Back to Help Centre
👔

Staff Management

Manage your team, understand roles, and control access permissions to keep your club running smoothly.

User Roles Explained

Youth Platform uses role-based access control to ensure staff members only have access to the features and information they need for their role.

Club Owner

Full administrative access to all features. The ultimate authority for the club.

Can access:

  • All club settings and configuration
  • Billing and subscription management
  • All staff accounts and permissions
  • All young people records and data
  • All sessions and attendance
  • All reports and analytics
  • GDPR deletion requests
✓ Can use password login
✓ MFA required
Management

Day-to-day operational management of the club without access to sensitive admin settings.

Can access:

  • Create and manage sessions
  • Manage young people records
  • Assign staff to sessions
  • View and generate reports
  • Approve new registrations
  • View attendance across all sessions

Cannot access:

  • Billing and subscriptions
  • Club deletion
  • Staff role changes (Club Owner only)
Magic link login only
✓ MFA required
Safeguarding Lead

Designated safeguarding officer with access to sensitive information for child protection.

Can access:

  • All young people records
  • Full medical information
  • Safeguarding notes and concerns
  • Consent and guardian information
  • Attendance history

Cannot access:

  • Staff management
  • Session creation (unless also Management)
  • Club settings
✓ Can use password login
✓ MFA required
Session Leader

Runs specific sessions and manages attendance for those sessions.

Can access:

  • Sessions they're assigned to
  • Check-in functionality
  • Young people information (based on session security level)
  • Emergency contact details
  • Session attendance records

Cannot access:

  • Sessions they're not assigned to
  • Full medical records (only critical flags at High security)
  • Management functions
Magic link login only
MFA optional
Team Member

Helps at sessions with limited access to personal information. This role is ideal for volunteers and support staff who assist with running sessions.

Can access:

  • Sessions they're assigned to
  • Basic check-in functionality
  • Name and photo of young people
  • View-only access to attendance list

Cannot access:

  • Contact details or medical information
  • Guardian information
  • Historical records
  • Management functions
Magic link login only

Multiple Roles

A staff member can have multiple roles. For example, someone could be both a Session Leader and Safeguarding Lead. They'll have the combined permissions of both roles.

Inviting New Staff

Adding new team members is quick and easy. They'll receive an email invitation with a magic link to access the platform.

How to Invite Staff

  1. Go to Staff from the sidebar
  2. Click Add Staff Member
  3. Enter their details:
    • Name - Their full name
    • Email - Work or personal email they'll use to log in
    • Phone (optional) - Contact number
  4. Select their Role (see User Roles above)
  5. Click Send Invitation

What Happens Next

  1. The staff member receives a welcome email
  2. The email contains a magic link to access the platform
  3. When they click the link, they're logged in and see their dashboard
  4. For future logins, they just enter their email to receive a new magic link

Resending Invitations

If someone didn't receive their invitation or the link expired:

  1. Go to Staff and find the person
  2. Click Resend Invitation
  3. A new invitation email will be sent

Alternatively, the staff member can simply go to the login page and request a magic link using their email address.

Important

Only Club Owners can invite new staff with Management or Club Owner roles. Management can invite Session Leaders and Team Members.

Managing Permissions

You can adjust staff permissions at any time by changing their role or session assignments.

Changing Someone's Role

  1. Go to Staff and click on the person's profile
  2. Click Edit Role
  3. Select the new role
  4. Click Save

The change takes effect immediately. The staff member's access will update the next time they load a page.

Session Assignments

Session Leaders and Team Members need to be assigned to specific sessions to access them:

  1. Go to the Session you want to assign them to
  2. Click on the Staff tab
  3. Click Add Staff
  4. Select the staff member
  5. Click Assign

Once assigned, they'll see that session on their dashboard and can access check-in for it.

Removing Session Access

  1. Go to the session's Staff tab
  2. Find the staff member
  3. Click Remove

Pro Tip

Management and Club Owner roles can access all sessions automatically - they don't need to be assigned to individual sessions.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication adds an extra layer of security by requiring a one-time code from your phone in addition to your email login. This protects your account even if someone gains access to your email.

Who Needs MFA?

MFA requirements vary by role to balance security with convenience:

RequiredClub Owner, Management, Safeguarding Lead
OptionalSession Leader
Not AvailableTeam Member (magic link login only)

Setting Up MFA

  1. Go to Settings → Security
  2. Click Enable Multi-Factor Authentication
  3. Download an authenticator app if you don't have one:
    • Google Authenticator (iOS / Android)
    • Microsoft Authenticator
    • Authy
    • 1Password
  4. Scan the QR code with your authenticator app
  5. Enter the 6-digit code shown in your app
  6. Save your backup codes in a safe place

Using MFA

After setting up MFA, when you log in:

  1. Enter your email and click the magic link (or enter password for admin roles)
  2. You'll be asked for a 6-digit verification code
  3. Open your authenticator app and enter the current code
  4. Optionally, check Trust this device for 30 days

Trusted Devices

To avoid entering codes every time, you can trust a device for 30 days:

  • Check Trust this device when entering your MFA code
  • You won't need to enter a code on that device for 30 days
  • View and revoke trusted devices in Settings → Security

Backup Codes

Backup codes are one-time use codes that let you log in if you lose access to your authenticator app (e.g., lost phone):

  • You receive 10 backup codes when setting up MFA
  • Each code can only be used once
  • Store them securely (password manager, printed in a safe)
  • You can regenerate new codes in Settings (invalidates old ones)

Lost Your Phone?

If you've lost access to your authenticator app and backup codes, contact your Club Owner. They can temporarily disable MFA on your account so you can set it up again with a new device.

Safeguarding Leads

Every youth club should have a designated safeguarding lead. This role has special access to sensitive information needed for child protection.

Why a Separate Role?

The Safeguarding Lead role ensures:

  • Designated person has access to sensitive safeguarding information
  • Access to this data is limited and auditable
  • Safeguarding concerns can be recorded and tracked
  • Compliance with safeguarding policies and regulations

Setting Up a Safeguarding Lead

  1. Identify your designated safeguarding officer
  2. Either create a new staff account or edit an existing one
  3. Assign the Safeguarding Lead role
  4. They can also have other roles (e.g., Management + Safeguarding Lead)

What Safeguarding Leads Can See

  • Full profiles of all young people
  • Complete medical information
  • Safeguarding notes and concerns
  • Guardian contact details and relationships
  • Consent records and history
  • Full attendance history

Recording Safeguarding Concerns

Safeguarding leads can add confidential notes to young people's profiles:

  1. Open the young person's profile
  2. Go to the Safeguarding tab
  3. Click Add Note
  4. Record the concern with date and details
  5. Click Save

Important

Safeguarding notes are confidential and only visible to Safeguarding Leads and Club Owners. They are not shown to other staff during check-in, regardless of security level.

Deactivating Staff Accounts

When a staff member leaves, you should deactivate their account to remove their access while preserving historical records.

How to Deactivate

  1. Go to Staff and find the person
  2. Click on their profile
  3. Click Deactivate Account
  4. Confirm the deactivation

What Happens When Deactivated

  • They can no longer log in
  • Their session assignments are removed
  • Historical records (e.g., check-ins they performed) are preserved
  • Their name still appears in audit trails
  • The account can be reactivated if needed

Reactivating an Account

  1. Go to Staff
  2. Enable Show Deactivated filter
  3. Find and click on the account
  4. Click Reactivate Account
  5. Reassign them to sessions as needed

Permanent Deletion

If you need to permanently delete a staff account (e.g., GDPR request):

  1. First deactivate the account
  2. Click Delete Permanently
  3. Confirm by typing DELETE

Best Practice

Always deactivate rather than delete when someone leaves. This preserves audit trails and historical records. Only delete if legally required (e.g., GDPR request).

Related Articles

🚀

Getting Started

Initial setup and roles overview

📅

Session Staff

Assigning staff to sessions

✅

Security Levels

What information staff can see

📊

Reports

Staff access to analytics