Follow these steps to grant the collaborator access to your Mixpanel organization. Mixpanel's permission model combines organization-level roles with project-specific access controls to ensure appropriate visibility and capabilities.
Understanding Mixpanel Roles
Mixpanel uses a two-tier permission system with organization and project-level roles:
Organization Roles
Organization Admin:
- Full control over settings, billing, SSO/SCIM configuration
- Can create/delete projects and manage all members
- Access to usage reports and subscription management
- Appropriate for implementation architecture or governance work
Organization Member:
- Access limited to assigned projects only
- Cannot manage billing, organization settings, or other members
- Ideal for project-focused analytics and implementation
Project-Level Roles
Project Owner (Admin):
- Full control within the project: settings, integrations, data definitions
- Creates reports, dashboards, cohorts, and experiments
- Can export data and manage project-level access
- Suitable for implementation leads and project managers
Analyst:
- Creates and edits analytics content (reports, dashboards, funnels)
- Full data exploration and visualization access
- Cannot modify project settings or data definitions
- Appropriate for analytics team members
Consumer:
- Read-only access to saved reports and dashboards
- Cannot create analyses or export data
- Ideal for stakeholders needing visibility only
Prerequisites
Before inviting the collaborator, gather the following information:
Required Information
- Mixpanel organization name and URL
- List of projects to grant access (production, staging, mobile, web)
- Authentication method: email/password, Google OAuth, or enterprise SSO
- Service account email address (e.g.,
analytics-team@agency.com) - Engagement scope to determine appropriate roles:
- Implementation + governance = Org Admin or Project Owner
- Analytics and reporting = Analyst
- Dashboard review>
Verification Steps
- Confirm you have Organization Admin privileges
- If using SSO/SCIM, coordinate with identity team to pre-provision the user
- Review security policies: MFA requirements, IP allowlisting, password rules
- Verify project list and production vs. staging separation
- Check if access to Data Warehouse, Lexicon, or Experiments is needed
Invitation Workflow
1. Access Member Management
- Log into Mixpanel with admin credentials
- Click Settings (gear icon) in lower-left corner
- Navigate to Organization Settings → Members
- Review existing members to avoid duplicates
2. Initiate Invitation
- Click Invite Members or + button
- A modal will appear for user details
3. Enter User Information
- Enter the service account email address
- Verify spelling and domain
- For SSO, ensure domain matches SSO configuration
- Use dedicated service accounts, not personal emails
4. Assign Organization Role
Select based on requirements:
- Org Admin if the collaborator will:
- Manage multiple projects or create new ones
- Configure organization-wide integrations
- Need access to billing or usage reports
- Member (default) for:
- Project-specific analytics work
- Implementation within defined scope
- Reporting and insights tasks
5. Assign Project Access and Roles
For each project:
- Check the project name box
- Select project role:
- Owner/Admin: Implementation and full project control
- Analyst: Creating reports and analytics
- Consumer: Read-only dashboard access
- Include staging if collaborator will QA implementation
- Apply least-privilege: start minimal and expand as needed
6. Add Documentation
Document in notes field if available:
- Engagement name or SOW reference
- Ticket number or approval ID
- Expected access duration for temporary access
- Business justification
7. Send Invitation
- Review email, role, and projects
- Click Send Invitation
- Mixpanel sends email from
noreply@mixpanel.com - Invitations expire after 7-14 days
After Inviting
Monitor and Verify
- Check Settings → Members → Pending Invitations for status
- Follow up if still pending after 72 hours
- Verify correct role and projects after acceptance
- Confirm "Last Active" timestamp after first login
- Ask collaborator to verify they see expected projects
Share Access Information
Authentication:
- Mixpanel organization URL/workspace name
- Login method (email/password, Google, SSO portal)
- MFA setup instructions if required
- VPN or IP allowlisting requirements
Security Policies:
- Password requirements and rotation schedules
- Session timeout settings
- Data export and privacy guidelines
- Acceptable use policies
Orientation:
- Links to key dashboards and their purposes
- Project descriptions (production vs. staging)
- Event taxonomy and naming conventions
- Contact for Mixpanel questions
Update Documentation
- Log invitation details in access tracker:
- Date/time, admin name, collaborator email
- Organization role and project assignments
- Business justification and approver
- Temporary access end date if applicable
- Set calendar reminders for reviews and expiration
- Store confirmation email with project records
Role-Specific Setup
For Organization Admins
- Share docs on org-wide integrations (warehouses, Segment, APIs)
- Provide context on data governance and privacy settings
- Explain project structure and naming conventions
- Grant access to developer documentation
For Project Owners
- Review event taxonomy and data model
- Share custom property definitions and standards
- Explain integration setups (imports, exports, destinations)
- Document project-specific considerations
For Analysts and Consumers
- Share bookmarks to frequently used dashboards
- Provide training on Mixpanel features
- Set expectations about data refresh frequency
- Explain role limitations
Troubleshooting
Invitation Not Delivered
If no email within 30 minutes:
- Verify email address for typos
- Resend from Settings → Members → Pending → Resend
- Ask collaborator to check spam folders for
@mixpanel.com - Allowlist Mixpanel email domains:
mixpanel.com,*.mixpanel.com - Check corporate email gateways for blocks
- For SSO orgs, confirm user exists in IdP first
- Delete and resend if invitation expired
SSO Login Fails
If accepted but can't log in via SSO:
- Confirm user in correct IdP group mapped to Mixpanel
- Verify SAML attribute mappings (email, name, groups)
- Check IdP email exactly matches Mixpanel invitation
- Test SSO in Settings → Security → SSO
- Review IdP logs for authentication errors
- Ensure using SSO login URL, not generic Mixpanel login
Can't See Projects
If projects missing after login:
- Edit user and verify project checkboxes in Settings → Members
- Confirm projects are active (not archived)
- Check project visibility settings
- Ask collaborator to refresh browser or clear cache
- Verify correct organization (check URL/workspace)
Wrong Role Assigned
If permissions incorrect after acceptance:
- Edit user and correct organization/project roles
- If using SCIM, verify IdP mappings and force re-sync
- Ask collaborator to log out and back in
- Check audit log for role changes during provisioning
Temporary Access
For time-limited engagements:
- Document end date in IAM tracker
- Set calendar reminders (1 week before, on end date)
- Add note to member profile with expiration
- For SCIM: use time-bound IdP group memberships
- For short access (under 2 weeks), consider screen sharing
- Send reminder 2 weeks before expiration
Best Practices
Security
- Use dedicated service accounts, not personal emails
- Apply least privilege: minimum necessary permissions
- Require formal approval before invitations
- Separate production and staging access
- Implement quarterly access reviews
- Use SSO/SCIM for centralized management
Operations
- Standardize service account naming
- Document standard roles for engagement types
- Use SCIM for frequent user changes
- Maintain detailed invitation notes
- Automate access review reminders
Communication
- Send welcome email after access granted with URLs, dashboard links, and contacts
- CC engagement manager on confirmations
- Set clear expectations for support and response times