Inviting an external auditor
Grant a time-boxed, read-only AUDITOR account for an external reviewer, and use Preview as auditor to see exactly what they will see.
AUDITOR invites are not yet in the Invite Member dialog
The Role dropdown on /dashboard/team currently offers Staff, Manager, and Admin only. AUDITOR invitations (with a time-boxed access window) are fully supported by the underlying invitations API and email template, but sending one today requires a direct API call rather than a dashboard button. Ask your technical contact if you need one issued.
What the AUDITOR role means once granted
Every write action is denied to the AUDITOR role, including while an admin is running Preview as auditor. Auditors can browse policies, controls, evidence, and the audit log, and export an audit pack, but cannot change anything.
Access windows are time-boxed
An auditor invite carries an access window of 1 to 90 days (30 by default). When the window passes, the member is automatically soft-revoked (moved to an offboarded access tier) rather than staying active indefinitely.
Summary
- Grant a time-boxed, read-only AUDITOR account for an external reviewer, and use Preview as auditor to see exactly what they will see.
- Use this guide to complete the workflow with audit-ready evidence and ownership.
- If you hit a blocker, run troubleshooting first, then escalate with context.
Steps
1. Preview the experience before granting access
As an org admin, select Preview as auditor near the bottom of the sidebar. This starts a 2-hour, server-verified, read-only preview session, filters your own sidebar to auditor-readable surfaces, and shows a "Previewing as auditor - read only" banner with an Exit button.
2. Request the AUDITOR invitation be sent
Since the Team page invite dialog does not yet expose the AUDITOR role, have it issued via the invitations API with role AUDITOR and an expiresInDays value (1 to 90, defaulting to 30). Only org admins and super admins are permitted to issue one.
3. Confirm the auditor lands on the audit dashboard
Once accepted, the auditor sees /dashboard/auditor: compliance posture by standard, open findings, recent published policy changes, recent audit-log activity, and an Export audit pack action.
4. Exit preview when you are done checking
Select Exit on the read-only banner to leave preview mode and return to your normal admin view.
Verification
- The auditor account can view policies, controls, evidence, and the audit log, but every mutating action returns a read-only error.
- The access window matches what was requested at invite time and expires automatically rather than needing manual offboarding.
- Preview as auditor shows the same read-only experience a real auditor would get, not a superset of it.
Troubleshooting
I cannot find an Auditor option in the Invite Member dialog.
That dropdown does not currently list Auditor. The role exists and is fully enforced once granted, but the self-service invite dialog has not been extended to offer it yet.
The auditor reports they cannot take an action you expected them to.
This is expected. AUDITOR accounts are denied all write actions, with the message "Auditors have read-only access. Ask an admin to perform this action."
The auditor lost access earlier than I expected.
Check the access window that was set at invite time (default 30 days, max 90). Once it passes, access is revoked automatically; a fresh invitation is needed if the engagement continues.
Workflow screenshots

FAQ
Can an auditor see everything an admin sees?
No. Auditors get a curated read-only dashboard and read access to policies, controls, evidence, and the audit log. They do not get settings, billing, team management, or any authoring surface.
Was this article helpful?
Next article
Create your organization and choose the right starting plan
Set up your first organization with the plan that matches rollout depth and governance needs.
Continue to next guideRelated articles
Publish assurance artifacts with scoped visibility and access review controls.
5 min read
Set up your first organization with the plan that matches rollout depth and governance needs.
5 min read