Removing team members
How to remove a member from your ADO Pilot org, the 24-hour stale-session window, and why you cannot remove yourself.
Last updated
Admins remove members from the Team settings page. New requests from the removed user fail immediately, but an active browser session can remain valid for up to 24 hours. You cannot remove yourself.
ADO Pilot has three organization roles. The descriptions below match what the Role permissions card on the Team settings page shows in the dashboard.
- Admin — Full access to all settings, billing, team management, and repository configuration.
- Member — Can manage repositories, view reviews, and configure notification preferences.
- Viewer — Read-only access to review history and repository status. Cannot change settings.
| Capability | Admin | Member | Viewer |
|---|---|---|---|
| View dashboard, reviews, and findings | Yes | Yes | Yes |
| View repository status and integration page | Yes | Yes | Yes |
| View team members and pending invites | Yes | Yes | Yes |
| View billing and subscription | Yes | Yes | Yes |
| Configure repository settings | Yes | No | No |
| Change notification settings | Yes | No | No |
| Test webhooks | Yes | No | No |
| Invite team members | Yes | No | No |
| Cancel pending invites | Yes | No | No |
| Remove team members | Yes | No | No |
| Start Stripe checkout | Yes | No | No |
| Open the Stripe billing portal | Yes | No | No |
| Change the overage cap | Yes | No | No |
Remove a member
Step 1 — Open the Team page
In the dashboard, go to Settings → Team.
Step 2 — Find the member
Locate the row in the Members list. Double-check the email — there is no undo prompt and no soft-delete.
Step 3 — Open the row's action menu
At the end of each member row is a three-dot dropdown trigger (the ⋯ icon). Click it to open the action menu, then choose Remove member. The user account itself is preserved on a successful removal so review history and audit logs stay intact.
What changes immediately
As soon as removal succeeds:
- New API calls from the removed user fail. The dashboard cannot fetch their org context, so settings, billing, reviews, and team pages stop loading.
- They are no longer billed or counted toward seat-based metrics.
- They no longer appear in the Team page or in audit lists for this org.
If the user is in another ADO Pilot org, that membership is unaffected.
The 24-hour stale-session window
ADO Pilot's portal authenticates with a JWT-strategy session whose maxAge is 24 hours. A removed user retains their session for up to 24 hours from when they last signed in — not from the moment of removal — and the role and org membership baked into the JWT are not re-checked from Cosmos on every request. In the worst case the cookie is brand-new at removal time and stays valid for nearly the full 24 hours; if they signed in earlier in the day, the remaining window is correspondingly shorter.
In practice this means:
- A removed user's open browser tab can still load pages it has already cached and replay requests that the server-side authorization layer happens to allow.
- Server-side mutations that re-check role still fail with the same 403s any other non-admin sees, because the JWT carries the user's role at sign-in time, not their current membership row.
- Once the user signs out, closes the tab, or hits the 24-hour expiry, they can no longer sign in — the next sign-in attempt has no membership row to consult.
You cannot remove yourself
The remove endpoint refuses to delete the calling admin's own membership. Whether you target your own user ID or the literal sentinel self, the response is:
- HTTP
400 - Body:
Cannot remove yourself
This is intentional — leaving an org with no admins would lock everyone out of billing and team management. To leave the org yourself, ask another admin to remove you. If you are the only admin, you cannot remove yourself — there is currently no way to transfer admin status via the dashboard. Contact ADO Pilot support if you need to restructure your org's admin access.
Re-adding a removed member
A removal is final but not permanent — you can invite the same email back at any time. See Inviting team members. The new invite creates a fresh membership row when accepted; prior review history attributed to that user remains in your org's audit trail under their original user ID.