Comprehensive guide for managing Contentful organization members, from inviting team members to removing access.
Prerequisites
To manage users, you must have:
- Organization owner or admin role in Contentful
- Active Contentful subscription
- Understanding of Contentful's space and organization structure
Plan Considerations:
- Free: Limited team members
- Team: Up to 5 users
- Business: Up to 10 users
- Enterprise: Unlimited users
Understanding Contentful Structure
Organization vs Space
Organization:
- Top-level account container
- Billing and subscription
- Team member management
- Multiple spaces
Space:
- Content repository
- Content models
- Assets and entries
- Per-space permissions
Organization (Company)
├── Member 1 (org role + space roles)
├── Member 2 (org role + space roles)
└── Spaces
├── Production Space
├── Staging Space
└── Development Space
Adding Users to Contentful
Method 1: Organization Level
Best for: Adding team members to organization
Step 1: Access Organization Settings
Organization Settings → Members → Invite member
Screenshot reference: /screenshots/contentful-invite-member.png
Step 2: Send Invitation
Required information:
- Email address: Member's email
- Organization role: Admin, Developer, or Member
Organization roles:
- Admin: Full organization control
- Developer: Technical access, no billing
- Member: Space-level access only
Step 3: Invitation Process
- Click "Invite"
- Email sent to invitee
- They create Contentful account (if new)
- Accept invitation
- Gain organization access
Method 2: Space-Level Access
Grant access to specific space:
Space Settings → Members → Add member
Requirements:
- User must be organization member first
- Then grant space access
- Assign space role
Space roles (see Roles & Permissions):
- Developer
- Content Editor
- Content Author
- Translator
- Custom roles
Method 3: API-Based User Management
For automation and integrations:
Contentful Management API
const contentful = require('contentful-management');
const client = contentful.createClient({
accessToken: 'YOUR_CMA_TOKEN'
});
async function inviteUserToOrganization() {
try {
const organization = await client.getOrganization('ORG_ID');
// Create invitation
const invitation = await organization.createOrganizationInvitation({
email: 'newuser@example.com',
role: 'developer', // or 'admin', 'member'
sendEmail: true
});
console.log('Invitation sent:', invitation);
} catch (error) {
console.error('Error:', error);
}
}
Add User to Space
async function addUserToSpace() {
const space = await client.getSpace('SPACE_ID');
const spaceMembership = await space.createSpaceMembership({
admin: false,
roles: [
{
sys: {
type: 'Link',
linkType: 'Role',
id: 'ROLE_ID'
}
}
],
email: 'user@example.com'
});
console.log('User added to space:', spaceMembership);
}
Managing Existing Users
View Organization Members
Organization Settings → Members
Information displayed:
- Name and email
- Organization role
- Spaces accessed
- Status (Active/Pending)
- Last activity
Change Organization Role
- Organization Settings → Members
- Select member
- Change role dropdown
- Save
Roles:
- Admin → Developer (downgrade)
- Developer → Admin (upgrade)
- Any → Member (restrict to spaces)
Manage Space Access
Grant space access:
Space Settings → Members → Add existing member
Remove space access:
Space Settings → Members → Select member → Remove
Change space role:
Space Settings → Members → Select member → Change role
Suspend User (Temporary)
Contentful doesn't have "suspend" feature:
Workarounds:
- Remove from all spaces (keep org membership)
- Downgrade to Member role (no access)
- Document suspension reason
- Re-add when needed
Removing Users from Contentful
Pre-Removal Checklist
- Review user's content: Entries created/modified
- Transfer ownership: Reassign if needed
- Export activity logs: For records
- Document removal: Reason and date
- Revoke API tokens: If they created any
- Notify stakeholders: Team communication
Method 1: Remove from Organization
Step 1: Navigate to Members
Organization Settings → Members
Step 2: Remove Member
- Find member in list
- Click menu (three dots)
- Click "Remove"
- Confirmation dialog:
Remove [Name] from organization? They will lose access to all spaces. Their content will be preserved. This action cannot be undone. - Click "Remove" to confirm
What happens:
- Removed from organization
- All space access revoked
- Cannot log into account
- Content entries preserved
- Audit history maintained
Method 2: Remove from Space Only
Keep org membership, remove space access:
Space Settings → Members → Find user → Remove from space
Effects:
- Loses access to that space only
- Retains organization membership
- Can access other spaces
- Space content preserved
Method 3: API-Based Removal
Remove from organization:
async function removeUserFromOrganization() {
const organization = await client.getOrganization('ORG_ID');
const memberships = await organization.getOrganizationMemberships();
const membership = memberships.items.find(
m => m.user.email === 'user@example.com'
);
if (membership) {
await membership.delete();
console.log('User removed from organization');
}
}
Remove from space:
async function removeUserFromSpace() {
const space = await client.getSpace('SPACE_ID');
const spaceMemberships = await space.getSpaceMemberships();
const membership = spaceMemberships.items.find(
m => m.user.email === 'user@example.com'
);
if (membership) {
await membership.delete();
console.log('User removed from space');
}
}
Special Scenarios
Removing Organization Owner
Owner cannot be removed directly
Transfer ownership:
Organization Settings → Transfer ownership
Process:
- Designate new owner (must be Admin)
- New owner accepts
- Ownership transfers
- Billing transfers
- Old owner becomes Admin or removed
Emergency Access Revocation
Security incident:
- Remove from organization immediately
- Revoke API tokens: Organization Settings → API keys
- Change passwords: If shared (not recommended)
- Review recent activity: Space → Activity log
- Audit content changes: Check entries
- Rotate API keys: Create new keys
- Document incident: Security log
Post-incident:
- Full security audit
- Review all user permissions
- Enable SSO/2FA
- Update security policies
Contractor/Agency Offboarding
End of project:
- Export final content
- Document completed work
- Remove from spaces
- Revoke API access
- Archive project documentation
- Send project closure email
Keep records:
- Content created
- API usage logs
- Project documentation
- Contract details
API Token Management
User Access Tokens
Personal access tokens:
User Settings → API keys → Generate personal access token
When user leaves:
- Identify their tokens
- Revoke all tokens
- Update dependent systems
- Document changes
Find user's tokens:
async function getUserAccessTokens(userId) {
const organization = await client.getOrganization('ORG_ID');
const tokens = await organization.getPersonalAccessTokens();
const userTokens = tokens.items.filter(
t => t.user.sys.id === userId
);
return userTokens;
}
Content Management Tokens
Space API keys:
Space Settings → API keys
Review when removing users:
- Check if user created API keys
- Rotate keys if sensitive
- Update applications
Monitoring and Auditing
Activity Logs
View activity:
Space → Activity log
Tracked events:
- Entry changes (create, update, delete)
- Asset uploads
- Publishing actions
- Role changes
- Space configuration
Filter by:
- User
- Date range
- Action type
- Content type
User Analytics
Organization insights:
Organization Settings → Usage
Metrics:
- Active users
- API calls per user
- Content contributions
- Space activity
Regular Audits
Monthly review:
- List all organization members
- Verify space access appropriateness
- Check API token usage
- Review role assignments
- Identify inactive users (90+ days)
- Remove unnecessary access
Quarterly audit:
- Full permission review
- Content ownership check
- API security review
- Update documentation
Best Practices
Adding Users
Security-first:
- ✓ Use least privilege (Member + specific space roles)
- ✓ Enable SSO if available (Enterprise)
- ✓ Require strong passwords
- ✓ Document access reason
- ✓ Set review date
- ✓ Use custom roles for specific needs
- ✓ Enable 2FA for organization
Avoid:
- ✗ Giving Admin by default
- ✗ Sharing accounts
- ✗ Granting all space access
- ✗ No access review process
Removing Users
Clean offboarding:
- ✓ Remove same day as departure
- ✓ Revoke all API tokens
- ✓ Export relevant data
- ✓ Document removal
- ✓ Notify team
- ✓ Audit recent activity
Avoid:
- ✗ Delaying removal
- ✗ Leaving inactive accounts
- ✗ Forgetting API tokens
- ✗ No documentation
Troubleshooting
Can't Invite User - Already Member
Issue: User already in organization
Solutions:
- They're already a member (check members list)
- Pending invitation exists (resend)
- Previously removed (re-add)
User Can't Access Space
Debug:
- Verify org membership: Organization → Members
- Check space access: Space → Members
- Verify role: Correct space role assigned?
- Check invite status: Pending or accepted?
- Clear cache: Have them logout/login
Common fixes:
- Add to space (if only org member)
- Assign appropriate role
- Resend invitation
Cannot Remove User
Possible causes:
- You lack permission (not Admin/Owner)
- Last organization owner (transfer first)
- API limitation
Solutions:
- Request Admin/Owner assistance
- Transfer ownership if last owner
- Check permissions
API Token Issues After Removal
User's tokens still work:
- Tokens don't auto-revoke on user removal
- Must manually revoke
- Rotate space API keys if needed
Fix:
- Organization Settings → API keys
- Revoke user's tokens
- Rotate space keys if sensitive
Next Steps
- Contentful Roles & Permissions - Role details
- Contentful User Management - Overview
- Contentful Documentation