Adding and Removing Volusion Users | OpsBlu Docs

Adding and Removing Volusion Users

How to add and remove team members in Volusion. Covers invitation workflows, role assignment, access revocation, and user lifecycle management for.

Comprehensive step-by-step guide for managing Volusion admin accounts, from adding new store administrators to safely removing team member access.

Prerequisites

To manage users, you must have:

  • Super Administrator access in Volusion
  • Active Volusion store
  • Appropriate plan (some features require Business or higher)

Plan Considerations:

  • Number of admin accounts may vary by plan
  • Volusion V1 and V2 have different user management interfaces
  • API access requires separate credentials

Adding Users to Volusion

Method 1: Admin Panel (Volusion V2)

Best for: Most user additions, day-to-day management

Step 1: Access Admin Settings

Admin Panel → Settings → Store Settings → Admins

Screenshot reference: /screenshots/volusion-admin-settings.png

Step 2: Create New Administrator

  1. Click "Add Administrator" button
  2. Enter administrator information:

Required Fields:

  • Username: Unique login identifier (4-20 characters)
  • Password: Strong password required
    • Minimum 8 characters
    • Must include uppercase, lowercase, number
  • Email: Valid email address for notifications
  • First Name: Administrator's first name
  • Last Name: Administrator's last name

Optional Fields:

  • Phone: Contact phone number
  • Notes: Internal notes about this admin

Step 3: Assign Permissions

Select access level:

  • Super Administrator: Full store access
  • Administrator: Most features except critical settings
  • Limited Administrator: Specific feature access
  • Custom: Define specific permissions

Permission categories:

  • Products and Inventory
  • Orders and Customers
  • Content and SEO
  • Reports and Analytics
  • Marketing and Promotions
  • Settings and Configuration
  • Design and Templates

See Roles & Permissions for detailed breakdown.

Step 4: Configure Additional Settings

IP Restrictions (optional):

  • Enable IP restriction
  • Enter allowed IP addresses
  • Useful for security-sensitive accounts

Login hours (optional):

  • Restrict login to business hours
  • Set timezone
  • Define allowed hours

Two-factor authentication:

  • Recommended for all admins
  • Email or SMS-based
  • Required for Super Administrators

Step 5: Save and Notify

  1. Click "Save Administrator"
  2. Send credentials to new admin via secure channel
  3. Never email passwords - use password reset instead

Best practice: Require password change on first login.

Method 2: Volusion V1 Classic

For stores still on V1 platform:

Access Path

Admin → Tools → Admins → Add New Administrator

Configuration

Basic Information:

  • Login name
  • Password
  • Email address
  • Name

Access Rights:

  • Select department access checkboxes:
    • Inventory
    • Orders
    • Customers
    • Articles
    • Reports
    • Newsletters
    • Site Features
    • Site Design

Admin Level:

  • Super Admin: All access
  • Regular Admin: Assigned departments only

Method 3: API User Creation (Advanced)

Best for: Automated provisioning, integrations

Note: Volusion V2 API is different from V1

Volusion API Endpoint

POST https://api.volusion.com/v1/admins
Authorization: Bearer {your-api-token}
Content-Type: application/json

Request Body

{
  "username": "john.admin",
  "email": "john@company.com",
  "firstName": "John",
  "lastName": "Admin",
  "password": "SecurePassword123!",
  "role": "administrator",
  "permissions": [
    "products.view",
    "products.edit",
    "orders.view",
    "orders.process"
  ]
}

JavaScript Example

const axios = require('axios');

async function createVolusionAdmin() {
  try {
    const response = await axios.post(
      'https://api.volusion.com/v1/admins',
      {
        username: 'john.admin',
        email: 'john@company.com',
        firstName: 'John',
        lastName: 'Admin',
        password: 'SecurePassword123!',
        role: 'administrator',
        permissions: [
          'products.view',
          'products.edit',
          'orders.view'
        ]
      },
      {
        headers: {
          'Authorization': `Bearer ${API_TOKEN}`,
          'Content-Type': 'application/json'
        }
      }
    );

    console.log('Admin created:', response.data);
  } catch (error) {
    console.error('Error:', error.response.data);
  }
}

Managing Existing Administrators

View Current Admins

Access admin list:

Settings → Store Settings → Admins

Information displayed:

  • Username
  • Name and email
  • Role/permissions
  • Last login
  • Status (Active/Inactive)

Edit Administrator Permissions

  1. Navigate to: Settings → Admins
  2. Click administrator name
  3. Modify permissions:
    • Change role
    • Update access rights
    • Adjust IP restrictions
  4. Click "Save"

When to edit:

  • Role changes
  • Department transfers
  • Temporary elevated access
  • Security adjustments

Change Administrator Password

Admin-initiated:

Admin Panel → Profile → Change Password

Super Admin reset:

Settings → Admins → Select admin → Reset Password

Password requirements:

  • Minimum 8 characters
  • Uppercase and lowercase
  • At least one number
  • Special character recommended

Temporarily Disable Admin

Suspend without deletion:

  1. Settings → Admins
  2. Select administrator
  3. Status: Change to "Inactive"
  4. Save

Effects:

  • Cannot log in
  • Retains account settings
  • Can be reactivated
  • Preserves activity history

Removing Administrators from Volusion

Pre-Removal Checklist

Before removing an administrator:

  • Review pending orders they're processing
  • Reassign open tickets to other admins
  • Export activity logs for records
  • Document removal reason for audit trail
  • Transfer ownership of saved reports/filters
  • Notify team members if applicable
  • Check for active sessions and log out

Method 1: Remove via Admin Panel

Step 1: Navigate to Admins

Settings → Store Settings → Admins

Step 2: Select Administrator

  1. Find administrator in list
  2. Click administrator name or edit icon

Step 3: Delete Administrator

  1. Scroll to bottom of edit page
  2. Click "Delete Administrator" button
  3. Confirmation dialog:
    Are you sure you want to delete this administrator?
This action cannot be undone.
Activity history will be preserved.
  4. Click "Confirm" to delete

What happens:

  • Access revoked immediately
  • Cannot log into admin panel
  • Activity logs preserved
  • Username becomes available for reuse

Method 2: Bulk Administrator Management

Volusion doesn't support bulk deletion:

  • Must remove administrators one at a time
  • Document each removal
  • Track in spreadsheet for audit

Method 3: API-Based Removal

DELETE https://api.volusion.com/v1/admins/{admin_id}
Authorization: Bearer {your-api-token}

async function deleteVolusionAdmin(adminId) {
  try {
    await axios.delete(
      `https://api.volusion.com/v1/admins/${adminId}`,
      {
        headers: {
          'Authorization': `Bearer ${API_TOKEN}`
        }
      }
    );

    console.log('Admin deleted successfully');
  } catch (error) {
    console.error('Error:', error.response.data);
  }
}

Special Scenarios

Removing Super Administrator

Cannot remove last Super Administrator:

  • Store must have at least one Super Admin
  • Create backup Super Admin first
  • Then remove original

Steps:

  1. Add new Super Administrator
  2. Verify new admin can log in
  3. Test Super Admin permissions
  4. Remove original Super Administrator

Emergency Access Revocation

Security incident response:

  1. Disable account immediately: Set to Inactive
  2. Change store owner password: If compromise suspected
  3. Review recent activity: Check admin logs
  4. Audit recent changes: Products, orders, customers
  5. Reset API credentials: If applicable
  6. Enable IP restrictions: For remaining admins
  7. Document incident: Security log

Former Employee Offboarding

Same-day checklist:

  • Disable admin account
  • Change shared passwords (if any)
  • Review recent activity
  • Export activity logs
  • Remove from communication channels
  • Update emergency contact lists

Within 24 hours:

  • Permanently delete account
  • Update documentation
  • Notify remaining team
  • Review security measures

Contractor Access Management

Project start:

  1. Create limited admin account
  2. Grant specific permissions only
  3. Set expected end date (calendar)
  4. Document project scope

Project end:

  1. Review completed work
  2. Export relevant reports
  3. Disable or delete account
  4. Update access documentation

Admin Activity Monitoring

View Admin Activity Logs

Access logs:

Reports → Admin Activity Log

Tracked activities:

  • Login/logout times
  • Products edited
  • Orders processed
  • Settings changed
  • Customer data accessed
  • Reports generated

Filter by:

  • Administrator name
  • Date range
  • Activity type
  • Department

Security Auditing

Regular audit checklist:

Weekly:
- [ ] Review failed login attempts
- [ ] Check unusual activity hours
- [ ] Monitor IP address changes

Monthly:
- [ ] List all active admins
- [ ] Verify employment status
- [ ] Review permission appropriateness
- [ ] Identify inactive accounts (30+ days)

Quarterly:
- [ ] Full security audit
- [ ] Password resets (if policy)
- [ ] Update documentation
- [ ] Remove unnecessary accounts

Multi-Store Management

Managing Admins Across Multiple Stores

For merchants with multiple Volusion stores:

Separate accounts required:

  • Each store = separate admin accounts
  • No cross-store user management
  • Must add admin to each store individually

Best practices:

  • Use consistent usernames across stores
  • Maintain central documentation
  • Synchronize permission levels
  • Coordinate access reviews

Tools for management:

  • Password manager (1Password, LastPass)
  • Central access documentation
  • Automated provisioning scripts (via API)

Integration Access

API Credential Management

Separate from admin accounts:

Settings → API Credentials → Generate New Key

When admin leaves:

  • Review API keys they created
  • Regenerate keys if needed
  • Update connected applications
  • Document API access changes

Third-Party App Access

Audit connected apps:

Settings → Integrations → Connected Apps

When removing admin:

  • Check apps they installed
  • Verify ongoing need
  • Transfer ownership or remove
  • Update app credentials

Best Practices

Adding Administrators

Security-first approach:

  • ✓ Use least privilege principle
  • ✓ Assign minimum required permissions
  • ✓ Enable two-factor authentication
  • ✓ Implement IP restrictions (sensitive roles)
  • ✓ Require strong passwords
  • ✓ Document business justification
  • ✓ Set review date for temporary access

Avoid:

  • ✗ Giving Super Admin by default
  • ✗ Sharing admin accounts
  • ✗ Using weak passwords
  • ✗ Granting unnecessary permissions

Removing Administrators

Clean offboarding:

  • ✓ Remove access same day as departure
  • ✓ Export activity logs before deletion
  • ✓ Document removal reason and date
  • ✓ Review recent activity for issues
  • ✓ Notify relevant team members
  • ✓ Update emergency procedures

Avoid:

  • ✗ Delaying removal "until project done"
  • ✗ Leaving inactive accounts
  • ✗ Forgetting to update documentation
  • ✗ Skipping activity review

Password Management

Strong password policy:

  • Minimum 12 characters
  • Complexity requirements
  • No password reuse
  • Regular password changes (90 days)
  • Use password manager

MFA/2FA:

  • Required for Super Administrators
  • Recommended for all admins
  • Email or SMS-based
  • Backup codes stored securely

Troubleshooting

Can't Add Administrator - Limit Reached

Error: "Maximum administrators reached"

Solutions:

  1. Check plan limits: Verify admin allowance
  2. Remove inactive admins: Free up slots
  3. Upgrade plan: Higher tier allows more admins
  4. Contact Volusion support: Request increase

New Admin Can't Log In

Checklist:

  • Account status is Active?
  • Username spelled correctly?
  • Password meets requirements?
  • Email verified (if required)?
  • IP restriction blocking?
  • Browser cache cleared?

Common fixes:

  • Reset password
  • Verify account active
  • Check IP restrictions
  • Try different browser

Administrator Permissions Not Working

Debug steps:

  1. Verify permissions assigned: Check admin settings
  2. Check role level: Ensure appropriate role
  3. Clear browser cache: Logout and login
  4. Review activity log: Check for permission errors
  5. Contact support: If issues persist

Common issues:

  • Incorrect role assigned
  • Permission not saved
  • Browser cache
  • Session timeout

Can't Delete Administrator

Possible causes:

  • Last Super Admin: Cannot remove
  • Insufficient permissions: You need Super Admin
  • Active sessions: Admin currently logged in

Solutions:

  • Create backup Super Admin (if last one)
  • Request Super Admin assistance
  • Force logout active sessions

Lost Super Administrator Access

Recovery options:

  1. Password reset: Use "Forgot Password" link
  2. Contact Volusion support: Provide account verification
  3. Account recovery process: Identity verification required

Prevention:

  • Maintain multiple Super Admin accounts
  • Document recovery procedures
  • Keep contact information current

Platform-Specific Notes

Volusion V1 vs V2

V1 Classic:

  • Simpler admin management
  • Department-based permissions
  • Limited customization
  • Older interface

V2 (Newer):

  • Granular permissions
  • Modern interface
  • More role options
  • Better API support

Migration considerations:

  • Admin accounts don't auto-migrate
  • Recreate users in V2
  • Retrain admins on new interface
  • Update documentation

Next Steps

Back to top