Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.arcuserp.com/llms.txt

Use this file to discover all available pages before exploring further.

Which User Page Should I Use?

Arcus has two user surfaces because organization access and entity access are different jobs.

  • Organization Users: invite users, assign them to one or more entities, edit entity memberships, resend or revoke pending invitations, remove users from the organization, and reset another user’s MFA.
  • Entity Team: manage users already inside the active entity, edit their role in that entity, set or reset PIN lock, limit location access, upload photos, and tune custom permissions.
  • Roles and Permissions: review system roles, duplicate a role, create custom roles, and choose exact permission keys.
  • Role Coverage Report: audit effective permissions across active users.
Organization Users page with user list, entity memberships, role chips, status, actions, search, and pending invitations
Access changes are security-sensitive Before granting admin, accounting, role management, settings, or audit permissions, confirm the user needs that access for their job. Remove access promptly when a person changes roles or leaves the company.

Invite a User

  1. Open Admin, then Organization.
  2. Choose Users.
  3. Select Invite User.
  4. Enter the user’s email address.
  5. Choose the starting role.
  6. Select every entity the user should access.
  7. Optionally expand Location Access to restrict the user to specific warehouses.
  8. Optionally expand Custom Permissions for advanced overrides.
  9. Send the invitation.
Invite User modal with email, role, entities, optional location access, optional custom permissions, and Send Invitation button
Use the simplest role that works Start with the closest standard role. Use location restrictions and custom permissions only when a standard role is too broad or too narrow.

Pending Invitations

Pending invitations stay visible on the Organization Users page until they are accepted, revoked, or expired. Use the pending table when someone says they did not receive the invite or when the wrong role or entity was selected.

  • Resend: sends the invite again without creating a duplicate user.
  • Revoke: cancels a pending invite so the link can no longer be used.
  • Expired: the invite is no longer usable. Send a new invite if the user still needs access.
Invitation delivery is outside the app after send If Arcus shows a pending invite and email delivery logs show the message was accepted, the remaining troubleshooting is usually mailbox filtering, security quarantine, or a typo in the email address. Revoke the bad invite before sending a corrected one.

Change a User’s Entity Role

A user can have different roles in different entities. For example, a person may be an admin in a sandbox entity and a viewer in production.

  1. Open Organization Users.
  2. Find the user.
  3. In the Entities column, click the role next to the entity code.
  4. Select the new role.
  5. Save the inline edit.

Only users allowed to assign owner-level access can choose the Owner role. If you do not see Owner as an option, your own access does not allow that assignment.

Use Entity Team for Day-to-Day Access Changes

Entity Team focuses on the active entity. Use it when the person is already a member of the entity and you need to edit their day-to-day access or shared-workstation setup.

Entity Team page with users, roles, PIN status, last activity, active toggle, and edit actions
  • Edit: update the user’s name, role, location access, and custom permissions in the active entity.
  • PIN: set or reset a lock-screen PIN for shared workstation use.
  • Active: deactivate or reactivate the user’s access in the active entity.
  • Remove: remove the user from the active entity without deleting their organization account.
  • Photo: upload a profile photo used in user lists and operational surfaces.
Edit User modal with role picker, PIN lock toggle, location access, and custom permissions controls
Do not edit your own safety-critical access Arcus blocks or limits some self-edits, such as changing your own location access. Use a second trusted admin for changes that could lock you out or weaken separation of duties.

Location Access

Location access limits where a user can work. It is useful for warehouse, fulfillment, inventory, receiving, and location-specific operations.

  • Leave location access unset when the user should see all locations in the entity.
  • Select locations when the user should only work from certain warehouses or stores.
  • Review location restrictions after adding a new warehouse or changing a user’s job.
  • If a user cannot see expected inventory or fulfillment work, check their location access before assuming the record is missing.

Custom Permissions

Roles provide defaults. Custom permissions override those defaults for edge cases. Use them sparingly because one-off overrides are harder to audit than standard roles.

  • Use custom permissions to grant one specific ability without upgrading the whole role.
  • Remove custom overrides when the user moves into a standard job role.
  • Review high-risk permissions for accounting, settings, users, roles, audit, payments, returns overrides, and inventory overrides.
  • Use the Role Coverage Report when you need to inspect effective permissions across users.

Roles and Permissions

Standard system roles are locked. If a system role is close but not exact, duplicate it and create a custom role instead of editing the system role.

Roles and Permissions page with system roles, custom roles, permission counts, assigned users, duplicate and edit actions
  1. Open Admin, then Roles.
  2. Review the role list, permission count, and assigned users.
  3. Choose Duplicate on a system role or Create custom role.
  4. Name the role clearly, such as Shipping Lead or AP Clerk.
  5. Select only the permission groups required for that job.
  6. Save the role, then assign it from Organization Users or Entity Team.
Create custom role page with name, description, grouped permission checkboxes, and Save role button

Role Coverage Report

The Role Coverage Report shows effective permissions per active user. Use it during onboarding reviews, offboarding checks, and security audits.

Role Coverage Report page showing users, roles, and effective permission columns

Reset a User’s MFA

Organization admins can reset another user’s MFA when the user has lost access to their authenticator or recovery codes. This clears their authenticator app and recovery codes, then requires them to enroll again at next sign-in.

  1. Open Organization Users.
  2. Find the active user.
  3. Choose Reset MFA.
  4. Read the warning carefully.
  5. Type the required confirmation phrase exactly.
  6. Enter the reason for the reset.
  7. Confirm the reset.
Verify the person before resetting MFA Reset MFA only after confirming the user’s identity through your internal process. The reason is kept for audit review, so write a useful business reason.

Remove or Deactivate Access

Choose the smallest removal that matches the situation.

  • Deactivate in Entity Team: turns off access in the active entity while preserving the user record.
  • Remove from entity: removes one entity membership but keeps the user in the organization.
  • Remove from organization: removes organization access across entities and should be used for offboarding.
  • Revoke pending invite: cancels access before the user accepts the invite.
Offboarding checklist Remove organization access, revoke pending invites, review custom permissions, check API keys, confirm active sessions are no longer usable, and review audit entries for the user’s recent activity.

Common Blocks

  • User did not receive invite: confirm the email address, resend once, then check mailbox filtering or security quarantine.
  • Owner role is not available: only users with owner-level authority can assign owner access.
  • User cannot see a location: review Entity Team location access.
  • User cannot perform an action: check their role, custom permission overrides, and the Role Coverage Report.
  • User cannot sign in after MFA reset: have them complete the required MFA enrollment flow at next sign-in.
  • Admin cannot edit another owner: owner-level users must be changed by another owner.

Profile and Security

Manage profile details, PIN lock, MFA, security keys, and recovery options.

Company Setup

Configure business profile, environment, branding, locations, and the workflow impact of company defaults.

Settings Overview

Understand the admin surfaces, settings groups, and workflow impact areas.

Email Log and Account Communications

Use the email log, preview/resend tools, and account communication preferences.

Fulfillment Station

Operate the station view for picking, packing, and shipping.