links (
/invites/...) are documented under Assessment invites—they are not the same as team or enterprise onboarding. - For a permission map (who can invite whom), see Capabilities matrix.
- TTL sensitivity applies to all invite classes—never promise perpetual links during sales without engineering sign-off.