Help Article
5 min read
Reviewed 2026-07-10

Inviting an external auditor

Grant a time-boxed, read-only AUDITOR account for an external reviewer, and use Preview as auditor to see exactly what they will see.

Org Admin
Super Admin

AUDITOR invites are not yet in the Invite Member dialog

The Role dropdown on /dashboard/team currently offers Staff, Manager, and Admin only. AUDITOR invitations (with a time-boxed access window) are fully supported by the underlying invitations API and email template, but sending one today requires a direct API call rather than a dashboard button. Ask your technical contact if you need one issued.

What the AUDITOR role means once granted

Every write action is denied to the AUDITOR role, including while an admin is running Preview as auditor. Auditors can browse policies, controls, evidence, and the audit log, and export an audit pack, but cannot change anything.

Access windows are time-boxed

An auditor invite carries an access window of 1 to 90 days (30 by default). When the window passes, the member is automatically soft-revoked (moved to an offboarded access tier) rather than staying active indefinitely.

Summary

  • Grant a time-boxed, read-only AUDITOR account for an external reviewer, and use Preview as auditor to see exactly what they will see.
  • Use this guide to complete the workflow with audit-ready evidence and ownership.
  • If you hit a blocker, run troubleshooting first, then escalate with context.

Steps

  1. 1. Preview the experience before granting access

    As an org admin, select Preview as auditor near the bottom of the sidebar. This starts a 2-hour, server-verified, read-only preview session, filters your own sidebar to auditor-readable surfaces, and shows a "Previewing as auditor - read only" banner with an Exit button.

  2. 2. Request the AUDITOR invitation be sent

    Since the Team page invite dialog does not yet expose the AUDITOR role, have it issued via the invitations API with role AUDITOR and an expiresInDays value (1 to 90, defaulting to 30). Only org admins and super admins are permitted to issue one.

  3. 3. Confirm the auditor lands on the audit dashboard

    Once accepted, the auditor sees /dashboard/auditor: compliance posture by standard, open findings, recent published policy changes, recent audit-log activity, and an Export audit pack action.

  4. 4. Exit preview when you are done checking

    Select Exit on the read-only banner to leave preview mode and return to your normal admin view.

Verification

  • The auditor account can view policies, controls, evidence, and the audit log, but every mutating action returns a read-only error.
  • The access window matches what was requested at invite time and expires automatically rather than needing manual offboarding.
  • Preview as auditor shows the same read-only experience a real auditor would get, not a superset of it.

Troubleshooting

I cannot find an Auditor option in the Invite Member dialog.

That dropdown does not currently list Auditor. The role exists and is fully enforced once granted, but the self-service invite dialog has not been extended to offer it yet.

The auditor reports they cannot take an action you expected them to.

This is expected. AUDITOR accounts are denied all write actions, with the message "Auditors have read-only access. Ask an admin to perform this action."

The auditor lost access earlier than I expected.

Check the access window that was set at invite time (default 30 days, max 90). Once it passes, access is revoked automatically; a fresh invitation is needed if the engagement continues.

Workflow screenshots

Super admin AI monitor showing spend and usage
Monitor AI usage and spend across organizations from one control plane.

FAQ

Can an auditor see everything an admin sees?

No. Auditors get a curated read-only dashboard and read access to policies, controls, evidence, and the audit log. They do not get settings, billing, team management, or any authoring surface.

Was this article helpful?

Next article

Create your organization and choose the right starting plan

Set up your first organization with the plan that matches rollout depth and governance needs.

Continue to next guide

Related articles

Trust center artifact publishing and controlled access

Publish assurance artifacts with scoped visibility and access review controls.

5 min read

Create your organization and choose the right starting plan

Set up your first organization with the plan that matches rollout depth and governance needs.

5 min read

Need direct support?

If this workflow remains blocked after troubleshooting, submit a support request with the page URL, expected behavior, and relevant error details.