Fix user listing and invite validation regressions

* feat: legend auto generation based on group by

* chore: removed redundent check from util

.github/workflows/jsci.yaml

@@ -13,23 +13,6 @@ on:
 
 jobs:
   tsc:
-    if: |
-      github.event_name == 'merge_group' ||
-      (github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||
-      (github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-test'))
-    runs-on: ubuntu-latest
-    steps:
-      - name: checkout
-        uses: actions/checkout@v4
-      - name: setup node
-        uses: actions/setup-node@v5
-        with:
-          node-version: "22"
-      - name: install
-        run: cd frontend && yarn install
-      - name: tsc
-        run: cd frontend && yarn tsc
-  tsc2:
     if: |
       github.event_name == 'merge_group' ||
       (github.event_name == 'pull_request' && ! github.event.pull_request.head.repo.fork && github.event.pull_request.user.login != 'dependabot[bot]' && ! contains(github.event.pull_request.labels.*.name, 'safe-to-test')) ||

cmd/enterprise/Dockerfile.with-web.integration

@@ -1,4 +1,4 @@
-FROM node:18-bullseye AS build
+FROM node:22-bookworm AS build
 
 WORKDIR /opt/
 COPY ./frontend/ ./

docs/api/openapi.yml

@@ -2108,6 +2108,16 @@ components:
         token:
           type: string
       type: object
+    TypesPostableBulkInviteRequest:
+      properties:
+        invites:
+          items:
+            $ref: '#/components/schemas/TypesPostableInvite'
+          nullable: true
+          type: array
+      required:
+      - invites
+      type: object
     TypesPostableForgotPassword:
       properties:
         email:
@@ -2196,6 +2206,8 @@ components:
           type: string
         role:
           type: string
+        status:
+          type: string
         updatedAt:
           format: date-time
           type: string
@@ -3538,9 +3550,7 @@ paths:
         content:
           application/json:
             schema:
-              items:
-                $ref: '#/components/schemas/TypesPostableInvite'
-              type: array
+              $ref: '#/components/schemas/TypesPostableBulkInviteRequest'
       responses:
         "201":
           description: Created

ee/query-service/app/api/cloudIntegrations.go

@@ -170,7 +170,7 @@ func (ah *APIHandler) getOrCreateCloudIntegrationUser(
 	cloudIntegrationUserName := fmt.Sprintf("%s-integration", cloudProvider)
 	email := valuer.MustNewEmail(fmt.Sprintf("%s@signoz.io", cloudIntegrationUserName))
 
-	cloudIntegrationUser, err := types.NewUser(cloudIntegrationUserName, email, types.RoleViewer, valuer.MustNewUUID(orgId))
+	cloudIntegrationUser, err := types.NewUser(cloudIntegrationUserName, email, types.RoleViewer, valuer.MustNewUUID(orgId), types.UserStatusActive)
 	if err != nil {
 		return nil, basemodel.InternalError(fmt.Errorf("couldn't create cloud integration user: %w", err))
 	}

frontend/jest.config.ts

@@ -23,29 +23,7 @@ const config: Config.InitialOptions = {
 			'<rootDir>/node_modules/@signozhq/icons/dist/index.esm.js',
 		'^react-syntax-highlighter/dist/esm/(.*)$':
 			'<rootDir>/node_modules/react-syntax-highlighter/dist/cjs/$1',
-		'^@signozhq/sonner$':
-			'<rootDir>/node_modules/@signozhq/sonner/dist/sonner.js',
-		'^@signozhq/button$':
-			'<rootDir>/node_modules/@signozhq/button/dist/button.js',
-		'^@signozhq/calendar$':
-			'<rootDir>/node_modules/@signozhq/calendar/dist/calendar.js',
-		'^@signozhq/badge': '<rootDir>/node_modules/@signozhq/badge/dist/badge.js',
-		'^@signozhq/checkbox':
-			'<rootDir>/node_modules/@signozhq/checkbox/dist/checkbox.js',
-		'^@signozhq/switch': '<rootDir>/node_modules/@signozhq/switch/dist/switch.js',
-		'^@signozhq/callout':
-			'<rootDir>/node_modules/@signozhq/callout/dist/callout.js',
-		'^@signozhq/combobox':
-			'<rootDir>/node_modules/@signozhq/combobox/dist/combobox.js',
-		'^@signozhq/input': '<rootDir>/node_modules/@signozhq/input/dist/input.js',
-		'^@signozhq/command':
-			'<rootDir>/node_modules/@signozhq/command/dist/command.js',
-		'^@signozhq/radio-group':
-			'<rootDir>/node_modules/@signozhq/radio-group/dist/radio-group.js',
-		'^@signozhq/toggle-group$':
-			'<rootDir>/node_modules/@signozhq/toggle-group/dist/toggle-group.js',
-		'^@signozhq/dialog$':
-			'<rootDir>/node_modules/@signozhq/dialog/dist/dialog.js',
+		'^@signozhq/([^/]+)$': '<rootDir>/node_modules/@signozhq/$1/dist/$1.js',
 	},
 	extensionsToTreatAsEsm: ['.ts'],
 	testMatch: ['<rootDir>/src/**/*?(*.)(test).(ts|js)?(x)'],

frontend/jest.setup.ts

@@ -7,9 +7,10 @@
  */
 import '@testing-library/jest-dom';
 import 'jest-styled-components';
-import './src/styles.scss';
 
 import { server } from './src/mocks-server/server';
+
+import './src/styles.scss';
 // Establish API mocking before all tests.
 
 // Mock window.matchMedia

frontend/package.json

@@ -55,6 +55,7 @@
     "@signozhq/command": "0.0.0",
     "@signozhq/design-tokens": "2.1.1",
     "@signozhq/dialog": "^0.0.2",
+    "@signozhq/drawer": "0.0.4",
     "@signozhq/icons": "0.1.0",
     "@signozhq/input": "0.0.2",
     "@signozhq/popover": "0.0.0",

frontend/public/locales/en-GB/routes.json

@@ -14,5 +14,6 @@
 	"archives": "Archives",
 	"logs_to_metrics": "Logs To Metrics",
 	"roles": "Roles",
-	"role_details": "Role Details"
+	"role_details": "Role Details",
+	"members": "Members"
 }

frontend/public/locales/en/routes.json

@@ -14,5 +14,6 @@
 	"archives": "Archives",
 	"logs_to_metrics": "Logs To Metrics",
 	"roles": "Roles",
-	"role_details": "Role Details"
+	"role_details": "Role Details",
+	"members": "Members"
 }

frontend/public/locales/en/titles.json

@@ -74,5 +74,6 @@
 	"METER_EXPLORER": "SigNoz | Meter Explorer",
 	"METER_EXPLORER_VIEWS": "SigNoz | Meter Explorer Views",
 	"METER": "SigNoz | Meter",
-	"ROLES_SETTINGS": "SigNoz | Roles"
+	"ROLES_SETTINGS": "SigNoz | Roles",
+	"MEMBERS_SETTINGS": "SigNoz | Members"
 }

frontend/src/api/generated/services/sigNoz.schemas.ts

@@ -2525,6 +2525,14 @@ export interface TypesPostableAcceptInviteDTO {
 	token?: string;
 }
 
+export interface TypesPostableBulkInviteRequestDTO {
+	/**
+	 * @type array
+	 * @nullable true
+	 */
+	invites: TypesPostableInviteDTO[] | null;
+}
+
 export interface TypesPostableForgotPasswordDTO {
 	/**
 	 * @type string
@@ -2665,6 +2673,10 @@ export interface TypesUserDTO {
 	 * @type string
 	 */
 	role?: string;
+	/**
+	 * @type string
+	 */
+	status?: string;
 	/**
 	 * @type string
 	 * @format date-time

frontend/src/api/generated/services/users/index.ts

@@ -41,6 +41,7 @@ import type {
 	TypesChangePasswordRequestDTO,
 	TypesPostableAcceptInviteDTO,
 	TypesPostableAPIKeyDTO,
+	TypesPostableBulkInviteRequestDTO,
 	TypesPostableForgotPasswordDTO,
 	TypesPostableInviteDTO,
 	TypesPostableResetPasswordDTO,
@@ -671,14 +672,14 @@ export const useAcceptInvite = <
  * @summary Create bulk invite
  */
 export const createBulkInvite = (
-	typesPostableInviteDTO: BodyType<TypesPostableInviteDTO[]>,
+	typesPostableBulkInviteRequestDTO: BodyType<TypesPostableBulkInviteRequestDTO>,
 	signal?: AbortSignal,
 ) => {
 	return GeneratedAPIInstance<void>({
 		url: `/api/v1/invite/bulk`,
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json' },
-		data: typesPostableInviteDTO,
+		data: typesPostableBulkInviteRequestDTO,
 		signal,
 	});
 };
@@ -690,13 +691,13 @@ export const getCreateBulkInviteMutationOptions = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof createBulkInvite>>,
 		TError,
-		{ data: BodyType<TypesPostableInviteDTO[]> },
+		{ data: BodyType<TypesPostableBulkInviteRequestDTO> },
 		TContext
 	>;
 }): UseMutationOptions<
 	Awaited<ReturnType<typeof createBulkInvite>>,
 	TError,
-	{ data: BodyType<TypesPostableInviteDTO[]> },
+	{ data: BodyType<TypesPostableBulkInviteRequestDTO> },
 	TContext
 > => {
 	const mutationKey = ['createBulkInvite'];
@@ -710,7 +711,7 @@ export const getCreateBulkInviteMutationOptions = <
 
 	const mutationFn: MutationFunction<
 		Awaited<ReturnType<typeof createBulkInvite>>,
-		{ data: BodyType<TypesPostableInviteDTO[]> }
+		{ data: BodyType<TypesPostableBulkInviteRequestDTO> }
 	> = (props) => {
 		const { data } = props ?? {};
 
@@ -723,7 +724,7 @@ export const getCreateBulkInviteMutationOptions = <
 export type CreateBulkInviteMutationResult = NonNullable<
 	Awaited<ReturnType<typeof createBulkInvite>>
 >;
-export type CreateBulkInviteMutationBody = BodyType<TypesPostableInviteDTO[]>;
+export type CreateBulkInviteMutationBody = BodyType<TypesPostableBulkInviteRequestDTO>;
 export type CreateBulkInviteMutationError = ErrorType<RenderErrorResponseDTO>;
 
 /**
@@ -736,13 +737,13 @@ export const useCreateBulkInvite = <
 	mutation?: UseMutationOptions<
 		Awaited<ReturnType<typeof createBulkInvite>>,
 		TError,
-		{ data: BodyType<TypesPostableInviteDTO[]> },
+		{ data: BodyType<TypesPostableBulkInviteRequestDTO> },
 		TContext
 	>;
 }): UseMutationResult<
 	Awaited<ReturnType<typeof createBulkInvite>>,
 	TError,
-	{ data: BodyType<TypesPostableInviteDTO[]> },
+	{ data: BodyType<TypesPostableBulkInviteRequestDTO> },
 	TContext
 > => {
 	const mutationOptions = getCreateBulkInviteMutationOptions(options);

frontend/src/api/index.ts

@@ -94,19 +94,13 @@ export const interceptorRejected = async (
 					afterLogin(response.data.accessToken, response.data.refreshToken, true);
 
 					try {
-						const reResponse = await axios(
-							`${value.config.baseURL}${value.config.url?.substring(1)}`,
-							{
-								method: value.config.method,
-								headers: {
-									...value.config.headers,
-									Authorization: `Bearer ${response.data.accessToken}`,
-								},
-								data: {
-									...JSON.parse(value.config.data || '{}'),
-								},
+						const reResponse = await axios({
+							...value.config,
+							headers: {
+								...value.config.headers,
+								Authorization: `Bearer ${response.data.accessToken}`,
 							},
-						);
+						});
 
 						return await Promise.resolve(reResponse);
 					} catch (error) {

frontend/src/auto-import-registry.d.ts

@@ -19,6 +19,7 @@ import '@signozhq/combobox';
 import '@signozhq/command';
 import '@signozhq/design-tokens';
 import '@signozhq/dialog';
+import '@signozhq/drawer';
 import '@signozhq/icons';
 import '@signozhq/input';
 import '@signozhq/popover';

frontend/src/components/EditMemberDrawer/EditMemberDrawer.styles.scss

@@ -0,0 +1,304 @@
+.edit-member-drawer {
+	&__layout {
+		display: flex;
+		flex-direction: column;
+		height: calc(100vh - 48px);
+	}
+
+	&__body {
+		flex: 1;
+		overflow-y: auto;
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-8);
+		padding: var(--padding-5) var(--padding-4);
+	}
+
+	&__field {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-4);
+	}
+
+	&__label {
+		font-size: var(--font-size-sm);
+		font-weight: var(--font-weight-normal);
+		color: var(--foreground);
+		line-height: var(--line-height-20);
+		letter-spacing: -0.07px;
+		cursor: default;
+	}
+
+	&__input {
+		height: 32px;
+		background: var(--l2-background);
+		border-color: var(--border);
+		color: var(--l1-foreground);
+		box-shadow: none;
+
+		&::placeholder {
+			color: var(--l3-foreground);
+		}
+	}
+
+	&__input-wrapper {
+		display: flex;
+		align-items: center;
+		justify-content: space-between;
+		height: 32px;
+		padding: 0 var(--padding-2);
+		border-radius: 2px;
+		background: var(--l2-background);
+		border: 1px solid var(--border);
+
+		&--disabled {
+			cursor: not-allowed;
+			opacity: 0.8;
+		}
+	}
+
+	&__email-text {
+		font-size: var(--font-size-sm);
+		font-weight: var(--font-weight-normal);
+		color: var(--foreground);
+		line-height: var(--line-height-18);
+		letter-spacing: -0.07px;
+		white-space: nowrap;
+		overflow: hidden;
+		text-overflow: ellipsis;
+		flex: 1;
+	}
+
+	&__lock-icon {
+		color: var(--foreground);
+		flex-shrink: 0;
+		margin-left: 6px;
+		opacity: 0.6;
+	}
+
+	&__role-select {
+		width: 100%;
+		height: 32px;
+
+		.ant-select-selector {
+			background-color: var(--l2-background) !important;
+			border-color: var(--border) !important;
+			border-radius: 2px;
+			padding: 0 var(--padding-2) !important;
+			display: flex;
+			align-items: center;
+		}
+
+		.ant-select-selection-item {
+			font-size: var(--font-size-sm);
+			color: var(--l1-foreground);
+			line-height: 32px;
+			letter-spacing: -0.07px;
+		}
+
+		.ant-select-arrow {
+			color: var(--foreground);
+		}
+
+		&:not(.ant-select-disabled):hover .ant-select-selector {
+			border-color: var(--foreground);
+		}
+	}
+
+	&__meta {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-8);
+		margin-top: var(--margin-1);
+	}
+
+	&__meta-item {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-2);
+
+		[data-slot='badge'] {
+			padding: var(--padding-1) var(--padding-2);
+			align-items: center;
+			font-size: var(--uppercase-small-500-font-size);
+			font-weight: var(--uppercase-small-500-font-weight);
+			line-height: 100%;
+			letter-spacing: 0.44px;
+			text-transform: uppercase;
+		}
+	}
+
+	&__meta-label {
+		font-size: var(--font-size-xs);
+		font-weight: var(--font-weight-medium);
+		color: var(--foreground);
+		line-height: var(--line-height-20);
+		letter-spacing: 0.48px;
+		text-transform: uppercase;
+	}
+
+	&__footer {
+		display: flex;
+		align-items: center;
+		justify-content: space-between;
+		width: 100%;
+		height: 56px;
+		padding: 0 var(--padding-4);
+		border-top: 1px solid var(--border);
+		flex-shrink: 0;
+		background: var(--card);
+	}
+
+	&__footer-left {
+		display: flex;
+		align-items: center;
+		gap: var(--spacing-8);
+	}
+
+	&__footer-right {
+		display: flex;
+		align-items: center;
+		gap: var(--spacing-6);
+	}
+
+	&__footer-divider {
+		width: 1px;
+		height: 21px;
+		background: var(--border);
+		flex-shrink: 0;
+	}
+
+	&__footer-btn {
+		display: inline-flex;
+		align-items: center;
+		gap: var(--spacing-3);
+		padding: 0;
+		background: transparent;
+		border: none;
+		cursor: pointer;
+		font-family: Inter, sans-serif;
+		font-size: var(--label-small-400-font-size);
+		font-weight: var(--label-small-400-font-weight);
+		line-height: var(--label-small-400-line-height);
+		letter-spacing: var(--label-small-400-letter-spacing);
+		transition: opacity 0.15s ease;
+
+		&:disabled {
+			opacity: 0.5;
+			cursor: not-allowed;
+		}
+
+		&:not(:disabled):hover {
+			opacity: 0.8;
+		}
+
+		&--danger {
+			color: var(--destructive);
+		}
+
+		&--warning {
+			color: var(--accent-amber);
+		}
+	}
+}
+
+.delete-dialog {
+	background: var(--l2-background);
+	border: 1px solid var(--l2-border);
+
+	[data-slot='dialog-title'] {
+		color: var(--l1-foreground);
+	}
+
+	&__body {
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		color: var(--l2-foreground);
+		line-height: var(--paragraph-base-400-line-height);
+		letter-spacing: -0.065px;
+		margin: 0;
+
+		strong {
+			font-weight: var(--font-weight-medium);
+			color: var(--l1-foreground);
+		}
+	}
+
+	&__footer {
+		display: flex;
+		justify-content: flex-end;
+		gap: var(--spacing-4);
+		margin-top: var(--margin-6);
+	}
+}
+
+.reset-link-dialog {
+	background: var(--l2-background);
+	border: 1px solid var(--l2-border);
+
+	[data-slot='dialog-header'] {
+		border-color: var(--l2-border);
+		color: var(--l1-foreground);
+	}
+
+	[data-slot='dialog-description'] {
+		width: 510px;
+	}
+
+	&__content {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-8);
+	}
+
+	&__description {
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		color: var(--l2-foreground);
+		line-height: var(--paragraph-base-400-line-height);
+		letter-spacing: -0.065px;
+		margin: 0;
+		white-space: normal;
+		word-break: break-word;
+	}
+
+	&__link-row {
+		display: flex;
+		align-items: center;
+		height: 32px;
+		overflow: hidden;
+		background: var(--l2-background);
+		border: 1px solid var(--border);
+		border-radius: 2px;
+	}
+
+	&__link-text-wrap {
+		flex: 1;
+		min-width: 0;
+		overflow: hidden;
+	}
+
+	&__link-text {
+		display: block;
+		white-space: nowrap;
+		overflow: hidden;
+		text-overflow: ellipsis;
+		padding: 0 var(--padding-2);
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		color: var(--l2-foreground);
+		line-height: var(--line-height-18);
+		letter-spacing: -0.07px;
+	}
+
+	&__copy-btn {
+		flex-shrink: 0;
+		height: 32px;
+		border-radius: 0 2px 2px 0;
+		border-top: none;
+		border-right: none;
+		border-bottom: none;
+		border-left: 1px solid var(--border);
+		min-width: 64px;
+	}
+}

frontend/src/components/EditMemberDrawer/EditMemberDrawer.tsx

@@ -0,0 +1,510 @@
+import { useCallback, useEffect, useState } from 'react';
+import { Badge } from '@signozhq/badge';
+import { Button } from '@signozhq/button';
+import { DialogFooter, DialogWrapper } from '@signozhq/dialog';
+import { DrawerWrapper } from '@signozhq/drawer';
+import {
+	Check,
+	ChevronDown,
+	Copy,
+	Link,
+	LockKeyhole,
+	RefreshCw,
+	Trash2,
+	X,
+} from '@signozhq/icons';
+import { Input } from '@signozhq/input';
+import { toast } from '@signozhq/sonner';
+import { Select } from 'antd';
+import getResetPasswordToken from 'api/v1/factor_password/getResetPasswordToken';
+import sendInvite from 'api/v1/invite/create';
+import cancelInvite from 'api/v1/invite/id/delete';
+import deleteUser from 'api/v1/user/id/delete';
+import update from 'api/v1/user/id/update';
+import { MemberRow } from 'components/MembersTable/MembersTable';
+import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
+import ROUTES from 'constants/routes';
+import { INVITE_PREFIX, MemberStatus } from 'container/MembersSettings/utils';
+import { capitalize } from 'lodash-es';
+import { useTimezone } from 'providers/Timezone';
+import { ROLES } from 'types/roles';
+
+import './EditMemberDrawer.styles.scss';
+
+export interface EditMemberDrawerProps {
+	member: MemberRow | null;
+	open: boolean;
+	onClose: () => void;
+	onComplete: () => void;
+	onRefetch?: () => void;
+}
+
+// eslint-disable-next-line sonarjs/cognitive-complexity
+function EditMemberDrawer({
+	member,
+	open,
+	onClose,
+	onComplete,
+	onRefetch,
+}: EditMemberDrawerProps): JSX.Element {
+	const { formatTimezoneAdjustedTimestamp } = useTimezone();
+
+	const [displayName, setDisplayName] = useState('');
+	const [selectedRole, setSelectedRole] = useState<ROLES>('VIEWER');
+	const [isSaving, setIsSaving] = useState(false);
+	const [isDeleting, setIsDeleting] = useState(false);
+	const [isGeneratingLink, setIsGeneratingLink] = useState(false);
+	const [showDeleteConfirm, setShowDeleteConfirm] = useState(false);
+	const [resetLink, setResetLink] = useState<string | null>(null);
+	const [showResetLinkDialog, setShowResetLinkDialog] = useState(false);
+	const [hasCopiedResetLink, setHasCopiedResetLink] = useState(false);
+
+	const isInvited = member?.status === MemberStatus.Invited;
+	// Invited member IDs are prefixed with 'invite-'; strip it to get the real invite ID
+	const inviteId =
+		isInvited && member ? member.id.slice(INVITE_PREFIX.length) : null;
+
+	useEffect(() => {
+		if (member) {
+			setDisplayName(member.name ?? '');
+			setSelectedRole(member.role);
+		}
+	}, [member]);
+
+	const isDirty =
+		member !== null &&
+		(displayName !== member.name || selectedRole !== member.role);
+
+	const formatTimestamp = useCallback(
+		(ts: string | null | undefined): string => {
+			if (!ts) {
+				return '—';
+			}
+			const d = new Date(ts);
+			if (Number.isNaN(d.getTime())) {
+				return '—';
+			}
+			return formatTimezoneAdjustedTimestamp(ts, DATE_TIME_FORMATS.DASH_DATETIME);
+		},
+		[formatTimezoneAdjustedTimestamp],
+	);
+
+	const saveInvitedMember = useCallback(async (): Promise<void> => {
+		if (!member || !inviteId) {
+			return;
+		}
+		await cancelInvite({ id: inviteId });
+		try {
+			await sendInvite({
+				email: member.email,
+				name: displayName,
+				role: selectedRole,
+				frontendBaseUrl: window.location.origin,
+			});
+			toast.success('Invite updated successfully', { richColors: true });
+			onComplete();
+			onClose();
+		} catch {
+			onRefetch?.();
+			onClose();
+			toast.error(
+				'Failed to send the updated invite. Please re-invite this member.',
+				{ richColors: true },
+			);
+		}
+	}, [
+		member,
+		inviteId,
+		displayName,
+		selectedRole,
+		onComplete,
+		onClose,
+		onRefetch,
+	]);
+
+	const saveActiveMember = useCallback(async (): Promise<void> => {
+		if (!member) {
+			return;
+		}
+		await update({
+			userId: member.id,
+			displayName,
+			role: selectedRole,
+		});
+		toast.success('Member details updated successfully', { richColors: true });
+		onComplete();
+		onClose();
+	}, [member, displayName, selectedRole, onComplete, onClose]);
+
+	const handleSave = useCallback(async (): Promise<void> => {
+		if (!member || !isDirty) {
+			return;
+		}
+		setIsSaving(true);
+		try {
+			if (isInvited && inviteId) {
+				await saveInvitedMember();
+			} else {
+				await saveActiveMember();
+			}
+		} catch {
+			toast.error(
+				isInvited ? 'Failed to update invite' : 'Failed to update member details',
+				{ richColors: true },
+			);
+		} finally {
+			setIsSaving(false);
+		}
+	}, [
+		member,
+		isDirty,
+		isInvited,
+		inviteId,
+		saveInvitedMember,
+		saveActiveMember,
+	]);
+
+	const handleDelete = useCallback(async (): Promise<void> => {
+		if (!member) {
+			return;
+		}
+		setIsDeleting(true);
+		try {
+			if (isInvited && inviteId) {
+				await cancelInvite({ id: inviteId });
+				toast.success('Invitation cancelled successfully', { richColors: true });
+			} else {
+				await deleteUser({ userId: member.id });
+				toast.success('Member deleted successfully', { richColors: true });
+			}
+			setShowDeleteConfirm(false);
+			onComplete();
+			onClose();
+		} catch {
+			toast.error(
+				isInvited ? 'Failed to cancel invitation' : 'Failed to delete member',
+				{ richColors: true },
+			);
+		} finally {
+			setIsDeleting(false);
+		}
+	}, [member, isInvited, inviteId, onComplete, onClose]);
+
+	const handleGenerateResetLink = useCallback(async (): Promise<void> => {
+		if (!member) {
+			return;
+		}
+		setIsGeneratingLink(true);
+		try {
+			const response = await getResetPasswordToken({ userId: member.id });
+			if (response?.data?.token) {
+				const link = `${window.location.origin}/password-reset?token=${response.data.token}`;
+				setResetLink(link);
+				setHasCopiedResetLink(false);
+				setShowResetLinkDialog(true);
+				onClose();
+			} else {
+				toast.error('Failed to generate password reset link', {
+					richColors: true,
+					position: 'top-right',
+				});
+			}
+		} catch {
+			toast.error('Failed to generate password reset link', {
+				richColors: true,
+				position: 'top-right',
+			});
+		} finally {
+			setIsGeneratingLink(false);
+		}
+	}, [member, onClose]);
+
+	const handleCopyResetLink = useCallback(async (): Promise<void> => {
+		if (!resetLink) {
+			return;
+		}
+		try {
+			await navigator.clipboard.writeText(resetLink);
+			setHasCopiedResetLink(true);
+			setTimeout(() => setHasCopiedResetLink(false), 2000);
+			toast.success('Reset link copied to clipboard', { richColors: true });
+		} catch {
+			toast.error('Failed to copy link', {
+				richColors: true,
+			});
+		}
+	}, [resetLink]);
+
+	const handleCopyInviteLink = useCallback(async (): Promise<void> => {
+		if (!member?.token) {
+			toast.error('Invite link is not available', {
+				richColors: true,
+				position: 'top-right',
+			});
+			return;
+		}
+		const inviteLink = `${window.location.origin}${ROUTES.SIGN_UP}?token=${member.token}`;
+		try {
+			await navigator.clipboard.writeText(inviteLink);
+			toast.success('Invite link copied to clipboard', {
+				richColors: true,
+				position: 'top-right',
+			});
+		} catch {
+			toast.error('Failed to copy invite link', {
+				richColors: true,
+				position: 'top-right',
+			});
+		}
+	}, [member]);
+
+	const handleClose = useCallback((): void => {
+		setShowDeleteConfirm(false);
+		onClose();
+	}, [onClose]);
+
+	const joinedOnLabel = isInvited ? 'Invited On' : 'Joined On';
+
+	const drawerContent = (
+		<div className="edit-member-drawer__layout">
+			<div className="edit-member-drawer__body">
+				<div className="edit-member-drawer__field">
+					<label className="edit-member-drawer__label" htmlFor="member-name">
+						Name
+					</label>
+					<Input
+						id="member-name"
+						value={displayName}
+						onChange={(e): void => setDisplayName(e.target.value)}
+						className="edit-member-drawer__input"
+						placeholder="Enter name"
+					/>
+				</div>
+
+				<div className="edit-member-drawer__field">
+					<label className="edit-member-drawer__label" htmlFor="member-email">
+						Email Address
+					</label>
+					<div className="edit-member-drawer__input-wrapper edit-member-drawer__input-wrapper--disabled">
+						<span className="edit-member-drawer__email-text">
+							{member?.email || '—'}
+						</span>
+						<LockKeyhole size={16} className="edit-member-drawer__lock-icon" />
+					</div>
+				</div>
+
+				<div className="edit-member-drawer__field">
+					<label className="edit-member-drawer__label" htmlFor="member-role">
+						Roles
+					</label>
+					<Select
+						id="member-role"
+						value={selectedRole}
+						onChange={(role): void => setSelectedRole(role as ROLES)}
+						className="edit-member-drawer__role-select"
+						suffixIcon={<ChevronDown size={14} />}
+						getPopupContainer={(triggerNode): HTMLElement =>
+							(triggerNode?.closest('.edit-member-drawer') as HTMLElement) ||
+							document.body
+						}
+					>
+						<Select.Option value="ADMIN">{capitalize('ADMIN')}</Select.Option>
+						<Select.Option value="EDITOR">{capitalize('EDITOR')}</Select.Option>
+						<Select.Option value="VIEWER">{capitalize('VIEWER')}</Select.Option>
+					</Select>
+				</div>
+
+				<div className="edit-member-drawer__meta">
+					<div className="edit-member-drawer__meta-item">
+						<span className="edit-member-drawer__meta-label">Status</span>
+						{member?.status === MemberStatus.Active ? (
+							<Badge color="forest" variant="outline">
+								ACTIVE
+							</Badge>
+						) : (
+							<Badge color="amber" variant="outline">
+								INVITED
+							</Badge>
+						)}
+					</div>
+
+					<div className="edit-member-drawer__meta-item">
+						<span className="edit-member-drawer__meta-label">{joinedOnLabel}</span>
+						<Badge color="vanilla">{formatTimestamp(member?.joinedOn)}</Badge>
+					</div>
+					{!isInvited && (
+						<div className="edit-member-drawer__meta-item">
+							<span className="edit-member-drawer__meta-label">Last Modified</span>
+							<Badge color="vanilla">{formatTimestamp(member?.updatedAt)}</Badge>
+						</div>
+					)}
+				</div>
+			</div>
+
+			<div className="edit-member-drawer__footer">
+				<div className="edit-member-drawer__footer-left">
+					<Button
+						className="edit-member-drawer__footer-btn edit-member-drawer__footer-btn--danger"
+						onClick={(): void => setShowDeleteConfirm(true)}
+					>
+						<Trash2 size={12} />
+						{isInvited ? 'Cancel Invite' : 'Delete Member'}
+					</Button>
+
+					<div className="edit-member-drawer__footer-divider" />
+
+					{isInvited ? (
+						<Button
+							className="edit-member-drawer__footer-btn edit-member-drawer__footer-btn--warning"
+							onClick={handleCopyInviteLink}
+							disabled={!member?.token}
+						>
+							<Link size={12} />
+							Copy Invite Link
+						</Button>
+					) : (
+						<Button
+							className="edit-member-drawer__footer-btn edit-member-drawer__footer-btn--warning"
+							onClick={handleGenerateResetLink}
+							disabled={isGeneratingLink}
+						>
+							<RefreshCw size={12} />
+							{isGeneratingLink ? 'Generating...' : 'Generate Password Reset Link'}
+						</Button>
+					)}
+				</div>
+
+				<div className="edit-member-drawer__footer-right">
+					<Button variant="solid" color="secondary" size="sm" onClick={handleClose}>
+						<X size={14} />
+						Cancel
+					</Button>
+
+					<Button
+						variant="solid"
+						color="primary"
+						size="sm"
+						disabled={!isDirty || isSaving}
+						onClick={handleSave}
+					>
+						{isSaving ? 'Saving...' : 'Save Member Details'}
+					</Button>
+				</div>
+			</div>
+		</div>
+	);
+
+	const deleteDialogTitle = isInvited ? 'Cancel Invitation' : 'Delete Member';
+	const deleteDialogBody = isInvited ? (
+		<>
+			Are you sure you want to cancel the invitation for{' '}
+			<strong>{member?.email}</strong>? They will no longer be able to join the
+			workspace using this invite.
+		</>
+	) : (
+		<>
+			Are you sure you want to delete{' '}
+			<strong>{member?.name || member?.email}</strong>? This will permanently
+			remove their access to the workspace.
+		</>
+	);
+	const deleteConfirmLabel = isInvited ? 'Cancel Invite' : 'Delete Member';
+
+	return (
+		<>
+			<DrawerWrapper
+				open={open}
+				onOpenChange={(isOpen): void => {
+					if (!isOpen) {
+						handleClose();
+					}
+				}}
+				direction="right"
+				type="panel"
+				showCloseButton
+				showOverlay={false}
+				allowOutsideClick
+				header={{ title: 'Member Details' }}
+				content={drawerContent}
+				className="edit-member-drawer"
+			/>
+
+			<DialogWrapper
+				open={showResetLinkDialog}
+				onOpenChange={(isOpen): void => {
+					if (!isOpen) {
+						setShowResetLinkDialog(false);
+					}
+				}}
+				title="Password Reset Link"
+				showCloseButton
+				width="base"
+				className="reset-link-dialog"
+			>
+				<div className="reset-link-dialog__content">
+					<p className="reset-link-dialog__description">
+						This creates a one-time link the team member can use to set a new password
+						for their SigNoz account.
+					</p>
+					<div className="reset-link-dialog__link-row">
+						<div className="reset-link-dialog__link-text-wrap">
+							<span className="reset-link-dialog__link-text">{resetLink}</span>
+						</div>
+						<Button
+							variant="outlined"
+							color="secondary"
+							size="sm"
+							onClick={handleCopyResetLink}
+							prefixIcon={
+								hasCopiedResetLink ? <Check size={12} /> : <Copy size={12} />
+							}
+							className="reset-link-dialog__copy-btn"
+						>
+							{hasCopiedResetLink ? 'Copied!' : 'Copy'}
+						</Button>
+					</div>
+				</div>
+			</DialogWrapper>
+
+			<DialogWrapper
+				open={showDeleteConfirm}
+				onOpenChange={(isOpen): void => {
+					if (!isOpen) {
+						setShowDeleteConfirm(false);
+					}
+				}}
+				title={deleteDialogTitle}
+				width="narrow"
+				className="alert-dialog delete-dialog"
+				showCloseButton={false}
+				disableOutsideClick={false}
+			>
+				<p className="delete-dialog__body">{deleteDialogBody}</p>
+
+				<DialogFooter className="delete-dialog__footer">
+					<Button
+						variant="solid"
+						color="secondary"
+						size="sm"
+						onClick={(): void => setShowDeleteConfirm(false)}
+					>
+						<X size={12} />
+						Cancel
+					</Button>
+					<Button
+						variant="solid"
+						color="destructive"
+						size="sm"
+						disabled={isDeleting}
+						onClick={handleDelete}
+					>
+						<Trash2 size={12} />
+						{isDeleting ? 'Processing...' : deleteConfirmLabel}
+					</Button>
+				</DialogFooter>
+			</DialogWrapper>
+		</>
+	);
+}
+
+export default EditMemberDrawer;

frontend/src/components/EditMemberDrawer/__tests__/EditMemberDrawer.test.tsx

@@ -0,0 +1,277 @@
+import type { ReactNode } from 'react';
+import { toast } from '@signozhq/sonner';
+import getResetPasswordToken from 'api/v1/factor_password/getResetPasswordToken';
+import cancelInvite from 'api/v1/invite/id/delete';
+import deleteUser from 'api/v1/user/id/delete';
+import update from 'api/v1/user/id/update';
+import { MemberStatus } from 'container/MembersSettings/utils';
+import {
+	fireEvent,
+	render,
+	screen,
+	userEvent,
+	waitFor,
+} from 'tests/test-utils';
+import { ROLES } from 'types/roles';
+
+import EditMemberDrawer, { EditMemberDrawerProps } from '../EditMemberDrawer';
+
+jest.mock('@signozhq/drawer', () => ({
+	DrawerWrapper: ({
+		content,
+		open,
+	}: {
+		content?: ReactNode;
+		open: boolean;
+	}): JSX.Element | null => (open ? <div>{content}</div> : null),
+}));
+
+jest.mock('@signozhq/dialog', () => ({
+	DialogWrapper: ({
+		children,
+		open,
+		title,
+	}: {
+		children?: ReactNode;
+		open: boolean;
+		title?: string;
+	}): JSX.Element | null =>
+		open ? (
+			<div role="dialog" aria-label={title}>
+				{children}
+			</div>
+		) : null,
+	DialogFooter: ({ children }: { children?: ReactNode }): JSX.Element => (
+		<div>{children}</div>
+	),
+}));
+
+jest.mock('api/v1/user/id/update');
+jest.mock('api/v1/user/id/delete');
+jest.mock('api/v1/invite/id/delete');
+jest.mock('api/v1/invite/create');
+jest.mock('api/v1/factor_password/getResetPasswordToken');
+jest.mock('@signozhq/sonner', () => ({
+	toast: {
+		success: jest.fn(),
+		error: jest.fn(),
+	},
+}));
+
+const mockUpdate = jest.mocked(update);
+const mockDeleteUser = jest.mocked(deleteUser);
+const mockCancelInvite = jest.mocked(cancelInvite);
+const mockGetResetPasswordToken = jest.mocked(getResetPasswordToken);
+
+const activeMember = {
+	id: 'user-1',
+	name: 'Alice Smith',
+	email: 'alice@signoz.io',
+	role: 'ADMIN' as ROLES,
+	status: MemberStatus.Active,
+	joinedOn: '1700000000000',
+	updatedAt: '1710000000000',
+};
+
+const invitedMember = {
+	id: 'invite-abc123',
+	name: '',
+	email: 'bob@signoz.io',
+	role: 'VIEWER' as ROLES,
+	status: MemberStatus.Invited,
+	joinedOn: '1700000000000',
+	token: 'tok-xyz',
+};
+
+function renderDrawer(
+	props: Partial<EditMemberDrawerProps> = {},
+): ReturnType<typeof render> {
+	return render(
+		<EditMemberDrawer
+			member={activeMember}
+			open
+			onClose={jest.fn()}
+			onComplete={jest.fn()}
+			{...props}
+		/>,
+	);
+}
+
+describe('EditMemberDrawer', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		mockUpdate.mockResolvedValue({ httpStatusCode: 200, data: null });
+		mockDeleteUser.mockResolvedValue({ httpStatusCode: 200, data: null });
+		mockCancelInvite.mockResolvedValue({ httpStatusCode: 200, data: null });
+	});
+
+	it('renders active member details and disables Save when form is not dirty', () => {
+		renderDrawer();
+
+		expect(screen.getByDisplayValue('Alice Smith')).toBeInTheDocument();
+		expect(screen.getByText('alice@signoz.io')).toBeInTheDocument();
+		expect(screen.getByText('ACTIVE')).toBeInTheDocument();
+		expect(
+			screen.getByRole('button', { name: /save member details/i }),
+		).toBeDisabled();
+	});
+
+	it('enables Save after editing name and calls update API on confirm', async () => {
+		const onComplete = jest.fn();
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		renderDrawer({ onComplete });
+
+		const nameInput = screen.getByDisplayValue('Alice Smith');
+		await user.clear(nameInput);
+		await user.type(nameInput, 'Alice Updated');
+
+		const saveBtn = screen.getByRole('button', { name: /save member details/i });
+		await waitFor(() => expect(saveBtn).not.toBeDisabled());
+
+		await user.click(saveBtn);
+
+		await waitFor(() => {
+			expect(mockUpdate).toHaveBeenCalledWith(
+				expect.objectContaining({
+					userId: 'user-1',
+					displayName: 'Alice Updated',
+				}),
+			);
+			expect(onComplete).toHaveBeenCalled();
+		});
+	});
+
+	it('shows delete confirm dialog and calls deleteUser for active members', async () => {
+		const onComplete = jest.fn();
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		renderDrawer({ onComplete });
+
+		await user.click(screen.getByRole('button', { name: /delete member/i }));
+
+		expect(
+			await screen.findByText(/are you sure you want to delete/i),
+		).toBeInTheDocument();
+
+		const confirmBtns = screen.getAllByRole('button', { name: /delete member/i });
+		await user.click(confirmBtns[confirmBtns.length - 1]);
+
+		await waitFor(() => {
+			expect(mockDeleteUser).toHaveBeenCalledWith({ userId: 'user-1' });
+			expect(onComplete).toHaveBeenCalled();
+		});
+	});
+
+	it('shows Cancel Invite and Copy Invite Link for invited members; hides Last Modified', () => {
+		renderDrawer({ member: invitedMember });
+
+		expect(
+			screen.getByRole('button', { name: /cancel invite/i }),
+		).toBeInTheDocument();
+		expect(
+			screen.getByRole('button', { name: /copy invite link/i }),
+		).toBeInTheDocument();
+		expect(screen.getByText('Invited On')).toBeInTheDocument();
+		expect(screen.queryByText('Last Modified')).not.toBeInTheDocument();
+	});
+
+	it('calls cancelInvite after confirming Cancel Invite for invited members', async () => {
+		const onComplete = jest.fn();
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		renderDrawer({ member: invitedMember, onComplete });
+
+		await user.click(screen.getByRole('button', { name: /cancel invite/i }));
+
+		expect(
+			await screen.findByText(/are you sure you want to cancel the invitation/i),
+		).toBeInTheDocument();
+
+		const confirmBtns = screen.getAllByRole('button', { name: /cancel invite/i });
+		await user.click(confirmBtns[confirmBtns.length - 1]);
+
+		await waitFor(() => {
+			expect(mockCancelInvite).toHaveBeenCalledWith({ id: 'abc123' });
+			expect(onComplete).toHaveBeenCalled();
+		});
+	});
+
+	describe('Generate Password Reset Link', () => {
+		const mockWriteText = jest.fn().mockResolvedValue(undefined);
+		let clipboardSpy: jest.SpyInstance | undefined;
+
+		beforeAll(() => {
+			Object.defineProperty(navigator, 'clipboard', {
+				value: { writeText: (): Promise<void> => Promise.resolve() },
+				configurable: true,
+				writable: true,
+			});
+		});
+
+		beforeEach(() => {
+			mockWriteText.mockClear();
+			clipboardSpy = jest
+				.spyOn(navigator.clipboard, 'writeText')
+				.mockImplementation(mockWriteText);
+			mockGetResetPasswordToken.mockResolvedValue({
+				httpStatusCode: 200,
+				data: { token: 'reset-tok-abc', userId: 'user-1' },
+			});
+		});
+
+		afterEach(() => {
+			clipboardSpy?.mockRestore();
+		});
+
+		it('calls getResetPasswordToken and opens the reset link dialog with the generated link', async () => {
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+			renderDrawer();
+
+			await user.click(
+				screen.getByRole('button', { name: /generate password reset link/i }),
+			);
+
+			const dialog = await screen.findByRole('dialog', {
+				name: /password reset link/i,
+			});
+			expect(mockGetResetPasswordToken).toHaveBeenCalledWith({
+				userId: 'user-1',
+			});
+			expect(dialog).toBeInTheDocument();
+			expect(dialog).toHaveTextContent('reset-tok-abc');
+		});
+
+		it('copies the link to clipboard and shows "Copied!" on the button', async () => {
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+			const mockToast = jest.mocked(toast);
+
+			renderDrawer();
+
+			await user.click(
+				screen.getByRole('button', { name: /generate password reset link/i }),
+			);
+
+			const dialog = await screen.findByRole('dialog', {
+				name: /password reset link/i,
+			});
+			expect(dialog).toHaveTextContent('reset-tok-abc');
+
+			fireEvent.click(screen.getByRole('button', { name: /^copy$/i }));
+
+			// Verify success path: writeText called with the correct link
+			await waitFor(() => {
+				expect(mockToast.success).toHaveBeenCalledWith(
+					'Reset link copied to clipboard',
+					expect.anything(),
+				);
+			});
+
+			expect(mockWriteText).toHaveBeenCalledWith(
+				expect.stringContaining('reset-tok-abc'),
+			);
+			expect(screen.getByRole('button', { name: /copied!/i })).toBeInTheDocument();
+		});
+	});
+});

frontend/src/components/InviteMembersModal/InviteMembersModal.styles.scss

@@ -0,0 +1,264 @@
+.invite-members-modal {
+	max-width: 700px;
+	background: var(--popover);
+	border: 1px solid var(--secondary);
+	border-radius: 4px;
+	box-shadow: 0 4px 9px 0 rgba(0, 0, 0, 0.04);
+
+	[data-slot='dialog-header'] {
+		padding: var(--padding-4);
+		border-bottom: 1px solid var(--secondary);
+		flex-shrink: 0;
+		background: transparent;
+		margin: 0;
+	}
+
+	[data-slot='dialog-title'] {
+		font-family: Inter, sans-serif;
+		font-size: var(--label-base-400-font-size);
+		font-weight: var(--label-base-400-font-weight);
+		line-height: var(--label-base-400-line-height);
+		letter-spacing: -0.065px;
+		color: var(--bg-base-white);
+		margin: 0;
+	}
+
+	[data-slot='dialog-description'] {
+		padding: 0;
+
+		.invite-members-modal__content {
+			display: flex;
+			flex-direction: column;
+			gap: var(--spacing-8);
+			padding: var(--padding-4);
+		}
+	}
+}
+
+.invite-members-modal__table {
+	display: flex;
+	flex-direction: column;
+	gap: var(--spacing-4);
+	width: 100%;
+}
+
+.invite-members-modal__table-header {
+	display: flex;
+	align-items: center;
+	gap: var(--spacing-8);
+	width: 100%;
+
+	.email-header {
+		flex: 0 0 240px;
+	}
+
+	.role-header {
+		flex: 1 0 0;
+		min-width: 0;
+	}
+
+	.action-header {
+		flex: 0 0 32px;
+	}
+
+	.table-header-cell {
+		font-family: Inter, sans-serif;
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		line-height: var(--paragraph-base-400-line-height);
+		letter-spacing: -0.07px;
+		color: var(--foreground);
+	}
+}
+
+.invite-members-modal__container {
+	display: flex;
+	flex-direction: column;
+	gap: var(--spacing-8);
+	width: 100%;
+}
+
+.team-member-row {
+	display: flex;
+	align-items: flex-start;
+	gap: var(--spacing-8);
+	width: 100%;
+
+	> .email-cell {
+		flex: 0 0 240px;
+	}
+
+	> .role-cell {
+		flex: 1 0 0;
+		min-width: 0;
+	}
+
+	> .action-cell {
+		flex: 0 0 32px;
+	}
+}
+
+.team-member-cell {
+	display: flex;
+	flex-direction: column;
+	gap: var(--spacing-2);
+
+	&.action-cell {
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		height: 32px;
+	}
+}
+
+.team-member-email-input {
+	width: 100%;
+	height: 32px;
+	color: var(--l1-foreground);
+	background-color: var(--l2-background);
+	border-color: var(--border);
+	font-size: var(--paragraph-base-400-font-size);
+
+	&::placeholder {
+		color: var(--l3-foreground);
+	}
+
+	&:focus {
+		border-color: var(--primary);
+		box-shadow: none;
+	}
+}
+.team-member-role-select {
+	width: 100%;
+
+	.ant-select-selector {
+		height: 32px;
+		border-radius: 2px;
+		background-color: var(--l2-background) !important;
+		border: 1px solid var(--border) !important;
+		padding: 0 var(--padding-2) !important;
+
+		.ant-select-selection-placeholder {
+			color: var(--l3-foreground);
+			opacity: 0.4;
+			font-size: var(--paragraph-base-400-font-size);
+			letter-spacing: -0.07px;
+			line-height: 32px;
+		}
+
+		.ant-select-selection-item {
+			font-size: var(--paragraph-base-400-font-size);
+			letter-spacing: -0.07px;
+			color: var(--bg-base-white);
+			line-height: 32px;
+		}
+	}
+
+	.ant-select-arrow {
+		color: var(--foreground);
+	}
+
+	&.ant-select-focused .ant-select-selector,
+	&:not(.ant-select-disabled):hover .ant-select-selector {
+		border-color: var(--primary);
+	}
+}
+
+.remove-team-member-button {
+	display: flex;
+	align-items: center;
+	justify-content: center;
+	width: 32px;
+	height: 32px;
+	min-width: 32px;
+	border: none;
+	border-radius: 2px;
+	background: transparent;
+	color: var(--destructive);
+	opacity: 0.6;
+	padding: 0;
+	transition: background-color 0.2s, opacity 0.2s;
+	box-shadow: none;
+
+	&:hover {
+		background: rgba(229, 72, 77, 0.1);
+		opacity: 0.9;
+	}
+}
+
+.email-error-message {
+	display: block;
+	font-family: Inter, sans-serif;
+	font-size: var(--font-size-xs);
+	font-weight: var(--font-weight-normal);
+	line-height: var(--line-height-18);
+	color: var(--destructive);
+}
+
+.invite-team-members-error-callout {
+	background: rgba(229, 72, 77, 0.1);
+	border: 1px solid rgba(229, 72, 77, 0.2);
+	border-radius: 4px;
+	animation: horizontal-shaking 300ms ease-out;
+}
+
+@keyframes horizontal-shaking {
+	0% {
+		transform: translateX(0);
+	}
+	25% {
+		transform: translateX(5px);
+	}
+	50% {
+		transform: translateX(-5px);
+	}
+	75% {
+		transform: translateX(5px);
+	}
+	100% {
+		transform: translateX(0);
+	}
+}
+
+.invite-members-modal__footer {
+	display: flex;
+	flex-direction: row;
+	align-items: center;
+	justify-content: space-between;
+	padding: 0 var(--padding-4);
+	height: 56px;
+	min-height: 56px;
+	border-top: 1px solid var(--secondary);
+	gap: 0;
+	flex-shrink: 0;
+}
+
+.invite-members-modal__footer-right {
+	display: flex;
+	align-items: center;
+	gap: var(--spacing-6);
+}
+
+.add-another-member-button {
+	&:hover {
+		border-color: var(--primary);
+		border-style: dashed;
+		color: var(--l1-foreground);
+	}
+}
+
+.lightMode {
+	.invite-members-modal {
+		[data-slot='dialog-title'] {
+			color: var(--bg-base-black);
+		}
+	}
+
+	.team-member-role-select {
+		.ant-select-selector {
+			.ant-select-selection-item {
+				color: var(--bg-base-black);
+			}
+		}
+	}
+}

frontend/src/components/InviteMembersModal/InviteMembersModal.tsx

@@ -0,0 +1,349 @@
+import { useCallback, useEffect, useMemo, useState } from 'react';
+import { Button } from '@signozhq/button';
+import { Callout } from '@signozhq/callout';
+import { Style } from '@signozhq/design-tokens';
+import { DialogFooter, DialogWrapper } from '@signozhq/dialog';
+import { ChevronDown, CircleAlert, Plus, Trash2, X } from '@signozhq/icons';
+import { Input } from '@signozhq/input';
+import { toast } from '@signozhq/sonner';
+import { Select } from 'antd';
+import inviteUsers from 'api/v1/invite/bulk/create';
+import sendInvite from 'api/v1/invite/create';
+import { cloneDeep, debounce } from 'lodash-es';
+import APIError from 'types/api/error';
+import { ROLES } from 'types/roles';
+import { EMAIL_REGEX } from 'utils/app';
+import { v4 as uuid } from 'uuid';
+
+import './InviteMembersModal.styles.scss';
+
+interface InviteRow {
+	id: string;
+	email: string;
+	role: ROLES | '';
+}
+
+export interface InviteMembersModalProps {
+	open: boolean;
+	onClose: () => void;
+	onComplete?: () => void;
+}
+
+const EMPTY_ROW = (): InviteRow => ({ id: uuid(), email: '', role: '' });
+
+const isRowTouched = (row: InviteRow): boolean =>
+	row.email.trim() !== '' || Boolean(row.role && row.role.trim() !== '');
+
+function InviteMembersModal({
+	open,
+	onClose,
+	onComplete,
+}: InviteMembersModalProps): JSX.Element {
+	const [rows, setRows] = useState<InviteRow[]>(() => [
+		EMPTY_ROW(),
+		EMPTY_ROW(),
+		EMPTY_ROW(),
+	]);
+	const [isSubmitting, setIsSubmitting] = useState(false);
+	const [emailValidity, setEmailValidity] = useState<Record<string, boolean>>(
+		{},
+	);
+	const [hasInvalidEmails, setHasInvalidEmails] = useState<boolean>(false);
+	const [hasInvalidRoles, setHasInvalidRoles] = useState<boolean>(false);
+
+	const resetAndClose = useCallback((): void => {
+		setRows([EMPTY_ROW(), EMPTY_ROW(), EMPTY_ROW()]);
+		setEmailValidity({});
+		setHasInvalidEmails(false);
+		setHasInvalidRoles(false);
+		onClose();
+	}, [onClose]);
+
+	useEffect(() => {
+		if (open) {
+			setRows([EMPTY_ROW(), EMPTY_ROW(), EMPTY_ROW()]);
+		}
+	}, [open]);
+
+	const getValidationErrorMessage = (): string => {
+		if (hasInvalidEmails && hasInvalidRoles) {
+			return 'Please enter valid emails and select roles for team members';
+		}
+		if (hasInvalidEmails) {
+			return 'Please enter valid emails for team members';
+		}
+		return 'Please select roles for team members';
+	};
+
+	const validateAllUsers = useCallback((): boolean => {
+		let isValid = true;
+		let hasEmailErrors = false;
+		let hasRoleErrors = false;
+
+		const updatedEmailValidity: Record<string, boolean> = {};
+
+		const touchedRows = rows.filter(isRowTouched);
+
+		touchedRows.forEach((row) => {
+			const emailValid = EMAIL_REGEX.test(row.email);
+			const roleValid = Boolean(row.role && row.role.trim() !== '');
+
+			if (!emailValid || !row.email) {
+				isValid = false;
+				hasEmailErrors = true;
+			}
+			if (!roleValid) {
+				isValid = false;
+				hasRoleErrors = true;
+			}
+
+			if (row.id) {
+				updatedEmailValidity[row.id] = emailValid;
+			}
+		});
+
+		setEmailValidity(updatedEmailValidity);
+		setHasInvalidEmails(hasEmailErrors);
+		setHasInvalidRoles(hasRoleErrors);
+
+		return isValid;
+	}, [rows]);
+
+	const debouncedValidateEmail = useMemo(
+		() =>
+			debounce((email: string, rowId: string) => {
+				const isValid = EMAIL_REGEX.test(email);
+				setEmailValidity((prev) => ({ ...prev, [rowId]: isValid }));
+			}, 500),
+		[],
+	);
+
+	useEffect(() => {
+		if (!open) {
+			debouncedValidateEmail.cancel();
+		}
+		return (): void => {
+			debouncedValidateEmail.cancel();
+		};
+	}, [open, debouncedValidateEmail]);
+
+	const updateEmail = (id: string, email: string): void => {
+		const updatedRows = cloneDeep(rows);
+		const rowToUpdate = updatedRows.find((r) => r.id === id);
+		if (rowToUpdate) {
+			rowToUpdate.email = email;
+			setRows(updatedRows);
+
+			if (hasInvalidEmails) {
+				setHasInvalidEmails(false);
+			}
+			if (emailValidity[id] === false) {
+				setEmailValidity((prev) => ({ ...prev, [id]: true }));
+			}
+
+			debouncedValidateEmail(email, id);
+		}
+	};
+
+	const updateRole = (id: string, role: ROLES): void => {
+		const updatedRows = cloneDeep(rows);
+		const rowToUpdate = updatedRows.find((r) => r.id === id);
+		if (rowToUpdate) {
+			rowToUpdate.role = role;
+			setRows(updatedRows);
+
+			if (hasInvalidRoles) {
+				setHasInvalidRoles(false);
+			}
+		}
+	};
+
+	const addRow = (): void => {
+		setRows((prev) => [...prev, EMPTY_ROW()]);
+	};
+
+	const removeRow = (id: string): void => {
+		setRows((prev) => prev.filter((r) => r.id !== id));
+	};
+
+	const handleSubmit = useCallback(async (): Promise<void> => {
+		if (!validateAllUsers()) {
+			return;
+		}
+
+		const touchedRows = rows.filter(isRowTouched);
+		if (touchedRows.length === 0) {
+			return;
+		}
+
+		setIsSubmitting(true);
+		try {
+			if (touchedRows.length === 1) {
+				const row = touchedRows[0];
+				await sendInvite({
+					email: row.email.trim(),
+					name: '',
+					role: row.role as ROLES,
+					frontendBaseUrl: window.location.origin,
+				});
+			} else {
+				await inviteUsers({
+					invites: touchedRows.map((row) => ({
+						email: row.email.trim(),
+						name: '',
+						role: row.role,
+						frontendBaseUrl: window.location.origin,
+					})),
+				});
+			}
+			toast.success('Invites sent successfully', { richColors: true });
+			resetAndClose();
+			onComplete?.();
+		} catch (err) {
+			const apiErr = err as APIError;
+			if (apiErr?.getHttpStatusCode() === 409) {
+				toast.error(
+					touchedRows.length === 1
+						? `${touchedRows[0].email} is already a member`
+						: 'Invite for one or more users already exists',
+					{ richColors: true },
+				);
+			} else {
+				const errorMessage = apiErr?.getErrorMessage?.() ?? 'An error occurred';
+				toast.error(`Failed to send invites: ${errorMessage}`, {
+					richColors: true,
+				});
+			}
+		} finally {
+			setIsSubmitting(false);
+		}
+	}, [rows, onComplete, resetAndClose, validateAllUsers]);
+
+	const touchedRows = rows.filter(isRowTouched);
+	const isSubmitDisabled = isSubmitting || touchedRows.length === 0;
+
+	return (
+		<DialogWrapper
+			title="Invite Team Members"
+			open={open}
+			onOpenChange={(isOpen): void => {
+				if (!isOpen) {
+					resetAndClose();
+				}
+			}}
+			showCloseButton
+			width="wide"
+			className="invite-members-modal"
+			disableOutsideClick={false}
+		>
+			<div className="invite-members-modal__content">
+				<div className="invite-members-modal__table">
+					<div className="invite-members-modal__table-header">
+						<div className="table-header-cell email-header">Email address</div>
+						<div className="table-header-cell role-header">Roles</div>
+						<div className="table-header-cell action-header" />
+					</div>
+					<div className="invite-members-modal__container">
+						{rows.map(
+							(row): JSX.Element => (
+								<div key={row.id} className="team-member-row">
+									<div className="team-member-cell email-cell">
+										<Input
+											type="email"
+											placeholder="john@signoz.io"
+											value={row.email}
+											onChange={(e): void => updateEmail(row.id, e.target.value)}
+											className="team-member-email-input"
+										/>
+										{emailValidity[row.id] === false && row.email.trim() !== '' && (
+											<span className="email-error-message">Invalid email address</span>
+										)}
+									</div>
+									<div className="team-member-cell role-cell">
+										<Select
+											value={row.role || undefined}
+											onChange={(role): void => updateRole(row.id, role as ROLES)}
+											className="team-member-role-select"
+											placeholder="Select roles"
+											suffixIcon={<ChevronDown size={14} />}
+											getPopupContainer={(triggerNode): HTMLElement =>
+												(triggerNode?.closest('.invite-members-modal') as HTMLElement) ||
+												document.body
+											}
+										>
+											<Select.Option value="VIEWER">Viewer</Select.Option>
+											<Select.Option value="EDITOR">Editor</Select.Option>
+											<Select.Option value="ADMIN">Admin</Select.Option>
+										</Select>
+									</div>
+									<div className="team-member-cell action-cell">
+										{rows.length > 1 && (
+											<Button
+												variant="ghost"
+												color="destructive"
+												className="remove-team-member-button"
+												onClick={(): void => removeRow(row.id)}
+												aria-label="Remove row"
+											>
+												<Trash2 size={12} />
+											</Button>
+										)}
+									</div>
+								</div>
+							),
+						)}
+					</div>
+				</div>
+
+				{(hasInvalidEmails || hasInvalidRoles) && (
+					<Callout
+						type="error"
+						size="small"
+						showIcon
+						icon={<CircleAlert size={12} />}
+						className="invite-team-members-error-callout"
+						description={getValidationErrorMessage()}
+					/>
+				)}
+			</div>
+
+			<DialogFooter className="invite-members-modal__footer">
+				<Button
+					variant="dashed"
+					color="secondary"
+					size="sm"
+					className="add-another-member-button"
+					prefixIcon={<Plus size={12} color={Style.L1_FOREGROUND} />}
+					onClick={addRow}
+				>
+					Add another
+				</Button>
+
+				<div className="invite-members-modal__footer-right">
+					<Button
+						type="button"
+						variant="solid"
+						color="secondary"
+						size="sm"
+						onClick={resetAndClose}
+					>
+						<X size={12} />
+						Cancel
+					</Button>
+
+					<Button
+						variant="solid"
+						color="primary"
+						size="sm"
+						onClick={handleSubmit}
+						disabled={isSubmitDisabled}
+					>
+						{isSubmitting ? 'Inviting...' : 'Invite Team Members'}
+					</Button>
+				</div>
+			</DialogFooter>
+		</DialogWrapper>
+	);
+}
+
+export default InviteMembersModal;

frontend/src/components/InviteMembersModal/__tests__/InviteMembersModal.test.tsx

@@ -0,0 +1,177 @@
+import inviteUsers from 'api/v1/invite/bulk/create';
+import sendInvite from 'api/v1/invite/create';
+import { render, screen, userEvent, waitFor } from 'tests/test-utils';
+
+import InviteMembersModal from '../InviteMembersModal';
+
+jest.mock('api/v1/invite/create');
+jest.mock('api/v1/invite/bulk/create');
+jest.mock('@signozhq/sonner', () => ({
+	toast: {
+		success: jest.fn(),
+		error: jest.fn(),
+	},
+}));
+
+const mockSendInvite = jest.mocked(sendInvite);
+const mockInviteUsers = jest.mocked(inviteUsers);
+
+const defaultProps = {
+	open: true,
+	onClose: jest.fn(),
+	onComplete: jest.fn(),
+};
+
+describe('InviteMembersModal', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		mockSendInvite.mockResolvedValue({
+			httpStatusCode: 200,
+			data: { data: 'test', status: 'success' },
+		});
+		mockInviteUsers.mockResolvedValue({ httpStatusCode: 200, data: null });
+	});
+
+	it('renders 3 initial empty rows and disables the submit button', () => {
+		render(<InviteMembersModal {...defaultProps} />);
+
+		const emailInputs = screen.getAllByPlaceholderText('john@signoz.io');
+		expect(emailInputs).toHaveLength(3);
+
+		expect(
+			screen.getByRole('button', { name: /invite team members/i }),
+		).toBeDisabled();
+	});
+
+	it('adds a row when "Add another" is clicked and removes a row via trash button', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(<InviteMembersModal {...defaultProps} />);
+
+		await user.click(screen.getByRole('button', { name: /add another/i }));
+		expect(screen.getAllByPlaceholderText('john@signoz.io')).toHaveLength(4);
+
+		const removeButtons = screen.getAllByRole('button', { name: /remove row/i });
+		await user.click(removeButtons[0]);
+		expect(screen.getAllByPlaceholderText('john@signoz.io')).toHaveLength(3);
+	});
+
+	describe('validation callout messages', () => {
+		it('shows combined message when email is invalid and role is missing', async () => {
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+			render(<InviteMembersModal {...defaultProps} />);
+
+			await user.type(
+				screen.getAllByPlaceholderText('john@signoz.io')[0],
+				'not-an-email',
+			);
+			await user.click(
+				screen.getByRole('button', { name: /invite team members/i }),
+			);
+
+			expect(
+				await screen.findByText(
+					'Please enter valid emails and select roles for team members',
+				),
+			).toBeInTheDocument();
+		});
+
+		it('shows email-only message when email is invalid but role is selected', async () => {
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+			render(<InviteMembersModal {...defaultProps} />);
+
+			const emailInputs = screen.getAllByPlaceholderText('john@signoz.io');
+			await user.type(emailInputs[0], 'not-an-email');
+
+			await user.click(screen.getAllByText('Select roles')[0]);
+			await user.click(await screen.findByText('Viewer'));
+
+			await user.click(
+				screen.getByRole('button', { name: /invite team members/i }),
+			);
+
+			expect(
+				await screen.findByText('Please enter valid emails for team members'),
+			).toBeInTheDocument();
+		});
+
+		it('shows role-only message when email is valid but role is missing', async () => {
+			const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+			render(<InviteMembersModal {...defaultProps} />);
+
+			await user.type(
+				screen.getAllByPlaceholderText('john@signoz.io')[0],
+				'valid@signoz.io',
+			);
+			await user.click(
+				screen.getByRole('button', { name: /invite team members/i }),
+			);
+
+			expect(
+				await screen.findByText('Please select roles for team members'),
+			).toBeInTheDocument();
+		});
+	});
+
+	it('uses sendInvite (single) when only one row is filled', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const onComplete = jest.fn();
+
+		render(<InviteMembersModal {...defaultProps} onComplete={onComplete} />);
+
+		const emailInputs = screen.getAllByPlaceholderText('john@signoz.io');
+		await user.type(emailInputs[0], 'single@signoz.io');
+
+		const roleSelects = screen.getAllByText('Select roles');
+		await user.click(roleSelects[0]);
+		await user.click(await screen.findByText('Viewer'));
+
+		await user.click(
+			screen.getByRole('button', { name: /invite team members/i }),
+		);
+
+		await waitFor(() => {
+			expect(mockSendInvite).toHaveBeenCalledWith(
+				expect.objectContaining({ email: 'single@signoz.io', role: 'VIEWER' }),
+			);
+			expect(mockInviteUsers).not.toHaveBeenCalled();
+			expect(onComplete).toHaveBeenCalled();
+		});
+	});
+
+	it('uses inviteUsers (bulk) when multiple rows are filled', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const onComplete = jest.fn();
+
+		render(<InviteMembersModal {...defaultProps} onComplete={onComplete} />);
+
+		const emailInputs = screen.getAllByPlaceholderText('john@signoz.io');
+
+		await user.type(emailInputs[0], 'alice@signoz.io');
+		await user.click(screen.getAllByText('Select roles')[0]);
+		await user.click(await screen.findByText('Viewer'));
+
+		await user.type(emailInputs[1], 'bob@signoz.io');
+		await user.click(screen.getAllByText('Select roles')[0]);
+		const editorOptions = await screen.findAllByText('Editor');
+		await user.click(editorOptions[editorOptions.length - 1]);
+
+		await user.click(
+			screen.getByRole('button', { name: /invite team members/i }),
+		);
+
+		await waitFor(() => {
+			expect(mockInviteUsers).toHaveBeenCalledWith({
+				invites: expect.arrayContaining([
+					expect.objectContaining({ email: 'alice@signoz.io', role: 'VIEWER' }),
+					expect.objectContaining({ email: 'bob@signoz.io', role: 'EDITOR' }),
+				]),
+			});
+			expect(mockSendInvite).not.toHaveBeenCalled();
+			expect(onComplete).toHaveBeenCalled();
+		});
+	});
+});

frontend/src/components/MembersTable/MembersTable.styles.scss

@@ -0,0 +1,216 @@
+.members-table-wrapper {
+	display: flex;
+	flex-direction: column;
+	flex: 1;
+	min-height: 0;
+	overflow: hidden;
+	border-radius: 4px;
+}
+
+.members-table {
+	.ant-table {
+		background: transparent;
+		font-size: 13px;
+	}
+
+	.ant-table-container {
+		border-radius: 0 !important;
+		border: none !important;
+	}
+
+	.ant-table-thead {
+		> tr > th,
+		> tr > td {
+			background: var(--background);
+			font-size: var(--paragraph-small-600-font-size);
+			font-weight: var(--paragraph-small-600-font-weight);
+			line-height: var(--paragraph-small-600-line-height);
+			letter-spacing: 0.44px;
+			text-transform: uppercase;
+			color: var(--foreground);
+			padding: var(--padding-2) var(--padding-4);
+			border-bottom: none !important;
+			border-top: none !important;
+
+			&::before {
+				display: none !important;
+			}
+
+			.ant-table-column-sorters {
+				display: inline-flex;
+				align-items: center;
+				gap: var(--spacing-1);
+				width: auto;
+			}
+
+			.ant-table-column-title {
+				flex: unset;
+			}
+
+			.ant-table-column-sorter {
+				color: var(--foreground);
+				opacity: 0.6;
+			}
+
+			.ant-table-column-sorter-up.active,
+			.ant-table-column-sorter-down.active {
+				color: var(--bg-base-white);
+				opacity: 1;
+			}
+		}
+	}
+
+	.ant-table-tbody {
+		> tr > td {
+			border-bottom: none !important;
+			padding: var(--padding-2) var(--padding-4);
+			background: transparent;
+			transition: none;
+		}
+
+		> tr.members-table-row--tinted > td {
+			background: rgba(171, 189, 255, 0.02);
+		}
+		> tr:hover > td {
+			background: rgba(171, 189, 255, 0.04) !important;
+		}
+	}
+
+	.ant-table-wrapper,
+	.ant-table-container,
+	.ant-spin-nested-loading,
+	.ant-spin-container {
+		border: none !important;
+		box-shadow: none !important;
+	}
+
+	.member-status-cell {
+		[data-slot='badge'] {
+			padding: var(--padding-1) var(--padding-2);
+			align-items: center;
+			font-size: var(--uppercase-small-500-font-size);
+			font-weight: var(--uppercase-small-500-font-weight);
+			line-height: 100%;
+			letter-spacing: 0.44px;
+			text-transform: uppercase;
+		}
+	}
+}
+.member-name-email-cell {
+	display: flex;
+	align-items: center;
+	gap: var(--spacing-2);
+	height: 22px;
+	overflow: hidden;
+
+	.member-name {
+		font-size: var(--paragraph-base-500-font-size);
+		font-weight: var(--paragraph-base-500-font-weight);
+		color: var(--foreground);
+		line-height: var(--paragraph-base-500-line-height);
+		letter-spacing: -0.07px;
+		white-space: nowrap;
+		flex-shrink: 0;
+	}
+
+	.member-email {
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		color: var(--l3-foreground-hover);
+		line-height: var(--paragraph-base-400-line-height);
+		letter-spacing: -0.07px;
+		flex: 1 0 0;
+		min-width: 0;
+		overflow: hidden;
+		text-overflow: ellipsis;
+		white-space: nowrap;
+	}
+}
+
+.member-joined-date {
+	font-size: var(--paragraph-base-400-font-size);
+	font-weight: var(--paragraph-base-400-font-weight);
+	color: var(--foreground);
+	line-height: var(--line-height-18);
+	letter-spacing: -0.07px;
+	white-space: nowrap;
+}
+
+.member-joined-dash {
+	font-size: var(--paragraph-base-400-font-size);
+	color: var(--l3-foreground-hover);
+	line-height: var(--line-height-18);
+	letter-spacing: -0.07px;
+}
+
+.members-empty-state {
+	display: flex;
+	flex-direction: column;
+	align-items: center;
+	justify-content: center;
+	padding: var(--padding-12) var(--padding-4);
+	gap: var(--spacing-4);
+	color: var(--foreground);
+
+	&__emoji {
+		font-size: var(--font-size-2xl);
+		line-height: 1;
+	}
+
+	&__text {
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		color: var(--foreground);
+		margin: 0;
+		line-height: var(--paragraph-base-400-font-height);
+
+		strong {
+			font-weight: var(--font-weight-medium);
+			color: var(--bg-base-white);
+		}
+	}
+}
+
+.members-table-pagination {
+	display: flex;
+	align-items: center;
+	justify-content: flex-end;
+	padding: var(--padding-2) var(--padding-4);
+
+	.ant-pagination-total-text {
+		margin-right: auto;
+	}
+
+	.members-pagination-range {
+		font-size: var(--font-size-xs);
+		color: var(--foreground);
+	}
+
+	.members-pagination-total {
+		font-size: var(--font-size-xs);
+		color: var(--foreground);
+		opacity: 0.5;
+	}
+}
+
+.lightMode {
+	.members-table {
+		.ant-table-tbody {
+			> tr.members-table-row--tinted > td {
+				background: rgba(0, 0, 0, 0.015);
+			}
+
+			> tr:hover > td {
+				background: rgba(0, 0, 0, 0.03) !important;
+			}
+		}
+	}
+
+	.members-empty-state {
+		&__text {
+			strong {
+				color: var(--bg-base-black);
+			}
+		}
+	}
+}

frontend/src/components/MembersTable/MembersTable.tsx

@@ -0,0 +1,238 @@
+import type React from 'react';
+import { Badge } from '@signozhq/badge';
+import { Pagination, Table, Tooltip } from 'antd';
+import type { ColumnsType, SorterResult } from 'antd/es/table/interface';
+import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
+import { MemberStatus } from 'container/MembersSettings/utils';
+import { capitalize } from 'lodash-es';
+import { useTimezone } from 'providers/Timezone';
+import { ROLES } from 'types/roles';
+
+import './MembersTable.styles.scss';
+
+export interface MemberRow {
+	id: string;
+	name?: string;
+	email: string;
+	role: ROLES;
+	status: MemberStatus;
+	joinedOn: string | null;
+	updatedAt?: string | null;
+	token?: string | null;
+}
+
+interface MembersTableProps {
+	data: MemberRow[];
+	loading: boolean;
+	total: number;
+	currentPage: number;
+	pageSize: number;
+	searchQuery: string;
+	onPageChange: (page: number) => void;
+	onRowClick?: (member: MemberRow) => void;
+	onSortChange?: (
+		sorter: SorterResult<MemberRow> | SorterResult<MemberRow>[],
+	) => void;
+}
+
+function NameEmailCell({
+	name,
+	email,
+}: {
+	name?: string;
+	email: string;
+}): JSX.Element {
+	return (
+		<div className="member-name-email-cell">
+			{name && (
+				<span className="member-name" title={name}>
+					{name}
+				</span>
+			)}
+			<Tooltip title={email} overlayClassName="member-tooltip">
+				<span className="member-email">{email}</span>
+			</Tooltip>
+		</div>
+	);
+}
+
+function StatusBadge({ status }: { status: MemberRow['status'] }): JSX.Element {
+	if (status === MemberStatus.Active) {
+		return (
+			<Badge color="forest" variant="outline">
+				ACTIVE
+			</Badge>
+		);
+	}
+	return (
+		<Badge color="amber" variant="outline">
+			INVITED
+		</Badge>
+	);
+}
+
+function MembersEmptyState({
+	searchQuery,
+}: {
+	searchQuery: string;
+}): JSX.Element {
+	return (
+		<div className="members-empty-state">
+			<span
+				className="members-empty-state__emoji"
+				role="img"
+				aria-label="monocle face"
+			>
+				🧐
+			</span>
+			{searchQuery ? (
+				<p className="members-empty-state__text">
+					No results for <strong>{searchQuery}</strong>
+				</p>
+			) : (
+				<p className="members-empty-state__text">No members found</p>
+			)}
+		</div>
+	);
+}
+
+function MembersTable({
+	data,
+	loading,
+	total,
+	currentPage,
+	pageSize,
+	searchQuery,
+	onPageChange,
+	onRowClick,
+	onSortChange,
+}: MembersTableProps): JSX.Element {
+	const { formatTimezoneAdjustedTimestamp } = useTimezone();
+
+	const formatJoinedOn = (date: string | null): string => {
+		if (!date) {
+			return '—';
+		}
+		const d = new Date(date);
+		if (Number.isNaN(d.getTime())) {
+			return '—';
+		}
+		return formatTimezoneAdjustedTimestamp(date, DATE_TIME_FORMATS.DASH_DATETIME);
+	};
+
+	const columns: ColumnsType<MemberRow> = [
+		{
+			title: 'Name / Email',
+			dataIndex: 'name',
+			key: 'name',
+			sorter: (a, b): number => a.email.localeCompare(b.email),
+			render: (_, record): JSX.Element => (
+				<NameEmailCell name={record.name} email={record.email} />
+			),
+		},
+		{
+			title: 'Roles',
+			dataIndex: 'role',
+			key: 'role',
+			width: 180,
+			sorter: (a, b): number => a.role.localeCompare(b.role),
+			render: (role: ROLES): JSX.Element => (
+				<Badge color="vanilla">{capitalize(role)}</Badge>
+			),
+		},
+
+		{
+			title: 'Status',
+			dataIndex: 'status',
+			key: 'status',
+			width: 100,
+			align: 'right' as const,
+			className: 'member-status-cell',
+			sorter: (a, b): number => a.status.localeCompare(b.status),
+			render: (status: MemberRow['status']): JSX.Element => (
+				<StatusBadge status={status} />
+			),
+		},
+		{
+			title: 'Joined On',
+			dataIndex: 'joinedOn',
+			key: 'joinedOn',
+			width: 250,
+			align: 'right' as const,
+			sorter: (a, b): number => {
+				if (!a.joinedOn && !b.joinedOn) {
+					return 0;
+				}
+				if (!a.joinedOn) {
+					return 1;
+				}
+				if (!b.joinedOn) {
+					return -1;
+				}
+				return new Date(a.joinedOn).getTime() - new Date(b.joinedOn).getTime();
+			},
+			render: (joinedOn: string | null): JSX.Element => {
+				const formatted = formatJoinedOn(joinedOn);
+				const isDash = formatted === '—';
+				return (
+					<span className={isDash ? 'member-joined-dash' : 'member-joined-date'}>
+						{formatted}
+					</span>
+				);
+			},
+		},
+	];
+
+	const showPaginationTotal = (_total: number, range: number[]): JSX.Element => (
+		<>
+			<span className="members-pagination-range">
+				{range[0]} &#8212; {range[1]}
+			</span>
+			<span className="members-pagination-total"> of {_total}</span>
+		</>
+	);
+
+	return (
+		<div className="members-table-wrapper">
+			<Table<MemberRow>
+				columns={columns}
+				dataSource={data}
+				rowKey="id"
+				loading={loading}
+				pagination={false}
+				rowClassName={(_, index): string =>
+					index % 2 === 0 ? 'members-table-row--tinted' : ''
+				}
+				onRow={(record): React.HTMLAttributes<HTMLElement> => ({
+					onClick: (): void => onRowClick?.(record),
+					style: onRowClick ? { cursor: 'pointer' } : undefined,
+				})}
+				onChange={(_, __, sorter): void => {
+					if (onSortChange) {
+						onSortChange(
+							sorter as SorterResult<MemberRow> | SorterResult<MemberRow>[],
+						);
+					}
+				}}
+				showSorterTooltip={false}
+				locale={{
+					emptyText: <MembersEmptyState searchQuery={searchQuery} />,
+				}}
+				className="members-table"
+			/>
+			{total > pageSize && (
+				<Pagination
+					current={currentPage}
+					pageSize={pageSize}
+					total={total}
+					showTotal={showPaginationTotal}
+					showSizeChanger={false}
+					onChange={onPageChange}
+					className="members-table-pagination"
+				/>
+			)}
+		</div>
+	);
+}
+
+export default MembersTable;

frontend/src/components/MembersTable/__tests__/MembersTable.test.tsx

@@ -0,0 +1,143 @@
+import { MemberStatus } from 'container/MembersSettings/utils';
+import { render, screen, userEvent } from 'tests/test-utils';
+import { ROLES } from 'types/roles';
+
+import MembersTable, { MemberRow } from '../MembersTable';
+
+const mockActiveMembers: MemberRow[] = [
+	{
+		id: 'user-1',
+		name: 'Alice Smith',
+		email: 'alice@signoz.io',
+		role: 'ADMIN' as ROLES,
+		status: MemberStatus.Active,
+		joinedOn: '1700000000000',
+	},
+	{
+		id: 'user-2',
+		name: 'Bob Jones',
+		email: 'bob@signoz.io',
+		role: 'VIEWER' as ROLES,
+		status: MemberStatus.Active,
+		joinedOn: null,
+	},
+];
+
+const mockInvitedMember: MemberRow = {
+	id: 'invite-abc',
+	name: '',
+	email: 'charlie@signoz.io',
+	role: 'EDITOR' as ROLES,
+	status: MemberStatus.Invited,
+	joinedOn: null,
+	token: 'tok-123',
+};
+
+const defaultProps = {
+	loading: false,
+	total: 2,
+	currentPage: 1,
+	pageSize: 20,
+	searchQuery: '',
+	onPageChange: jest.fn(),
+	onRowClick: jest.fn(),
+};
+
+describe('MembersTable', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+	});
+
+	it('renders member rows with name, email, role badge, and ACTIVE status', () => {
+		render(<MembersTable {...defaultProps} data={mockActiveMembers} />);
+
+		expect(screen.getByText('Alice Smith')).toBeInTheDocument();
+		expect(screen.getByText('alice@signoz.io')).toBeInTheDocument();
+		expect(screen.getByText('Admin')).toBeInTheDocument();
+		expect(screen.getAllByText('ACTIVE')).toHaveLength(2);
+	});
+
+	it('renders INVITED badge for pending invite members', () => {
+		render(
+			<MembersTable
+				{...defaultProps}
+				data={[...mockActiveMembers, mockInvitedMember]}
+				total={3}
+			/>,
+		);
+
+		expect(screen.getByText('INVITED')).toBeInTheDocument();
+		expect(screen.getByText('charlie@signoz.io')).toBeInTheDocument();
+		expect(screen.getByText('Editor')).toBeInTheDocument();
+	});
+
+	it('calls onRowClick with the member data when a row is clicked', async () => {
+		const onRowClick = jest.fn() as jest.MockedFunction<
+			(member: MemberRow) => void
+		>;
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(
+			<MembersTable
+				{...defaultProps}
+				data={mockActiveMembers}
+				onRowClick={onRowClick}
+			/>,
+		);
+
+		await user.click(screen.getByText('Alice Smith'));
+
+		expect(onRowClick).toHaveBeenCalledTimes(1);
+		expect(onRowClick).toHaveBeenCalledWith(
+			expect.objectContaining({ id: 'user-1', email: 'alice@signoz.io' }),
+		);
+	});
+
+	it('shows "No members found" empty state when no data and no search query', () => {
+		render(<MembersTable {...defaultProps} data={[]} total={0} searchQuery="" />);
+
+		expect(screen.getByText('No members found')).toBeInTheDocument();
+	});
+
+	it('shows "No results for X" when no data and a search query is set', () => {
+		render(
+			<MembersTable {...defaultProps} data={[]} total={0} searchQuery="unknown" />,
+		);
+
+		expect(screen.getByText(/No results for/i)).toBeInTheDocument();
+		expect(screen.getByText('unknown')).toBeInTheDocument();
+	});
+
+	it('hides pagination when total does not exceed pageSize', () => {
+		const { container } = render(
+			<MembersTable
+				{...defaultProps}
+				data={mockActiveMembers}
+				total={2}
+				pageSize={20}
+			/>,
+		);
+
+		expect(
+			container.querySelector('.members-table-pagination'),
+		).not.toBeInTheDocument();
+	});
+
+	it('shows pagination when total exceeds pageSize', () => {
+		const { container } = render(
+			<MembersTable
+				{...defaultProps}
+				data={mockActiveMembers}
+				total={25}
+				pageSize={20}
+			/>,
+		);
+
+		expect(
+			container.querySelector('.members-table-pagination'),
+		).toBeInTheDocument();
+		expect(
+			container.querySelector('.members-pagination-total'),
+		).toBeInTheDocument();
+	});
+});

frontend/src/components/QueryBuilderV2/QueryV2/QueryAddOns/QueryAddOns.tsx

@@ -14,6 +14,7 @@ import { MetricAggregation } from 'types/api/v5/queryRange';
 import { DataSource, ReduceOperators } from 'types/common/queryBuilder';
 
 import HavingFilter from './HavingFilter/HavingFilter';
+import { buildDefaultLegendFromGroupBy } from './utils';
 
 import './QueryAddOns.styles.scss';
 
@@ -250,12 +251,33 @@ function QueryAddOns({
 	}, [panelType, isListViewPanel, query, showReduceTo]);
 
 	const handleOptionClick = (e: RadioChangeEvent): void => {
-		if (selectedViews.find((view) => view.key === e.target.value.key)) {
-			setSelectedViews(
-				selectedViews.filter((view) => view.key !== e.target.value.key),
+		const clickedAddOn = e.target.value as AddOn;
+		const isAlreadySelected = selectedViews.some(
+			(view) => view.key === clickedAddOn.key,
+		);
+
+		if (isAlreadySelected) {
+			setSelectedViews((prev) =>
+				prev.filter((view) => view.key !== clickedAddOn.key),
 			);
 		} else {
-			setSelectedViews([...selectedViews, e.target.value]);
+			// When enabling Legend format for the first time with an empty legend
+			// and existing group-by keys, prefill the legend using all group-by keys.
+			// This keeps existing custom legends intact and only helps seed a sensible default.
+			if (
+				clickedAddOn.key === ADD_ONS_KEYS.LEGEND_FORMAT &&
+				isEmpty(query?.legend) &&
+				Array.isArray(query.groupBy) &&
+				query.groupBy.length > 0
+			) {
+				const defaultLegend = buildDefaultLegendFromGroupBy(query.groupBy);
+
+				if (defaultLegend) {
+					handleChangeQueryLegend(defaultLegend);
+				}
+			}
+
+			setSelectedViews((prev) => [...prev, clickedAddOn]);
 		}
 	};
 
@@ -288,12 +310,9 @@ function QueryAddOns({
 		[handleSetQueryData, index, query],
 	);
 
-	const handleRemoveView = useCallback(
-		(key: string): void => {
-			setSelectedViews(selectedViews.filter((view) => view.key !== key));
-		},
-		[selectedViews],
-	);
+	const handleRemoveView = useCallback((key: string): void => {
+		setSelectedViews((prev) => prev.filter((view) => view.key !== key));
+	}, []);
 
 	const handleChangeQueryLegend = useCallback(
 		(value: string) => {
@@ -379,8 +398,8 @@ function QueryAddOns({
 								<div className="input">
 									<HavingFilter
 										onClose={(): void => {
-											setSelectedViews(
-												selectedViews.filter((view) => view.key !== 'having'),
+											setSelectedViews((prev) =>
+												prev.filter((view) => view.key !== 'having'),
 											);
 										}}
 										onChange={handleChangeHaving}
@@ -399,7 +418,9 @@ function QueryAddOns({
 								initialValue={query?.limit ?? undefined}
 								placeholder="Enter limit"
 								onClose={(): void => {
-									setSelectedViews(selectedViews.filter((view) => view.key !== 'limit'));
+									setSelectedViews((prev) =>
+										prev.filter((view) => view.key !== 'limit'),
+									);
 								}}
 								closeIcon={<ChevronUp size={16} />}
 							/>
@@ -482,8 +503,8 @@ function QueryAddOns({
 								onChange={handleChangeQueryLegend}
 								initialValue={isEmpty(query?.legend) ? undefined : query?.legend}
 								onClose={(): void => {
-									setSelectedViews(
-										selectedViews.filter((view) => view.key !== 'legend_format'),
+									setSelectedViews((prev) =>
+										prev.filter((view) => view.key !== 'legend_format'),
 									);
 								}}
 								closeIcon={<ChevronUp size={16} />}

frontend/src/components/QueryBuilderV2/QueryV2/QueryAddOns/utils.ts

@@ -0,0 +1,16 @@
+import { IBuilderQuery } from 'types/api/queryBuilder/queryBuilderData';
+
+export const buildDefaultLegendFromGroupBy = (
+	groupBy: IBuilderQuery['groupBy'],
+): string | null => {
+	const segments = groupBy
+		.map((item) => item?.key)
+		.filter((key): key is string => Boolean(key))
+		.map((key) => `${key} = {{${key}}}`);
+
+	if (segments.length === 0) {
+		return null;
+	}
+
+	return segments.join(', ');
+};

frontend/src/components/QueryBuilderV2/__tests__/QueryAddOns.test.tsx

@@ -275,4 +275,59 @@ describe('QueryAddOns', () => {
 			});
 		});
 	});
+
+	it('auto-generates legend from all groupBy keys when enabling Legend format with empty legend', async () => {
+		const user = userEvent.setup();
+		const query = baseQuery({
+			groupBy: [{ key: 'service.name' }, { key: 'operation' }],
+		});
+
+		render(
+			<QueryAddOns
+				query={query}
+				version="v5"
+				isListViewPanel={false}
+				showReduceTo={false}
+				panelType={PANEL_TYPES.TIME_SERIES}
+				index={0}
+				isForTraceOperator={false}
+			/>,
+		);
+
+		const legendTab = screen.getByTestId('query-add-on-legend_format');
+		await user.click(legendTab);
+
+		expect(mockHandleChangeQueryData).toHaveBeenCalledWith(
+			'legend',
+			'service.name = {{service.name}}, operation = {{operation}}',
+		);
+	});
+
+	it('does not override existing legend when enabling Legend format', async () => {
+		const user = userEvent.setup();
+		const query = baseQuery({
+			legend: 'existing legend',
+			groupBy: [{ key: 'service.name' }],
+		});
+
+		render(
+			<QueryAddOns
+				query={query}
+				version="v5"
+				isListViewPanel={false}
+				showReduceTo={false}
+				panelType={PANEL_TYPES.TIME_SERIES}
+				index={0}
+				isForTraceOperator={false}
+			/>,
+		);
+
+		const legendTab = screen.getByTestId('query-add-on-legend_format');
+		await user.click(legendTab);
+
+		expect(mockHandleChangeQueryData).not.toHaveBeenCalledWith(
+			'legend',
+			expect.anything(),
+		);
+	});
 });

frontend/src/constants/routes.ts

@@ -56,6 +56,7 @@ const ROUTES = {
 	BILLING: '/settings/billing',
 	ROLES_SETTINGS: '/settings/roles',
 	ROLE_DETAILS: '/settings/roles/:roleId',
+	MEMBERS_SETTINGS: '/settings/members',
 	SUPPORT: '/support',
 	LOGS_SAVE_VIEWS: '/logs/saved-views',
 	TRACES_SAVE_VIEWS: '/traces/saved-views',

frontend/src/container/LogsExplorerChart/__tests__/frequencyGraphColor.test.ts

@@ -4,8 +4,8 @@ import { getColorsForSeverityLabels, isRedLike } from '../utils';
 
 describe('getColorsForSeverityLabels', () => {
 	it('should return slate for blank labels', () => {
-		expect(getColorsForSeverityLabels('', 0)).toBe(Color.BG_VANILLA_400);
-		expect(getColorsForSeverityLabels('   ', 0)).toBe(Color.BG_VANILLA_400);
+		expect(getColorsForSeverityLabels('', 0)).toBe(Color.BG_SLATE_300);
+		expect(getColorsForSeverityLabels('   ', 0)).toBe(Color.BG_SLATE_300);
 	});
 
 	it('should return correct colors for known severity variants', () => {

frontend/src/container/LogsExplorerChart/utils.ts

@@ -79,7 +79,7 @@ export function getColorsForSeverityLabels(
 	const trimmed = label.trim();
 
 	if (!trimmed) {
-		return Color.BG_VANILLA_400; // Default color for empty labels
+		return Color.BG_SLATE_300;
 	}
 
 	const variantColor = SEVERITY_VARIANT_COLORS[trimmed];
@@ -119,6 +119,6 @@ export function getColorsForSeverityLabels(
 
 	return (
 		SAFE_FALLBACK_COLORS[index % SAFE_FALLBACK_COLORS.length] ||
-		Color.BG_VANILLA_400
+		Color.BG_SLATE_400
 	);
 }

frontend/src/container/MembersSettings/MembersSettings.styles.scss

@@ -0,0 +1,120 @@
+.members-settings {
+	display: flex;
+	flex-direction: column;
+	gap: var(--spacing-8);
+	padding: var(--padding-4) var(--padding-2) var(--padding-6) var(--padding-4);
+	height: 100%;
+
+	&__header {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-2);
+	}
+
+	&__title {
+		font-size: var(--label-large-500-font-size);
+		font-weight: var(--label-large-500-font-weight);
+		color: var(--text-base-white);
+		letter-spacing: -0.09px;
+		line-height: var(--line-height-normal);
+		margin: 0;
+	}
+
+	&__subtitle {
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		color: var(--foreground);
+		letter-spacing: -0.07px;
+		line-height: var(--paragraph-base-400-line-height);
+		margin: 0;
+	}
+
+	&__controls {
+		display: flex;
+		align-items: center;
+		gap: var(--spacing-4);
+	}
+
+	&__search {
+		flex: 1;
+		min-width: 0;
+	}
+}
+
+.members-filter-trigger {
+	display: flex;
+	align-items: center;
+	gap: var(--spacing-2);
+	border: 1px solid var(--border);
+	border-radius: 2px;
+	background-color: var(--l2-background);
+
+	> span {
+		color: var(--foreground);
+	}
+
+	&__chevron {
+		flex-shrink: 0;
+		color: var(--foreground);
+	}
+}
+
+.members-filter-dropdown {
+	.ant-dropdown-menu {
+		padding: var(--padding-3) 14px;
+		border-radius: 4px;
+		border: 1px solid var(--border);
+		background: var(--l2-background);
+		backdrop-filter: blur(20px);
+	}
+
+	.ant-dropdown-menu-item {
+		background: transparent !important;
+		padding: var(--padding-1) 0 !important;
+
+		&:hover {
+			background: transparent !important;
+		}
+	}
+}
+
+.members-filter-option {
+	display: flex;
+	align-items: center;
+	justify-content: space-between;
+	font-size: var(--paragraph-base-400-font-size);
+	font-weight: var(--paragraph-base-400-font-weight);
+	color: var(--foreground);
+	letter-spacing: 0.14px;
+	min-width: 170px;
+
+	&:hover {
+		color: var(--card-foreground);
+		background: transparent;
+	}
+}
+
+.members-search-input {
+	height: 32px;
+	color: var(--l1-foreground);
+	background-color: var(--l2-background);
+	border-color: var(--border);
+
+	&::placeholder {
+		color: var(--l3-foreground);
+	}
+}
+
+.lightMode {
+	.members-settings {
+		&__title {
+			color: var(--text-base-black);
+		}
+	}
+
+	.members-filter-option {
+		&:hover {
+			color: var(--bg-neutral-light-100);
+		}
+	}
+}

frontend/src/container/MembersSettings/MembersSettings.tsx

@@ -0,0 +1,262 @@
+import { useCallback, useEffect, useMemo, useState } from 'react';
+import { useQuery } from 'react-query';
+import { useHistory } from 'react-router-dom';
+import { Button } from '@signozhq/button';
+import { Check, ChevronDown, Plus } from '@signozhq/icons';
+import { Input } from '@signozhq/input';
+import type { MenuProps } from 'antd';
+import { Dropdown } from 'antd';
+import getPendingInvites from 'api/v1/invite/get';
+import getAll from 'api/v1/user/get';
+import EditMemberDrawer from 'components/EditMemberDrawer/EditMemberDrawer';
+import InviteMembersModal from 'components/InviteMembersModal/InviteMembersModal';
+import MembersTable, { MemberRow } from 'components/MembersTable/MembersTable';
+import useUrlQuery from 'hooks/useUrlQuery';
+import { useAppContext } from 'providers/App/App';
+
+import { FilterMode, INVITE_PREFIX, MemberStatus } from './utils';
+
+import './MembersSettings.styles.scss';
+
+const PAGE_SIZE = 20;
+
+function MembersSettings(): JSX.Element {
+	const { org } = useAppContext();
+	const history = useHistory();
+	const urlQuery = useUrlQuery();
+
+	const pageParam = parseInt(urlQuery.get('page') ?? '1', 10);
+	const currentPage = Number.isNaN(pageParam) || pageParam < 1 ? 1 : pageParam;
+
+	// TODO(nuqs): Replace with nuqs once the nuqs setup and integration is done - for search
+	const [searchQuery, setSearchQuery] = useState('');
+	const [filterMode, setFilterMode] = useState<FilterMode>(FilterMode.All);
+	const [isInviteModalOpen, setIsInviteModalOpen] = useState(false);
+	const [selectedMember, setSelectedMember] = useState<MemberRow | null>(null);
+
+	const {
+		data: usersData,
+		isLoading: isUsersLoading,
+		refetch: refetchUsers,
+	} = useQuery({
+		queryFn: getAll,
+		queryKey: ['getOrgUser', org?.[0]?.id],
+	});
+
+	const {
+		data: invitesData,
+		isLoading: isInvitesLoading,
+		refetch: refetchInvites,
+	} = useQuery({
+		queryFn: getPendingInvites,
+		queryKey: ['getPendingInvites'],
+	});
+
+	const isLoading = isUsersLoading || isInvitesLoading;
+
+	const allMembers = useMemo((): MemberRow[] => {
+		const activeMembers: MemberRow[] = (usersData?.data ?? []).map((user) => ({
+			id: user.id,
+			name: user.displayName,
+			email: user.email,
+			role: user.role,
+			status: MemberStatus.Active,
+			joinedOn: user.createdAt ? String(user.createdAt) : null,
+			updatedAt: user?.updatedAt ? String(user.updatedAt) : null,
+		}));
+
+		const pendingInvites: MemberRow[] = (invitesData?.data ?? []).map(
+			(invite) => ({
+				id: `${INVITE_PREFIX}${invite.id}`,
+				name: invite.name ?? '',
+				email: invite.email,
+				role: invite.role,
+				status: MemberStatus.Invited,
+				joinedOn: invite.createdAt ? String(invite.createdAt) : null,
+				token: invite.token ?? null,
+			}),
+		);
+
+		return [...activeMembers, ...pendingInvites];
+	}, [usersData, invitesData]);
+
+	const filteredMembers = useMemo((): MemberRow[] => {
+		let result = allMembers;
+
+		if (filterMode === FilterMode.Invited) {
+			result = result.filter((m) => m.status === MemberStatus.Invited);
+		}
+
+		if (searchQuery.trim()) {
+			const q = searchQuery.toLowerCase();
+			result = result.filter(
+				(m) =>
+					m?.name?.toLowerCase().includes(q) ||
+					m.email.toLowerCase().includes(q) ||
+					m.role.toLowerCase().includes(q),
+			);
+		}
+
+		return result;
+	}, [allMembers, filterMode, searchQuery]);
+
+	const paginatedMembers = useMemo((): MemberRow[] => {
+		const start = (currentPage - 1) * PAGE_SIZE;
+		return filteredMembers.slice(start, start + PAGE_SIZE);
+	}, [filteredMembers, currentPage]);
+
+	// TODO(nuqs): Replace with nuqs once the nuqs setup and integration is done
+	const setPage = useCallback(
+		(page: number): void => {
+			urlQuery.set('page', String(page));
+			history.replace({ search: urlQuery.toString() });
+		},
+		[history, urlQuery],
+	);
+
+	useEffect(() => {
+		if (filteredMembers.length === 0) {
+			return;
+		}
+		const maxPage = Math.ceil(filteredMembers.length / PAGE_SIZE);
+		if (currentPage > maxPage) {
+			setPage(maxPage);
+		}
+	}, [filteredMembers.length, currentPage, setPage]);
+
+	const pendingCount = invitesData?.data?.length ?? 0;
+	const totalCount = allMembers.length;
+
+	const filterMenuItems: MenuProps['items'] = [
+		{
+			key: FilterMode.All,
+			label: (
+				<div className="members-filter-option">
+					<span>All members ⎯ {totalCount}</span>
+					{filterMode === FilterMode.All && <Check size={14} />}
+				</div>
+			),
+			onClick: (): void => {
+				setFilterMode(FilterMode.All);
+				setPage(1);
+			},
+		},
+		{
+			key: FilterMode.Invited,
+			label: (
+				<div className="members-filter-option">
+					<span>Pending invites ⎯ {pendingCount}</span>
+					{filterMode === FilterMode.Invited && <Check size={14} />}
+				</div>
+			),
+			onClick: (): void => {
+				setFilterMode(FilterMode.Invited);
+				setPage(1);
+			},
+		},
+	];
+
+	const filterLabel =
+		filterMode === FilterMode.All
+			? `All members ⎯ ${totalCount}`
+			: `Pending invites ⎯ ${pendingCount}`;
+
+	const handleInviteComplete = useCallback((): void => {
+		refetchUsers();
+		refetchInvites();
+	}, [refetchUsers, refetchInvites]);
+
+	const handleRowClick = useCallback((member: MemberRow): void => {
+		setSelectedMember(member);
+	}, []);
+
+	const handleDrawerClose = useCallback((): void => {
+		setSelectedMember(null);
+	}, []);
+
+	const handleMemberEditComplete = useCallback((): void => {
+		refetchUsers();
+		refetchInvites();
+		setSelectedMember(null);
+	}, [refetchUsers, refetchInvites]);
+
+	return (
+		<>
+			<div className="members-settings">
+				<div className="members-settings__header">
+					<h1 className="members-settings__title">Members</h1>
+					<p className="members-settings__subtitle">
+						Overview of people added to this workspace.
+					</p>
+				</div>
+
+				<div className="members-settings__controls">
+					<Dropdown
+						menu={{ items: filterMenuItems }}
+						trigger={['click']}
+						overlayClassName="members-filter-dropdown"
+					>
+						<Button
+							variant="solid"
+							size="sm"
+							color="secondary"
+							className="members-filter-trigger"
+						>
+							<span>{filterLabel}</span>
+							<ChevronDown size={12} className="members-filter-trigger__chevron" />
+						</Button>
+					</Dropdown>
+
+					<div className="members-settings__search">
+						<Input
+							placeholder="Search by name, email, or role..."
+							value={searchQuery}
+							onChange={(e): void => {
+								setSearchQuery(e.target.value);
+								setPage(1);
+							}}
+							className="members-search-input"
+							color="secondary"
+						/>
+					</div>
+
+					<Button
+						variant="solid"
+						size="sm"
+						color="primary"
+						onClick={(): void => setIsInviteModalOpen(true)}
+					>
+						<Plus size={12} />
+						Invite member
+					</Button>
+				</div>
+			</div>
+			<MembersTable
+				data={paginatedMembers}
+				loading={isLoading}
+				total={filteredMembers.length}
+				currentPage={currentPage}
+				pageSize={PAGE_SIZE}
+				searchQuery={searchQuery}
+				onPageChange={setPage}
+				onRowClick={handleRowClick}
+			/>
+
+			<InviteMembersModal
+				open={isInviteModalOpen}
+				onClose={(): void => setIsInviteModalOpen(false)}
+				onComplete={handleInviteComplete}
+			/>
+
+			<EditMemberDrawer
+				member={selectedMember}
+				open={selectedMember !== null}
+				onClose={handleDrawerClose}
+				onComplete={handleMemberEditComplete}
+				onRefetch={handleInviteComplete}
+			/>
+		</>
+	);
+}
+
+export default MembersSettings;

frontend/src/container/MembersSettings/__tests__/MembersSettings.integration.test.tsx

@@ -0,0 +1,131 @@
+import { rest, server } from 'mocks-server/server';
+import { render, screen, userEvent } from 'tests/test-utils';
+import { PendingInvite } from 'types/api/user/getPendingInvites';
+import { UserResponse } from 'types/api/user/getUser';
+
+import MembersSettings from '../MembersSettings';
+
+jest.mock('@signozhq/sonner', () => ({
+	toast: {
+		success: jest.fn(),
+		error: jest.fn(),
+	},
+}));
+
+const USERS_ENDPOINT = '*/api/v1/user';
+const INVITES_ENDPOINT = '*/api/v1/invite';
+
+const mockUsers: UserResponse[] = [
+	{
+		id: 'user-1',
+		displayName: 'Alice Smith',
+		email: 'alice@signoz.io',
+		role: 'ADMIN',
+		createdAt: 1700000000,
+		organization: 'TestOrg',
+		orgId: 'org-1',
+	},
+	{
+		id: 'user-2',
+		displayName: 'Bob Jones',
+		email: 'bob@signoz.io',
+		role: 'VIEWER',
+		createdAt: 1700000001,
+		organization: 'TestOrg',
+		orgId: 'org-1',
+	},
+];
+
+const mockInvites: PendingInvite[] = [
+	{
+		id: 'inv-1',
+		email: 'charlie@signoz.io',
+		name: 'Charlie',
+		role: 'EDITOR',
+		createdAt: 1700000002,
+		token: 'tok-abc',
+	},
+];
+
+describe('MembersSettings (integration)', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		server.use(
+			rest.get(USERS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: mockUsers })),
+			),
+			rest.get(INVITES_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: mockInvites })),
+			),
+		);
+	});
+
+	afterEach(() => {
+		server.resetHandlers();
+	});
+
+	it('loads and displays active users and pending invites', async () => {
+		render(<MembersSettings />);
+
+		await screen.findByText('Alice Smith');
+		expect(screen.getByText('Bob Jones')).toBeInTheDocument();
+		expect(screen.getByText('charlie@signoz.io')).toBeInTheDocument();
+		expect(screen.getAllByText('ACTIVE')).toHaveLength(2);
+		expect(screen.getByText('INVITED')).toBeInTheDocument();
+	});
+
+	it('filters to pending invites via the filter dropdown', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(<MembersSettings />);
+
+		await screen.findByText('Alice Smith');
+
+		await user.click(screen.getByRole('button', { name: /all members/i }));
+
+		const pendingOption = await screen.findByText(/pending invites/i);
+		await user.click(pendingOption);
+
+		await screen.findByText('charlie@signoz.io');
+		expect(screen.queryByText('Alice Smith')).not.toBeInTheDocument();
+	});
+
+	it('filters members by name using the search input', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(<MembersSettings />);
+
+		await screen.findByText('Alice Smith');
+
+		await user.type(
+			screen.getByPlaceholderText(/Search by name, email, or role/i),
+			'bob',
+		);
+
+		await screen.findByText('Bob Jones');
+		expect(screen.queryByText('Alice Smith')).not.toBeInTheDocument();
+		expect(screen.queryByText('charlie@signoz.io')).not.toBeInTheDocument();
+	});
+
+	it('opens EditMemberDrawer when a member row is clicked', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(<MembersSettings />);
+
+		await user.click(await screen.findByText('Alice Smith'));
+
+		await screen.findByText('Member Details');
+	});
+
+	it('opens InviteMembersModal when "Invite member" button is clicked', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(<MembersSettings />);
+
+		await user.click(screen.getByRole('button', { name: /invite member/i }));
+
+		expect(await screen.findAllByPlaceholderText('john@signoz.io')).toHaveLength(
+			3,
+		);
+	});
+});

frontend/src/container/MembersSettings/utils.ts

@@ -0,0 +1,11 @@
+export const INVITE_PREFIX = 'invite-';
+
+export enum FilterMode {
+	All = 'all',
+	Invited = 'invited',
+}
+
+export enum MemberStatus {
+	Active = 'Active',
+	Invited = 'Invited',
+}

frontend/src/container/OnboardingContainer/OnboardingContainer.tsx

@@ -11,7 +11,7 @@ import { FeatureKeys } from 'constants/features';
 import ROUTES from 'constants/routes';
 import FullScreenHeader from 'container/FullScreenHeader/FullScreenHeader';
 import InviteUserModal from 'container/OrganizationSettings/InviteUserModal/InviteUserModal';
-import { InviteMemberFormValues } from 'container/OrganizationSettings/PendingInvitesContainer';
+import { InviteMemberFormValues } from 'container/OrganizationSettings/utils';
 import history from 'lib/history';
 import { UserPlus } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';

frontend/src/container/OnboardingQuestionaire/index.tsx

@@ -12,7 +12,7 @@ import { SOMETHING_WENT_WRONG } from 'constants/api';
 import { FeatureKeys } from 'constants/features';
 import { ORG_PREFERENCES } from 'constants/orgPreferences';
 import ROUTES from 'constants/routes';
-import { InviteTeamMembersProps } from 'container/OrganizationSettings/PendingInvitesContainer';
+import { InviteTeamMembersProps } from 'container/OrganizationSettings/utils';
 import { useNotifications } from 'hooks/useNotifications';
 import history from 'lib/history';
 import { useAppContext } from 'providers/App/App';

frontend/src/container/OrganizationSettings/DeleteMembersDetails/index.tsx

@@ -1,32 +0,0 @@
-import { gold } from '@ant-design/colors';
-import { ExclamationCircleTwoTone } from '@ant-design/icons';
-import { Space, Typography } from 'antd';
-
-function DeleteMembersDetails({
-	name,
-}: DeleteMembersDetailsProps): JSX.Element {
-	return (
-		<div>
-			<Space direction="horizontal" size="middle" align="start">
-				<ExclamationCircleTwoTone
-					twoToneColor={[gold[6], '#1f1f1f']}
-					style={{
-						fontSize: '1.4rem',
-					}}
-				/>
-				<Space direction="vertical">
-					<Typography>Are you sure you want to delete {name}</Typography>
-					<Typography>
-						This will remove all access from dashboards and other features in SigNoz
-					</Typography>
-				</Space>
-			</Space>
-		</div>
-	);
-}
-
-interface DeleteMembersDetailsProps {
-	name: string;
-}
-
-export default DeleteMembersDetails;

frontend/src/container/OrganizationSettings/EditMembersDetails/index.tsx

@@ -1,167 +0,0 @@
-import {
-	ChangeEventHandler,
-	Dispatch,
-	SetStateAction,
-	useCallback,
-	useEffect,
-	useState,
-} from 'react';
-import { useTranslation } from 'react-i18next';
-import { useCopyToClipboard } from 'react-use';
-import { CopyOutlined } from '@ant-design/icons';
-import { Button, Input, Select, Space, Tooltip } from 'antd';
-import getResetPasswordToken from 'api/v1/factor_password/getResetPasswordToken';
-import ROUTES from 'constants/routes';
-import { useNotifications } from 'hooks/useNotifications';
-import APIError from 'types/api/error';
-import { ROLES } from 'types/roles';
-
-import { InputGroup, SelectDrawer, Title } from './styles';
-
-const { Option } = Select;
-
-function EditMembersDetails({
-	emailAddress,
-	name,
-	role,
-	setEmailAddress,
-	setName,
-	setRole,
-	id,
-}: EditMembersDetailsProps): JSX.Element {
-	const [passwordLink, setPasswordLink] = useState<string>('');
-
-	const { t } = useTranslation(['common']);
-	const [isLoading, setIsLoading] = useState<boolean>(false);
-	const [state, copyToClipboard] = useCopyToClipboard();
-
-	const getPasswordLink = (token: string): string =>
-		`${window.location.origin}${ROUTES.PASSWORD_RESET}?token=${token}`;
-
-	const onChangeHandler = useCallback(
-		(setFunc: Dispatch<SetStateAction<string>>, value: string) => {
-			setFunc(value);
-		},
-		[],
-	);
-
-	const { notifications } = useNotifications();
-
-	useEffect(() => {
-		if (state.error) {
-			notifications.error({
-				message: t('something_went_wrong'),
-			});
-		}
-
-		if (state.value) {
-			notifications.success({
-				message: t('success'),
-			});
-		}
-	}, [state.error, state.value, t, notifications]);
-
-	const onPasswordChangeHandler: ChangeEventHandler<HTMLInputElement> = useCallback(
-		(event) => {
-			setPasswordLink(event.target.value);
-		},
-		[],
-	);
-
-	const onGeneratePasswordHandler = async (): Promise<void> => {
-		try {
-			setIsLoading(true);
-			const response = await getResetPasswordToken({
-				userId: id || '',
-			});
-			setPasswordLink(getPasswordLink(response.data.token));
-			setIsLoading(false);
-		} catch (error) {
-			setIsLoading(false);
-			notifications.error({
-				message: (error as APIError).getErrorCode(),
-				description: (error as APIError).getErrorMessage(),
-			});
-		}
-	};
-
-	return (
-		<Space direction="vertical" size="large">
-			<Space direction="horizontal">
-				<Title>Email address</Title>
-				<Input
-					placeholder="john@signoz.io"
-					readOnly
-					onChange={(event): void =>
-						onChangeHandler(setEmailAddress, event.target.value)
-					}
-					disabled={isLoading}
-					value={emailAddress}
-				/>
-			</Space>
-			<Space direction="horizontal">
-				<Title>Name (optional)</Title>
-				<Input
-					placeholder="John"
-					onChange={(event): void => onChangeHandler(setName, event.target.value)}
-					value={name}
-					disabled={isLoading}
-				/>
-			</Space>
-			<Space direction="horizontal">
-				<Title>Role</Title>
-				<SelectDrawer
-					value={role}
-					onSelect={(value: unknown): void => {
-						if (typeof value === 'string') {
-							setRole(value as ROLES);
-						}
-					}}
-					disabled={isLoading}
-				>
-					<Option value="ADMIN">ADMIN</Option>
-					<Option value="VIEWER">VIEWER</Option>
-					<Option value="EDITOR">EDITOR</Option>
-				</SelectDrawer>
-			</Space>
-
-			<Button
-				loading={isLoading}
-				disabled={isLoading}
-				onClick={onGeneratePasswordHandler}
-				type="primary"
-			>
-				Generate Reset Password link
-			</Button>
-			{passwordLink && (
-				<InputGroup>
-					<Input
-						style={{ width: '100%' }}
-						defaultValue="git@github.com:ant-design/ant-design.git"
-						onChange={onPasswordChangeHandler}
-						value={passwordLink}
-						disabled={isLoading}
-					/>
-					<Tooltip title="COPY LINK">
-						<Button
-							icon={<CopyOutlined />}
-							onClick={(): void => copyToClipboard(passwordLink)}
-						/>
-					</Tooltip>
-				</InputGroup>
-			)}
-		</Space>
-	);
-}
-
-interface EditMembersDetailsProps {
-	emailAddress: string;
-	name: string;
-	role: ROLES;
-	setEmailAddress: Dispatch<SetStateAction<string>>;
-	setName: Dispatch<SetStateAction<string>>;
-	setRole: Dispatch<SetStateAction<ROLES>>;
-	id: string;
-}
-
-export default EditMembersDetails;

frontend/src/container/OrganizationSettings/EditMembersDetails/styles.ts

@@ -1,16 +0,0 @@
-import { Select, Typography } from 'antd';
-import styled from 'styled-components';
-
-export const SelectDrawer = styled(Select)`
-	width: 120px;
-`;
-
-export const Title = styled(Typography)`
-	width: 7rem;
-`;
-
-export const InputGroup = styled.div`
-	display: flex;
-	flex-direction: row;
-	align-items: center;
-`;

frontend/src/container/OrganizationSettings/InviteTeamMembers/index.tsx

@@ -11,7 +11,7 @@ import {
 } from 'antd';
 import { requireErrorMessage } from 'utils/form/requireErrorMessage';
 
-import { InviteMemberFormValues } from '../PendingInvitesContainer/index';
+import { InviteMemberFormValues } from '../utils';
 import { SelectDrawer, SpaceContainer, TitleWrapper } from './styles';
 
 function InviteTeamMembers({ form, onFinish }: Props): JSX.Element {

frontend/src/container/OrganizationSettings/InviteUserModal/InviteUserModal.tsx

@@ -6,7 +6,7 @@ import { useNotifications } from 'hooks/useNotifications';
 import APIError from 'types/api/error';
 
 import InviteTeamMembers from '../InviteTeamMembers';
-import { InviteMemberFormValues } from '../PendingInvitesContainer';
+import { InviteMemberFormValues } from '../utils';
 
 export interface InviteUserModalProps {
 	isInviteTeamMemberModalOpen: boolean;

frontend/src/container/OrganizationSettings/Members/index.tsx

@@ -1,324 +0,0 @@
-import { Dispatch, SetStateAction, useEffect, useState } from 'react';
-import { useTranslation } from 'react-i18next';
-import { useQuery } from 'react-query';
-import {
-	Button,
-	Modal,
-	Space,
-	TableColumnsType as ColumnsType,
-	Typography,
-} from 'antd';
-import getAll from 'api/v1/user/get';
-import deleteUser from 'api/v1/user/id/delete';
-import update from 'api/v1/user/id/update';
-import ErrorContent from 'components/ErrorModal/components/ErrorContent';
-import { ResizeTable } from 'components/ResizeTable';
-import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
-import dayjs from 'dayjs';
-import { useNotifications } from 'hooks/useNotifications';
-import { useAppContext } from 'providers/App/App';
-import APIError from 'types/api/error';
-import { ROLES } from 'types/roles';
-
-import DeleteMembersDetails from '../DeleteMembersDetails';
-import EditMembersDetails from '../EditMembersDetails';
-
-function UserFunction({
-	setDataSource,
-	accessLevel,
-	name,
-	email,
-	id,
-}: UserFunctionProps): JSX.Element {
-	const [isModalVisible, setIsModalVisible] = useState(false);
-	const [isDeleteModalVisible, setIsDeleteModalVisible] = useState(false);
-
-	const onModalToggleHandler = (
-		func: Dispatch<SetStateAction<boolean>>,
-		value: boolean,
-	): void => {
-		func(value);
-	};
-
-	const [emailAddress, setEmailAddress] = useState(email);
-	const [updatedName, setUpdatedName] = useState(name);
-	const [role, setRole] = useState<ROLES>(accessLevel);
-	const { t } = useTranslation(['common']);
-	const [isDeleteLoading, setIsDeleteLoading] = useState<boolean>(false);
-	const [isUpdateLoading, setIsUpdateLoading] = useState<boolean>(false);
-	const { notifications } = useNotifications();
-
-	const onUpdateDetailsHandler = (): void => {
-		setDataSource((data) => {
-			const index = data.findIndex((e) => e.id === id);
-			if (index !== -1) {
-				const current = data[index];
-
-				const updatedData: DataType[] = [
-					...data.slice(0, index),
-					{
-						...current,
-						name: updatedName,
-						accessLevel: role,
-						email: emailAddress,
-					},
-					...data.slice(index + 1, data.length),
-				];
-
-				return updatedData;
-			}
-			return data;
-		});
-	};
-
-	const onDelete = (): void => {
-		setDataSource((source) => {
-			const index = source.findIndex((e) => e.id === id);
-
-			if (index !== -1) {
-				const updatedData: DataType[] = [
-					...source.slice(0, index),
-					...source.slice(index + 1, source.length),
-				];
-
-				return updatedData;
-			}
-			return source;
-		});
-	};
-
-	const onDeleteHandler = async (): Promise<void> => {
-		try {
-			setIsDeleteLoading(true);
-			await deleteUser({
-				userId: id,
-			});
-			onDelete();
-			notifications.success({
-				message: t('success', {
-					ns: 'common',
-				}),
-			});
-			setIsDeleteModalVisible(false);
-			setIsDeleteLoading(false);
-		} catch (error) {
-			setIsDeleteLoading(false);
-			notifications.error({
-				message: (error as APIError).getErrorCode(),
-				description: (error as APIError).getErrorMessage(),
-			});
-		}
-	};
-
-	const onEditMemberDetails = async (): Promise<void> => {
-		try {
-			setIsUpdateLoading(true);
-			await update({
-				userId: id,
-				displayName: updatedName,
-				role,
-			});
-			onUpdateDetailsHandler();
-
-			if (role !== accessLevel) {
-				notifications.success({
-					message: 'User details updated successfully',
-					description: 'The user details have been updated successfully.',
-				});
-			} else {
-				notifications.success({
-					message: t('success', {
-						ns: 'common',
-					}),
-				});
-			}
-
-			setIsUpdateLoading(false);
-			setIsModalVisible(false);
-		} catch (error) {
-			notifications.error({
-				message: (error as APIError).getErrorCode(),
-				description: (error as APIError).getErrorMessage(),
-			});
-			setIsUpdateLoading(false);
-		}
-	};
-
-	return (
-		<>
-			<Space direction="horizontal">
-				<Typography.Link
-					onClick={(): void => onModalToggleHandler(setIsModalVisible, true)}
-				>
-					Edit
-				</Typography.Link>
-				<Typography.Link
-					onClick={(): void => onModalToggleHandler(setIsDeleteModalVisible, true)}
-				>
-					Delete
-				</Typography.Link>
-			</Space>
-			<Modal
-				title="Edit member details"
-				className="edit-member-details-modal"
-				open={isModalVisible}
-				onOk={(): void => onModalToggleHandler(setIsModalVisible, false)}
-				onCancel={(): void => onModalToggleHandler(setIsModalVisible, false)}
-				centered
-				destroyOnClose
-				footer={[
-					<Button
-						key="back"
-						onClick={(): void => onModalToggleHandler(setIsModalVisible, false)}
-						type="default"
-					>
-						Cancel
-					</Button>,
-					<Button
-						key="Invite_team_members"
-						onClick={onEditMemberDetails}
-						type="primary"
-						disabled={isUpdateLoading}
-						loading={isUpdateLoading}
-					>
-						Update Details
-					</Button>,
-				]}
-			>
-				<EditMembersDetails
-					{...{
-						emailAddress,
-						name: updatedName,
-						role,
-						setEmailAddress,
-						setName: setUpdatedName,
-						setRole,
-						id,
-					}}
-				/>
-			</Modal>
-			<Modal
-				title="Edit member details"
-				open={isDeleteModalVisible}
-				onOk={onDeleteHandler}
-				onCancel={(): void => onModalToggleHandler(setIsDeleteModalVisible, false)}
-				centered
-				confirmLoading={isDeleteLoading}
-			>
-				<DeleteMembersDetails name={name} />
-			</Modal>
-		</>
-	);
-}
-
-function Members(): JSX.Element {
-	const { org } = useAppContext();
-
-	const { data, isLoading, error } = useQuery({
-		queryFn: () => getAll(),
-		queryKey: ['getOrgUser', org?.[0].id],
-	});
-
-	const [dataSource, setDataSource] = useState<DataType[]>([]);
-
-	useEffect(() => {
-		if (data?.data && Array.isArray(data.data)) {
-			const updatedData: DataType[] = data?.data?.map((e) => ({
-				accessLevel: e.role,
-				email: e.email,
-				id: String(e.id),
-				joinedOn: String(e.createdAt),
-				name: e.displayName,
-			}));
-			setDataSource(updatedData);
-		}
-	}, [data]);
-
-	const columns: ColumnsType<DataType> = [
-		{
-			title: 'Name',
-			dataIndex: 'name',
-			key: 'name',
-			width: 100,
-		},
-		{
-			title: 'Emails',
-			dataIndex: 'email',
-			key: 'email',
-			width: 100,
-		},
-		{
-			title: 'Access Level',
-			dataIndex: 'accessLevel',
-			key: 'accessLevel',
-			width: 50,
-		},
-		{
-			title: 'Joined On',
-			dataIndex: 'joinedOn',
-			key: 'joinedOn',
-			width: 60,
-			render: (_, record): JSX.Element => {
-				const { joinedOn } = record;
-				return (
-					<Typography>
-						{dayjs(joinedOn).format(DATE_TIME_FORMATS.MONTH_DATE_FULL)}
-					</Typography>
-				);
-			},
-		},
-		{
-			title: 'Action',
-			dataIndex: 'action',
-			width: 80,
-			render: (_, record): JSX.Element => (
-				<UserFunction
-					{...{
-						accessLevel: record.accessLevel,
-						email: record.email,
-						joinedOn: record.joinedOn,
-						name: record.name,
-						id: record.id,
-						setDataSource,
-					}}
-				/>
-			),
-		},
-	];
-
-	return (
-		<div className="members-container">
-			<Typography.Title level={3}>
-				Members{' '}
-				{!isLoading && dataSource && (
-					<div className="members-count"> ({dataSource.length}) </div>
-				)}
-			</Typography.Title>
-			{!(error as APIError) && (
-				<ResizeTable
-					columns={columns}
-					tableLayout="fixed"
-					dataSource={dataSource}
-					pagination={false}
-					loading={isLoading}
-					bordered
-				/>
-			)}
-			{(error as APIError) && <ErrorContent error={error as APIError} />}
-		</div>
-	);
-}
-
-interface DataType {
-	id: string;
-	name: string;
-	email: string;
-	accessLevel: ROLES;
-	joinedOn: string;
-}
-
-interface UserFunctionProps extends DataType {
-	setDataSource: Dispatch<SetStateAction<DataType[]>>;
-}
-
-export default Members;

frontend/src/container/OrganizationSettings/PendingInvitesContainer/index.tsx

@@ -1,248 +0,0 @@
-import { useCallback, useEffect, useState } from 'react';
-import { useTranslation } from 'react-i18next';
-import { useQuery } from 'react-query';
-import { useLocation } from 'react-router-dom';
-import { useCopyToClipboard } from 'react-use';
-import { PlusOutlined } from '@ant-design/icons';
-import {
-	Button,
-	Form,
-	Space,
-	TableColumnsType as ColumnsType,
-	Typography,
-} from 'antd';
-import get from 'api/v1/invite/get';
-import deleteInvite from 'api/v1/invite/id/delete';
-import ErrorContent from 'components/ErrorModal/components/ErrorContent';
-import { ResizeTable } from 'components/ResizeTable';
-import { INVITE_MEMBERS_HASH } from 'constants/app';
-import ROUTES from 'constants/routes';
-import { useNotifications } from 'hooks/useNotifications';
-import { useAppContext } from 'providers/App/App';
-import APIError from 'types/api/error';
-import { PendingInvite } from 'types/api/user/getPendingInvites';
-import { ROLES } from 'types/roles';
-
-import InviteUserModal from '../InviteUserModal/InviteUserModal';
-import { TitleWrapper } from './styles';
-
-function PendingInvitesContainer(): JSX.Element {
-	const [
-		isInviteTeamMemberModalOpen,
-		setIsInviteTeamMemberModalOpen,
-	] = useState<boolean>(false);
-	const [form] = Form.useForm<InviteMemberFormValues>();
-	const { t } = useTranslation(['organizationsettings', 'common']);
-	const [state, setText] = useCopyToClipboard();
-	const { notifications } = useNotifications();
-	const { user } = useAppContext();
-
-	useEffect(() => {
-		if (state.error) {
-			notifications.error({
-				message: state.error.message,
-			});
-		}
-
-		if (state.value) {
-			notifications.success({
-				message: t('success', {
-					ns: 'common',
-				}),
-			});
-		}
-	}, [state.error, state.value, t, notifications]);
-
-	const { data, isLoading, error, isError, refetch } = useQuery({
-		queryFn: get,
-		queryKey: ['getPendingInvites', user?.accessJwt],
-	});
-
-	const [dataSource, setDataSource] = useState<DataProps[]>([]);
-
-	const toggleModal = useCallback(
-		(value: boolean): void => {
-			setIsInviteTeamMemberModalOpen(value);
-			if (!value) {
-				form.resetFields();
-			}
-		},
-		[form],
-	);
-
-	const { hash } = useLocation();
-
-	const getParsedInviteData = useCallback(
-		(payload: PendingInvite[] = []) =>
-			payload?.map((data) => ({
-				key: data.createdAt,
-				name: data.name,
-				id: data.id,
-				email: data.email,
-				accessLevel: data.role,
-				inviteLink: `${window.location.origin}${ROUTES.SIGN_UP}?token=${data.token}`,
-			})),
-		[],
-	);
-
-	useEffect(() => {
-		if (hash === INVITE_MEMBERS_HASH) {
-			toggleModal(true);
-		}
-	}, [hash, toggleModal]);
-
-	useEffect(() => {
-		if (data?.data) {
-			const parsedData = getParsedInviteData(data?.data || []);
-			setDataSource(parsedData);
-		}
-	}, [data, getParsedInviteData]);
-
-	const onRevokeHandler = async (id: string): Promise<void> => {
-		try {
-			await deleteInvite({
-				id,
-			});
-			// remove from the client data
-			const index = dataSource.findIndex((e) => e.id === id);
-			if (index !== -1) {
-				setDataSource([
-					...dataSource.slice(0, index),
-					...dataSource.slice(index + 1, dataSource.length),
-				]);
-			}
-			notifications.success({
-				message: t('success', {
-					ns: 'common',
-				}),
-			});
-		} catch (error) {
-			notifications.error({
-				message: (error as APIError).getErrorCode(),
-				description: (error as APIError).getErrorMessage(),
-			});
-		}
-	};
-
-	const columns: ColumnsType<DataProps> = [
-		{
-			title: 'Name',
-			dataIndex: 'name',
-			key: 'name',
-			width: 100,
-		},
-		{
-			title: 'Emails',
-			dataIndex: 'email',
-			key: 'email',
-			width: 80,
-		},
-		{
-			title: 'Access Level',
-			dataIndex: 'accessLevel',
-			key: 'accessLevel',
-			width: 50,
-		},
-		{
-			title: 'Invite Link',
-			dataIndex: 'inviteLink',
-			key: 'Invite Link',
-			ellipsis: true,
-			width: 100,
-		},
-		{
-			title: 'Action',
-			dataIndex: 'action',
-			width: 80,
-			key: 'Action',
-			render: (_, record): JSX.Element => (
-				<Space direction="horizontal">
-					<Typography.Link onClick={(): Promise<void> => onRevokeHandler(record.id)}>
-						Revoke
-					</Typography.Link>
-					<Typography.Link
-						onClick={(): void => {
-							setText(record.inviteLink);
-						}}
-					>
-						Copy Invite Link
-					</Typography.Link>
-				</Space>
-			),
-		},
-	];
-
-	return (
-		<div className="pending-invites-container-wrapper">
-			<InviteUserModal
-				form={form}
-				isInviteTeamMemberModalOpen={isInviteTeamMemberModalOpen}
-				toggleModal={toggleModal}
-				onClose={refetch}
-			/>
-
-			<div className="pending-invites-container">
-				<TitleWrapper>
-					<Typography.Title level={3}>
-						{t('pending_invites')}
-						{dataSource && (
-							<div className="members-count"> ({dataSource.length})</div>
-						)}
-					</Typography.Title>
-
-					<Space>
-						<Button
-							icon={<PlusOutlined />}
-							type="primary"
-							onClick={(): void => {
-								toggleModal(true);
-							}}
-						>
-							{t('invite_members')}
-						</Button>
-					</Space>
-				</TitleWrapper>
-				{!isError && (
-					<ResizeTable
-						columns={columns}
-						tableLayout="fixed"
-						dataSource={dataSource}
-						pagination={false}
-						loading={isLoading}
-						bordered
-					/>
-				)}
-				{isError && <ErrorContent error={error as APIError} />}
-			</div>
-		</div>
-	);
-}
-
-export interface InviteTeamMembersProps {
-	email: string;
-	name: string;
-	role: string;
-	id: string;
-	frontendBaseUrl: string;
-}
-
-interface DataProps {
-	key: number;
-	name: string;
-	id: string;
-	email: string;
-	accessLevel: ROLES;
-	inviteLink: string;
-}
-
-type Role = 'ADMIN' | 'VIEWER' | 'EDITOR';
-
-export interface InviteMemberFormValues {
-	members: {
-		email: string;
-		name: string;
-		role: Role;
-	}[];
-}
-
-export default PendingInvitesContainer;

frontend/src/container/OrganizationSettings/PendingInvitesContainer/styles.tsx

@@ -1,8 +0,0 @@
-import styled from 'styled-components';
-
-export const TitleWrapper = styled.div`
-	display: flex;
-	flex-direction: row;
-	justify-content: space-between;
-	align-items: center;
-`;

frontend/src/container/OrganizationSettings/index.tsx

@@ -3,8 +3,6 @@ import { useAppContext } from 'providers/App/App';
 
 import AuthDomain from './AuthDomain';
 import DisplayName from './DisplayName';
-import Members from './Members';
-import PendingInvitesContainer from './PendingInvitesContainer';
 
 import './OrganizationSettings.styles.scss';
 
@@ -23,9 +21,6 @@ function OrganizationSettings(): JSX.Element {
 				))}
 			</Space>
 
-			<PendingInvitesContainer />
-
-			<Members />
 			<AuthDomain />
 		</div>
 	);

frontend/src/container/OrganizationSettings/tests/OrganizationSettings.test.tsx

@@ -1,37 +0,0 @@
-import { act, render, screen, waitFor } from 'tests/test-utils';
-
-import Members from '../Members';
-
-describe('Organization Settings Page', () => {
-	afterEach(() => {
-		jest.clearAllMocks();
-	});
-
-	it('render list of members', async () => {
-		act(() => {
-			render(<Members />);
-		});
-
-		const title = await screen.findByText(/Members/i);
-		expect(title).toBeInTheDocument();
-
-		await waitFor(() => {
-			expect(screen.getByText('firstUser@test.io')).toBeInTheDocument(); // first item
-			expect(screen.getByText('lastUser@test.io')).toBeInTheDocument(); // last item
-		});
-	});
-
-	// this is required as our edit/delete logic is dependent on the index and it will break with pagination enabled
-	it('render list of members without pagination', async () => {
-		render(<Members />);
-
-		await waitFor(() => {
-			expect(screen.getByText('firstUser@test.io')).toBeInTheDocument(); // first item
-			expect(screen.getByText('lastUser@test.io')).toBeInTheDocument(); // last item
-
-			expect(
-				document.querySelector('.ant-table-pagination'),
-			).not.toBeInTheDocument();
-		});
-	});
-});

frontend/src/container/OrganizationSettings/utils.ts

@@ -0,0 +1,17 @@
+export interface InviteTeamMembersProps {
+	email: string;
+	name: string;
+	role: string;
+	id: string;
+	frontendBaseUrl: string;
+}
+
+type Role = 'ADMIN' | 'VIEWER' | 'EDITOR';
+
+export interface InviteMemberFormValues {
+	members: {
+		email: string;
+		name: string;
+		role: Role;
+	}[];
+}

frontend/src/container/PlannedDowntime/PlannedDowntimeForm.tsx

@@ -33,6 +33,8 @@ import { ALL_TIME_ZONES } from 'utils/timeZoneUtil';
 
 import 'dayjs/locale/en';
 
+import { SOMETHING_WENT_WRONG } from '../../constants/api';
+import { showErrorNotification } from '../../utils/error';
 import { AlertRuleTags } from './PlannedDowntimeList';
 import {
 	createEditDowntimeSchedule,
@@ -175,14 +177,14 @@ export function PlannedDowntimeForm(
 				} else {
 					notifications.error({
 						message: 'Error',
-						description: response.error || 'unexpected_error',
+						description:
+							typeof response.error === 'string'
+								? response.error
+								: response.error?.message || SOMETHING_WENT_WRONG,
 					});
 				}
-			} catch (e) {
-				notifications.error({
-					message: 'Error',
-					description: 'unexpected_error',
-				});
+			} catch (e: unknown) {
+				showErrorNotification(notifications, e as Error);
 			}
 			setSaveLoading(false);
 		},

frontend/src/container/PlannedDowntime/PlannedDowntimeList.tsx

@@ -25,6 +25,7 @@ import { CalendarClock, PenLine, Trash2 } from 'lucide-react';
 import { useAppContext } from 'providers/App/App';
 import { USER_ROLES } from 'types/roles';
 
+import { showErrorNotification } from '../../utils/error';
 import {
 	formatDateTime,
 	getAlertOptionsFromIds,
@@ -359,7 +360,7 @@ export function PlannedDowntimeList({
 
 	useEffect(() => {
 		if (downtimeSchedules.isError) {
-			notifications.error(downtimeSchedules.error);
+			showErrorNotification(notifications, downtimeSchedules.error);
 		}
 	}, [downtimeSchedules.error, downtimeSchedules.isError, notifications]);
 

frontend/src/container/PlannedDowntime/PlannedDowntimeutils.ts

@@ -137,7 +137,10 @@ export const deleteDowntimeHandler = ({
 
 export const createEditDowntimeSchedule = async (
 	props: DowntimeScheduleUpdatePayload,
-): Promise<SuccessResponse<PayloadProps> | ErrorResponse> => {
+): Promise<
+	| SuccessResponse<PayloadProps>
+	| ErrorResponse<{ code: string; message: string } | string>
+> => {
 	if (props.id) {
 		return updateDowntimeSchedule({ ...props });
 	}

frontend/src/container/QueryBuilder/filters/QueryBuilderSearchV2/QueryBuilderSearchV2.tsx

@@ -100,6 +100,17 @@ interface QueryBuilderSearchV2Props {
 	// Determines whether to call onChange when a tag is closed
 	triggerOnChangeOnClose?: boolean;
 	skipQueryBuilderRedirect?: boolean;
+	/** Additional props passed through to the underlying Ant Design Select (e.g. listHeight, listItemHeight) */
+	selectProps?: Partial<
+		Pick<
+			React.ComponentProps<typeof Select>,
+			| 'listHeight'
+			| 'listItemHeight'
+			| 'popupClassName'
+			| 'dropdownMatchSelectWidth'
+			| 'popupMatchSelectWidth'
+		>
+	>;
 }
 
 export interface Option {
@@ -142,6 +153,7 @@ function QueryBuilderSearchV2(
 		hideSpanScopeSelector,
 		triggerOnChangeOnClose,
 		skipQueryBuilderRedirect,
+		selectProps,
 	} = props;
 
 	const { registerShortcut, deregisterShortcut } = useKeyboardHotkeys();
@@ -972,6 +984,7 @@ function QueryBuilderSearchV2(
 	return (
 		<div className="query-builder-search-v2">
 			<Select
+				{...selectProps}
 				data-testid={'qb-search-select'}
 				ref={selectRef}
 				{...(hasPopupContainer ? { getPopupContainer: popupContainer } : {})}
@@ -1077,6 +1090,7 @@ QueryBuilderSearchV2.defaultProps = {
 	hideSpanScopeSelector: true,
 	triggerOnChangeOnClose: false,
 	skipQueryBuilderRedirect: false,
+	selectProps: undefined,
 };
 
 export default QueryBuilderSearchV2;

frontend/src/container/SideNav/menuItems.tsx

@@ -35,6 +35,7 @@ import {
 	Unplug,
 	User,
 	UserPlus,
+	Users,
 } from 'lucide-react';
 
 import {
@@ -350,6 +351,13 @@ export const settingsNavSections: SettingsNavSection[] = [
 				isEnabled: false,
 				itemKey: 'roles',
 			},
+			{
+				key: ROUTES.MEMBERS_SETTINGS,
+				label: 'Members',
+				icon: <Users size={16} />,
+				isEnabled: false,
+				itemKey: 'members',
+			},
 			{
 				key: ROUTES.API_KEYS,
 				label: 'API Keys',
@@ -372,10 +380,10 @@ export const settingsNavSections: SettingsNavSection[] = [
 		items: [
 			{
 				key: ROUTES.ORG_SETTINGS,
-				label: 'Members & SSO',
+				label: 'Single Sign-on',
 				icon: <User size={16} />,
 				isEnabled: false,
-				itemKey: 'members-sso',
+				itemKey: 'sso',
 			},
 		],
 	},

frontend/src/container/TopNav/DateTimeSelectionV2/constants.ts

@@ -153,6 +153,7 @@ export const routesToSkip = [
 	ROUTES.VERSION,
 	ROUTES.ALL_DASHBOARD,
 	ROUTES.ORG_SETTINGS,
+	ROUTES.MEMBERS_SETTINGS,
 	ROUTES.INGESTION_SETTINGS,
 	ROUTES.API_KEYS,
 	ROUTES.ERROR_DETAIL,

frontend/src/container/TraceWaterfall/TraceWaterfallStates/Success/Filters/Filters.tsx

@@ -160,6 +160,7 @@ function Filters({
 				onChange={handleFilterChange}
 				hideSpanScopeSelector={false}
 				skipQueryBuilderRedirect
+				selectProps={{ listHeight: 125 }}
 			/>
 			{filteredSpanIds.length > 0 && (
 				<div className="pre-next-toggle">

frontend/src/pages/MembersSettings/index.tsx

@@ -0,0 +1,7 @@
+import MembersSettingsContainer from 'container/MembersSettings/MembersSettings';
+
+function MembersSettings(): JSX.Element {
+	return <MembersSettingsContainer />;
+}
+
+export default MembersSettings;

frontend/src/pages/Settings/Settings.tsx

@@ -83,6 +83,7 @@ function SettingsPage(): JSX.Element {
 							item.key === ROUTES.API_KEYS ||
 							item.key === ROUTES.INGESTION_SETTINGS ||
 							item.key === ROUTES.ORG_SETTINGS ||
+							item.key === ROUTES.MEMBERS_SETTINGS ||
 							item.key === ROUTES.SHORTCUTS
 								? true
 								: item.isEnabled,
@@ -113,6 +114,7 @@ function SettingsPage(): JSX.Element {
 							item.key === ROUTES.INTEGRATIONS ||
 							item.key === ROUTES.API_KEYS ||
 							item.key === ROUTES.ORG_SETTINGS ||
+							item.key === ROUTES.MEMBERS_SETTINGS ||
 							item.key === ROUTES.INGESTION_SETTINGS
 								? true
 								: item.isEnabled,
@@ -136,7 +138,9 @@ function SettingsPage(): JSX.Element {
 					updatedItems = updatedItems.map((item) => ({
 						...item,
 						isEnabled:
-							item.key === ROUTES.API_KEYS || item.key === ROUTES.ORG_SETTINGS
+							item.key === ROUTES.API_KEYS ||
+							item.key === ROUTES.ORG_SETTINGS ||
+							item.key === ROUTES.MEMBERS_SETTINGS
 								? true
 								: item.isEnabled,
 					}));

frontend/src/pages/Settings/__tests__/Settings.test.tsx

@@ -52,8 +52,9 @@ describe('SettingsPage nav sections', () => {
 			'notification-channels',
 			'billing',
 			'roles',
+			'members',
 			'api-keys',
-			'members-sso',
+			'sso',
 			'integrations',
 			'ingestion',
 		])('renders "%s" element', (id) => {
@@ -98,7 +99,7 @@ describe('SettingsPage nav sections', () => {
 			});
 		});
 
-		it.each(['roles', 'api-keys', 'integrations', 'members-sso', 'ingestion'])(
+		it.each(['roles', 'members', 'api-keys', 'integrations', 'sso', 'ingestion'])(
 			'renders "%s" element',
 			(id) => {
 				expect(screen.getByTestId(id)).toBeInTheDocument();

frontend/src/pages/Settings/config.tsx

@@ -26,8 +26,10 @@ import {
 	Plus,
 	Shield,
 	User,
+	Users,
 } from 'lucide-react';
 import ChannelsEdit from 'pages/ChannelsEdit';
+import MembersSettings from 'pages/MembersSettings';
 import Shortcuts from 'pages/Shortcuts';
 
 export const organizationSettings = (t: TFunction): RouteTabProps['routes'] => [
@@ -136,6 +138,19 @@ export const billingSettings = (t: TFunction): RouteTabProps['routes'] => [
 	},
 ];
 
+export const membersSettings = (t: TFunction): RouteTabProps['routes'] => [
+	{
+		Component: MembersSettings,
+		name: (
+			<div className="periscope-tab">
+				<Users size={16} /> {t('routes:members').toString()}
+			</div>
+		),
+		route: ROUTES.MEMBERS_SETTINGS,
+		key: ROUTES.MEMBERS_SETTINGS,
+	},
+];
+
 export const rolesSettings = (t: TFunction): RouteTabProps['routes'] => [
 	{
 		Component: RolesSettings,

frontend/src/pages/Settings/utils.ts

@@ -11,6 +11,7 @@ import {
 	generalSettings,
 	ingestionSettings,
 	keyboardShortcuts,
+	membersSettings,
 	multiIngestionSettings,
 	mySettings,
 	organizationSettings,
@@ -60,7 +61,7 @@ export const getRoutes = (
 	settings.push(...alertChannels(t));
 
 	if (isAdmin) {
-		settings.push(...apiKeys(t));
+		settings.push(...apiKeys(t), ...membersSettings(t));
 	}
 
 	// todo: Sagar - check the condition for role list and details page, to whom we want to serve

frontend/src/types/api/index.ts

@@ -3,10 +3,10 @@ import { ErrorStatusCode, SuccessStatusCode } from 'types/common';
 
 export type ApiResponse<T> = { data: T };
 
-export interface ErrorResponse {
+export interface ErrorResponse<ErrorObject = string> {
 	statusCode: ErrorStatusCode;
 	payload: null;
-	error: string;
+	error: ErrorObject;
 	message: string | null;
 	body?: string | null;
 }

frontend/src/types/api/user/getUser.ts

@@ -14,6 +14,7 @@ export interface UserResponse {
 	orgId: string;
 	organization: string;
 	role: ROLES;
+	updatedAt?: number;
 }
 export interface PayloadProps {
 	data: UserResponse;

frontend/src/types/api/user/getUsers.ts

@@ -8,6 +8,7 @@ export interface UserResponse {
 	orgId: string;
 	organization: string;
 	role: ROLES;
+	updatedAt?: number;
 }
 export interface PayloadProps {
 	data: UserResponse[];

frontend/src/utils/app.ts

@@ -71,3 +71,5 @@ export function buildAbsolutePath({
 
 	return urlQueryString ? `${absolutePath}?${urlQueryString}` : absolutePath;
 }
+
+export const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;

frontend/src/utils/permission/index.ts

@@ -99,6 +99,7 @@ export const routePermission: Record<keyof typeof ROUTES, ROLES[]> = {
 	WORKSPACE_SUSPENDED: ['ADMIN', 'EDITOR', 'VIEWER'],
 	ROLES_SETTINGS: ['ADMIN'],
 	ROLE_DETAILS: ['ADMIN'],
+	MEMBERS_SETTINGS: ['ADMIN'],
 	BILLING: ['ADMIN'],
 	SUPPORT: ['ADMIN', 'EDITOR', 'VIEWER'],
 	SOMETHING_WENT_WRONG: ['ADMIN', 'EDITOR', 'VIEWER'],

frontend/yarn.lock

@@ -4439,7 +4439,7 @@
     aria-hidden "^1.1.1"
     react-remove-scroll "2.5.4"
 
-"@radix-ui/react-dialog@^1.1.11", "@radix-ui/react-dialog@^1.1.6":
+"@radix-ui/react-dialog@^1.1.1", "@radix-ui/react-dialog@^1.1.11", "@radix-ui/react-dialog@^1.1.6":
   version "1.1.15"
   resolved "https://registry.yarnpkg.com/@radix-ui/react-dialog/-/react-dialog-1.1.15.tgz#1de3d7a7e9a17a9874d29c07f5940a18a119b632"
   integrity sha512-TCglVRtzlffRNxRMEyR36DGBLJpeusFcgMVD9PZEzAKnUs1lKCgX5u9BmC2Yg+LL9MgZDugFFs1Vl+Jp4t/PGw==
@@ -5519,6 +5519,21 @@
     tailwind-merge "^2.5.2"
     tailwindcss-animate "^1.0.7"
 
+"@signozhq/drawer@0.0.4":
+  version "0.0.4"
+  resolved "https://registry.yarnpkg.com/@signozhq/drawer/-/drawer-0.0.4.tgz#7c6e6779602113f55df8a55076e68b9cc13c7d79"
+  integrity sha512-m/shStl5yVPjHjrhDAh3EeKqqTtMmZUBVlgJPUGgoNV3sFsuN6JNaaAtEJI8cQBWkbEEiHLWKVkL/vhbQ7YrUg==
+  dependencies:
+    "@radix-ui/react-dialog" "^1.1.11"
+    "@radix-ui/react-icons" "^1.3.0"
+    "@radix-ui/react-slot" "^1.1.0"
+    class-variance-authority "^0.7.0"
+    clsx "^2.1.1"
+    lucide-react "^0.445.0"
+    tailwind-merge "^2.5.2"
+    tailwindcss-animate "^1.0.7"
+    vaul "^1.1.2"
+
 "@signozhq/icons@0.1.0", "@signozhq/icons@^0.1.0":
   version "0.1.0"
   resolved "https://registry.yarnpkg.com/@signozhq/icons/-/icons-0.1.0.tgz#00dfb430dbac423bfff715876f91a7b8a72509e4"
@@ -19660,6 +19675,13 @@ value-equal@^1.0.1:
   resolved "https://registry.npmjs.org/value-equal/-/value-equal-1.0.1.tgz"
   integrity sha512-NOJ6JZCAWr0zlxZt+xqCHNTEKOsrks2HQd4MqhP1qy4z1SkbEP467eNx6TgDKXMvUOb+OENfJCZwM+16n7fRfw==
 
+vaul@^1.1.2:
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/vaul/-/vaul-1.1.2.tgz#c959f8b9dc2ed4f7d99366caee433fbef91f5ba9"
+  integrity sha512-ZFkClGpWyI2WUQjdLJ/BaGuV6AVQiJ3uELGk3OYtP+B6yCO7Cmn9vPFXVJkRaGkOJu3m8bQMgtyzNHixULceQA==
+  dependencies:
+    "@radix-ui/react-dialog" "^1.1.1"
+
 vfile-location@^4.0.0:
   version "4.1.0"
   resolved "https://registry.yarnpkg.com/vfile-location/-/vfile-location-4.1.0.tgz#69df82fb9ef0a38d0d02b90dd84620e120050dd0"

pkg/apiserver/signozapiserver/user.go

@@ -32,7 +32,7 @@ func (provider *provider) addUserRoutes(router *mux.Router) error {
 		Tags:               []string{"users"},
 		Summary:            "Create bulk invite",
 		Description:        "This endpoint creates a bulk invite for a user",
-		Request:            make([]*types.PostableInvite, 0),
+		Request:            new(types.PostableBulkInviteRequest),
 		RequestContentType: "application/json",
 		Response:           nil,
 		SuccessStatusCode:  http.StatusCreated,

pkg/authn/authnstore/sqlauthnstore/store.go

@@ -17,7 +17,7 @@ func NewStore(sqlstore sqlstore.SQLStore) authtypes.AuthNStore {
 	return &store{sqlstore: sqlstore}
 }
 
-func (store *store) GetUserAndFactorPasswordByEmailAndOrgID(ctx context.Context, email string, orgID valuer.UUID) (*types.User, *types.FactorPassword, error) {
+func (store *store) GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx context.Context, email string, orgID valuer.UUID) (*types.User, *types.FactorPassword, error) {
 	user := new(types.User)
 	factorPassword := new(types.FactorPassword)
 
@@ -28,6 +28,7 @@ func (store *store) GetUserAndFactorPasswordByEmailAndOrgID(ctx context.Context,
 		Model(user).
 		Where("email = ?", email).
 		Where("org_id = ?", orgID).
+		Where("status = ?", types.UserStatusActive.StringValue()).
 		Scan(ctx)
 	if err != nil {
 		return nil, nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with email %s in org %s not found", email, orgID)

pkg/authn/passwordauthn/emailpasswordauthn/authn.go

@@ -21,7 +21,7 @@ func New(store authtypes.AuthNStore) *AuthN {
 }
 
 func (a *AuthN) Authenticate(ctx context.Context, email string, password string, orgID valuer.UUID) (*authtypes.Identity, error) {
-	user, factorPassword, err := a.store.GetUserAndFactorPasswordByEmailAndOrgID(ctx, email, orgID)
+	user, factorPassword, err := a.store.GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx, email, orgID)
 	if err != nil {
 		return nil, err
 	}

pkg/modules/session/implsession/module.go

@@ -65,6 +65,9 @@ func (module *module) GetSessionContext(ctx context.Context, email valuer.Email,
 		return nil, err
 	}
 
+	// filter out deleted users
+	users = slices.DeleteFunc(users, func(user *types.User) bool { return user.ErrIfDeleted() != nil })
+
 	// Since email is a valuer, we can be sure that it is a valid email and we can split it to get the domain name.
 	name := strings.Split(email.String(), "@")[1]
 
@@ -141,7 +144,7 @@ func (module *module) CreateCallbackAuthNSession(ctx context.Context, authNProvi
 	roleMapping := authDomain.AuthDomainConfig().RoleMapping
 	role := roleMapping.NewRoleFromCallbackIdentity(callbackIdentity)
 
-	user, err := types.NewUser(callbackIdentity.Name, callbackIdentity.Email, role, callbackIdentity.OrgID)
+	user, err := types.NewUser(callbackIdentity.Name, callbackIdentity.Email, role, callbackIdentity.OrgID, types.UserStatusActive)
 	if err != nil {
 		return "", err
 	}

pkg/modules/user/impluser/getter.go

@@ -86,6 +86,15 @@ func (module *getter) CountByOrgID(ctx context.Context, orgID valuer.UUID) (int6
 	return count, nil
 }
 
+func (module *getter) CountByOrgIDAndStatuses(ctx context.Context, orgID valuer.UUID, statuses []string) (map[valuer.String]int64, error) {
+	counts, err := module.store.CountByOrgIDAndStatuses(ctx, orgID, statuses)
+	if err != nil {
+		return nil, err
+	}
+
+	return counts, nil
+}
+
 func (module *getter) GetFactorPasswordByUserID(ctx context.Context, userID valuer.UUID) (*types.FactorPassword, error) {
 	factorPassword, err := module.store.GetPasswordByUserID(ctx, userID)
 	if err != nil {

pkg/modules/user/impluser/handler.go

@@ -149,16 +149,11 @@ func (h *handler) DeleteInvite(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	uuid, err := valuer.NewUUID(id)
-	if err != nil {
-		render.Error(w, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgId is invalid"))
-		return
-	}
-
-	if err := h.module.DeleteInvite(ctx, claims.OrgID, uuid); err != nil {
+	if err := h.module.DeleteUser(ctx, valuer.MustNewUUID(claims.OrgID), id, claims.UserID); err != nil {
 		render.Error(w, err)
 		return
 	}
+
 	render.Success(w, http.StatusNoContent, nil)
 }
 

pkg/modules/user/impluser/module.go

@@ -2,7 +2,6 @@ package impluser
 
 import (
 	"context"
-	"fmt"
 	"slices"
 	"strings"
 	"time"
@@ -52,39 +51,50 @@ func NewModule(store types.UserStore, tokenizer tokenizer.Tokenizer, emailing em
 }
 
 func (m *Module) AcceptInvite(ctx context.Context, token string, password string) (*types.User, error) {
-	invite, err := m.store.GetInviteByToken(ctx, token)
+	// get the user by reset password token
+	user, err := m.store.GetUserByResetPasswordToken(ctx, token)
 	if err != nil {
 		return nil, err
 	}
 
-	user, err := types.NewUser(invite.Name, invite.Email, invite.Role, invite.OrgID)
+	// update the password and delete the token
+	err = m.UpdatePasswordByResetPasswordToken(ctx, token, password)
 	if err != nil {
 		return nil, err
 	}
 
-	factorPassword, err := types.NewFactorPassword(password, user.ID.StringValue())
+	// query the user again
+	user, err = m.store.GetByOrgIDAndID(ctx, user.OrgID, user.ID)
 	if err != nil {
 		return nil, err
 	}
 
-	err = m.CreateUser(ctx, user, root.WithFactorPassword(factorPassword))
-	if err != nil {
-		return nil, err
-	}
-
-	if err := m.DeleteInvite(ctx, invite.OrgID.String(), invite.ID); err != nil {
-		return nil, err
-	}
-
 	return user, nil
 }
 
 func (m *Module) GetInviteByToken(ctx context.Context, token string) (*types.Invite, error) {
-	invite, err := m.store.GetInviteByToken(ctx, token)
+	// get the user
+	user, err := m.store.GetUserByResetPasswordToken(ctx, token)
 	if err != nil {
 		return nil, err
 	}
 
+	// create a dummy invite obj for backward compatibility
+	invite := &types.Invite{
+		Identifiable: types.Identifiable{
+			ID: user.ID,
+		},
+		Name:  user.DisplayName,
+		Email: user.Email,
+		Token: token,
+		Role:  user.Role,
+		OrgID: user.OrgID,
+		TimeAuditable: types.TimeAuditable{
+			CreatedAt: user.CreatedAt,
+			UpdatedAt: user.UpdatedAt,
+		},
+	}
+
 	return invite, nil
 }
 
@@ -95,80 +105,160 @@ func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID
 		return nil, err
 	}
 
-	invites := make([]*types.Invite, 0, len(bulkInvites.Invites))
-
-	for _, invite := range bulkInvites.Invites {
-		// check if user exists
-		existingUser, err := m.store.GetUserByEmailAndOrgID(ctx, invite.Email, orgID)
-		if err != nil && !errors.Ast(err, errors.TypeNotFound) {
-			return nil, err
-		}
-
-		if existingUser != nil {
-			if err := existingUser.ErrIfRoot(); err != nil {
-				return nil, errors.WithAdditionalf(err, "cannot send invite to root user")
-			}
-		}
-
-		if existingUser != nil {
-			return nil, errors.New(errors.TypeAlreadyExists, errors.CodeAlreadyExists, "User already exists with the same email")
-		}
-
-		// Check if an invite already exists
-		existingInvite, err := m.store.GetInviteByEmailAndOrgID(ctx, invite.Email, orgID)
-		if err != nil && !errors.Ast(err, errors.TypeNotFound) {
-			return nil, err
-		}
-		if existingInvite != nil {
-			return nil, errors.New(errors.TypeAlreadyExists, errors.CodeAlreadyExists, "An invite already exists for this email")
-		}
-
-		role, err := types.NewRole(invite.Role.String())
-		if err != nil {
-			return nil, err
-		}
-
-		newInvite, err := types.NewInvite(invite.Name, role, orgID, invite.Email)
-		if err != nil {
-			return nil, err
-		}
-
-		newInvite.InviteLink = fmt.Sprintf("%s/signup?token=%s", invite.FrontendBaseUrl, newInvite.Token)
-		invites = append(invites, newInvite)
+	// validate all emails to be invited
+	emails := make([]string, len(bulkInvites.Invites))
+	for idx, invite := range bulkInvites.Invites {
+		emails[idx] = invite.Email.StringValue()
 	}
-
-	err = m.store.CreateBulkInvite(ctx, invites)
+	users, err := m.store.GetUsersByEmailsOrgIDAndStatuses(ctx, orgID, emails, []string{types.UserStatusActive.StringValue(), types.UserStatusPendingInvite.StringValue()})
 	if err != nil {
 		return nil, err
 	}
 
-	for i := 0; i < len(invites); i++ {
-		m.analytics.TrackUser(ctx, orgID.String(), creator.ID.String(), "Invite Sent", map[string]any{"invitee_email": invites[i].Email, "invitee_role": invites[i].Role})
+	if len(users) > 0 {
+		for _, existingUser := range users {
+			if err := existingUser.ErrIfRoot(); err != nil {
+				return nil, errors.WithAdditionalf(err, "Cannot send invite to root user")
+			}
+		}
 
-		// if the frontend base url is not provided, we don't send the email
-		if bulkInvites.Invites[i].FrontendBaseUrl == "" {
-			m.settings.Logger().InfoContext(ctx, "frontend base url is not provided, skipping email", "invitee_email", invites[i].Email)
+		if users[0].Status == types.UserStatusPendingInvite {
+			return nil, errors.Newf(errors.TypeAlreadyExists, errors.CodeAlreadyExists, "An invite already exists for this email: %s", users[0].Email.StringValue())
+		}
+
+		return nil, errors.Newf(errors.TypeAlreadyExists, errors.CodeAlreadyExists, "User already exists with this email: %s", users[0].Email.StringValue())
+	}
+
+	type userWithResetToken struct {
+		User               *types.User
+		ResetPasswordToken *types.ResetPasswordToken
+	}
+
+	newUsersWithResetToken := make([]*userWithResetToken, len(bulkInvites.Invites))
+
+	if err := m.store.RunInTx(ctx, func(ctx context.Context) error {
+		for idx, invite := range bulkInvites.Invites {
+			role, err := types.NewRole(invite.Role.String())
+			if err != nil {
+				return err
+			}
+
+			// create a new user with pending invite status
+			newUser, err := types.NewUser(invite.Name, invite.Email, role, orgID, types.UserStatusPendingInvite)
+			if err != nil {
+				return err
+			}
+
+			// store the user and password in db
+			err = m.createUserWithoutGrant(ctx, newUser)
+			if err != nil {
+				return err
+			}
+
+			// generate reset password token
+			resetPasswordToken, err := m.GetOrCreateResetPasswordToken(ctx, newUser.ID)
+			if err != nil {
+				m.settings.Logger().ErrorContext(ctx, "failed to create reset password token for invited user", "error", err)
+				return err
+			}
+
+			newUsersWithResetToken[idx] = &userWithResetToken{
+				User:               newUser,
+				ResetPasswordToken: resetPasswordToken,
+			}
+		}
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	invites := make([]*types.Invite, len(bulkInvites.Invites))
+
+	// send password reset emails to all the invited users
+	for idx, userWithToken := range newUsersWithResetToken {
+		m.analytics.TrackUser(ctx, orgID.String(), creator.ID.String(), "Invite Sent", map[string]any{
+			"invitee_email": userWithToken.User.Email,
+			"invitee_role":  userWithToken.User.Role,
+		})
+
+		invite := &types.Invite{
+			Identifiable: types.Identifiable{
+				ID: userWithToken.User.ID,
+			},
+			Name:  userWithToken.User.DisplayName,
+			Email: userWithToken.User.Email,
+			Token: userWithToken.ResetPasswordToken.Token,
+			Role:  userWithToken.User.Role,
+			OrgID: userWithToken.User.OrgID,
+			TimeAuditable: types.TimeAuditable{
+				CreatedAt: userWithToken.User.CreatedAt,
+				UpdatedAt: userWithToken.User.UpdatedAt,
+			},
+		}
+
+		invites[idx] = invite
+
+		frontendBaseUrl := bulkInvites.Invites[idx].FrontendBaseUrl
+		if frontendBaseUrl == "" {
+			m.settings.Logger().InfoContext(ctx, "frontend base url is not provided, skipping email", "invitee_email", userWithToken.User.Email)
 			continue
 		}
 
-		if err := m.emailing.SendHTML(ctx, invites[i].Email.String(), "You're Invited to Join SigNoz", emailtypes.TemplateNameInvitationEmail, map[string]any{
-			"inviter_email": creator.Email,
-			"link":          fmt.Sprintf("%s/signup?token=%s", bulkInvites.Invites[i].FrontendBaseUrl, invites[i].Token),
-		}); err != nil {
-			m.settings.Logger().ErrorContext(ctx, "failed to send email", "error", err)
-		}
+		resetLink := userWithToken.ResetPasswordToken.FactorPasswordResetLink(frontendBaseUrl)
 
+		tokenLifetime := m.config.Password.Reset.MaxTokenLifetime
+		humanizedTokenLifetime := strings.TrimSpace(humanize.RelTime(time.Now(), time.Now().Add(tokenLifetime), "", ""))
+
+		if err := m.emailing.SendHTML(ctx, userWithToken.User.Email.String(), "You're Invited to Join SigNoz", emailtypes.TemplateNameInvitationEmail, map[string]any{
+			"inviter_email": creator.Email,
+			"link":          resetLink,
+			"Expiry":        humanizedTokenLifetime,
+		}); err != nil {
+			m.settings.Logger().ErrorContext(ctx, "failed to send invite email", "error", err)
+		}
 	}
 
 	return invites, nil
 }
 
 func (m *Module) ListInvite(ctx context.Context, orgID string) ([]*types.Invite, error) {
-	return m.store.ListInvite(ctx, orgID)
-}
+	// find all the users with pending_invite status
+	users, err := m.store.ListUsersByOrgID(ctx, valuer.MustNewUUID(orgID))
+	if err != nil {
+		return nil, err
+	}
 
-func (m *Module) DeleteInvite(ctx context.Context, orgID string, id valuer.UUID) error {
-	return m.store.DeleteInvite(ctx, orgID, id)
+	pendingUsers := slices.DeleteFunc(users, func(user *types.User) bool { return user.Status != types.UserStatusPendingInvite })
+
+	var invites []*types.Invite
+
+	for _, pUser := range pendingUsers {
+		// get the reset password token
+		resetPasswordToken, err := m.GetOrCreateResetPasswordToken(ctx, pUser.ID)
+		if err != nil {
+			return nil, err
+		}
+
+		// create a dummy invite obj for backward compatibility
+		invite := &types.Invite{
+			Identifiable: types.Identifiable{
+				ID: pUser.ID,
+			},
+			Name:  pUser.DisplayName,
+			Email: pUser.Email,
+			Token: resetPasswordToken.Token,
+			Role:  pUser.Role,
+			OrgID: pUser.OrgID,
+			TimeAuditable: types.TimeAuditable{
+				CreatedAt: pUser.CreatedAt,
+				UpdatedAt: pUser.UpdatedAt, // dummy
+			},
+		}
+
+		invites = append(invites, invite)
+	}
+
+	return invites, nil
 }
 
 func (module *Module) CreateUser(ctx context.Context, input *types.User, opts ...root.CreateUserOption) error {
@@ -213,6 +303,14 @@ func (m *Module) UpdateUser(ctx context.Context, orgID valuer.UUID, id string, u
 		return nil, errors.WithAdditionalf(err, "cannot update root user")
 	}
 
+	if err := existingUser.ErrIfDeleted(); err != nil {
+		return nil, errors.WithAdditionalf(err, "cannot update deleted user")
+	}
+
+	if err := existingUser.ErrIfPending(); err != nil {
+		return nil, errors.WithAdditionalf(err, "cannot update pending user")
+	}
+
 	requestor, err := m.store.GetUser(ctx, valuer.MustNewUUID(updatedBy))
 	if err != nil {
 		return nil, err
@@ -224,7 +322,7 @@ func (m *Module) UpdateUser(ctx context.Context, orgID valuer.UUID, id string, u
 
 	// Make sure that the request is not demoting the last admin user.
 	if user.Role != "" && user.Role != existingUser.Role && existingUser.Role == types.RoleAdmin {
-		adminUsers, err := m.store.GetUsersByRoleAndOrgID(ctx, types.RoleAdmin, orgID)
+		adminUsers, err := m.store.GetActiveUsersByRoleAndOrgID(ctx, types.RoleAdmin, orgID)
 		if err != nil {
 			return nil, err
 		}
@@ -280,12 +378,16 @@ func (module *Module) DeleteUser(ctx context.Context, orgID valuer.UUID, id stri
 		return errors.WithAdditionalf(err, "cannot delete root user")
 	}
 
+	if err := user.ErrIfDeleted(); err != nil {
+		return errors.WithAdditionalf(err, "cannot delete already deleted user")
+	}
+
 	if slices.Contains(integrationtypes.AllIntegrationUserEmails, integrationtypes.IntegrationUserEmail(user.Email.String())) {
 		return errors.New(errors.TypeForbidden, errors.CodeForbidden, "integration user cannot be deleted")
 	}
 
 	// don't allow to delete the last admin user
-	adminUsers, err := module.store.GetUsersByRoleAndOrgID(ctx, types.RoleAdmin, orgID)
+	adminUsers, err := module.store.GetActiveUsersByRoleAndOrgID(ctx, types.RoleAdmin, orgID)
 	if err != nil {
 		return err
 	}
@@ -300,7 +402,8 @@ func (module *Module) DeleteUser(ctx context.Context, orgID valuer.UUID, id stri
 		return err
 	}
 
-	if err := module.store.DeleteUser(ctx, orgID.String(), user.ID.StringValue()); err != nil {
+	// for now we are only soft deleting users
+	if err := module.store.SoftDeleteUser(ctx, orgID.String(), user.ID.StringValue()); err != nil {
 		return err
 	}
 
@@ -321,6 +424,10 @@ func (module *Module) GetOrCreateResetPasswordToken(ctx context.Context, userID
 		return nil, errors.WithAdditionalf(err, "cannot reset password for root user")
 	}
 
+	if err := user.ErrIfDeleted(); err != nil {
+		return nil, errors.New(errors.TypeForbidden, errors.CodeForbidden, "user has been deleted")
+	}
+
 	password, err := module.store.GetPasswordByUserID(ctx, userID)
 	if err != nil {
 		if !errors.Ast(err, errors.TypeNotFound) {
@@ -375,7 +482,7 @@ func (module *Module) ForgotPassword(ctx context.Context, orgID valuer.UUID, ema
 		return errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "Users are not allowed to reset their password themselves, please contact an admin to reset your password.")
 	}
 
-	user, err := module.store.GetUserByEmailAndOrgID(ctx, email, orgID)
+	user, err := module.GetNonDeletedUserByEmailAndOrgID(ctx, email, orgID)
 	if err != nil {
 		if errors.Ast(err, errors.TypeNotFound) {
 			return nil // for security reasons
@@ -393,7 +500,7 @@ func (module *Module) ForgotPassword(ctx context.Context, orgID valuer.UUID, ema
 		return err
 	}
 
-	resetLink := fmt.Sprintf("%s/password-reset?token=%s", frontendBaseURL, token.Token)
+	resetLink := token.FactorPasswordResetLink(frontendBaseURL)
 
 	tokenLifetime := module.config.Password.Reset.MaxTokenLifetime
 	humanizedTokenLifetime := strings.TrimSpace(humanize.RelTime(time.Now(), time.Now().Add(tokenLifetime), "", ""))
@@ -435,6 +542,11 @@ func (module *Module) UpdatePasswordByResetPasswordToken(ctx context.Context, to
 		return err
 	}
 
+	// handle deleted user
+	if err := user.ErrIfDeleted(); err != nil {
+		return errors.WithAdditionalf(err, "deleted users cannot reset their password")
+	}
+
 	if err := user.ErrIfRoot(); err != nil {
 		return errors.WithAdditionalf(err, "cannot reset password for root user")
 	}
@@ -443,7 +555,38 @@ func (module *Module) UpdatePasswordByResetPasswordToken(ctx context.Context, to
 		return err
 	}
 
-	return module.store.UpdatePassword(ctx, password)
+	// since grant is idempotent, multiple calls won't cause issues in case of retries
+	if user.Status == types.UserStatusPendingInvite {
+		if err = module.authz.Grant(
+			ctx,
+			user.OrgID,
+			[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)},
+			authtypes.MustNewSubject(authtypes.TypeableUser, user.ID.StringValue(), user.OrgID, nil),
+		); err != nil {
+			return err
+		}
+	}
+
+	return module.store.RunInTx(ctx, func(ctx context.Context) error {
+		if user.Status == types.UserStatusPendingInvite {
+			if err := user.UpdateStatus(types.UserStatusActive); err != nil {
+				return err
+			}
+			if err := module.store.UpdateUser(ctx, user.OrgID, user); err != nil {
+				return err
+			}
+		}
+
+		if err := module.store.UpdatePassword(ctx, password); err != nil {
+			return err
+		}
+
+		if err := module.store.DeleteResetPasswordTokenByPasswordID(ctx, password.ID); err != nil {
+			return err
+		}
+
+		return nil
+	})
 }
 
 func (module *Module) UpdatePassword(ctx context.Context, userID valuer.UUID, oldpasswd string, passwd string) error {
@@ -452,6 +595,10 @@ func (module *Module) UpdatePassword(ctx context.Context, userID valuer.UUID, ol
 		return err
 	}
 
+	if err := user.ErrIfDeleted(); err != nil {
+		return errors.WithAdditionalf(err, "cannot change password for deleted user")
+	}
+
 	if err := user.ErrIfRoot(); err != nil {
 		return errors.WithAdditionalf(err, "cannot change password for root user")
 	}
@@ -469,7 +616,17 @@ func (module *Module) UpdatePassword(ctx context.Context, userID valuer.UUID, ol
 		return err
 	}
 
-	if err := module.store.UpdatePassword(ctx, password); err != nil {
+	if err := module.store.RunInTx(ctx, func(ctx context.Context) error {
+		if err := module.store.UpdatePassword(ctx, password); err != nil {
+			return err
+		}
+
+		if err := module.store.DeleteResetPasswordTokenByPasswordID(ctx, password.ID); err != nil {
+			return err
+		}
+
+		return nil
+	}); err != nil {
 		return err
 	}
 
@@ -477,7 +634,7 @@ func (module *Module) UpdatePassword(ctx context.Context, userID valuer.UUID, ol
 }
 
 func (module *Module) GetOrCreateUser(ctx context.Context, user *types.User, opts ...root.CreateUserOption) (*types.User, error) {
-	existingUser, err := module.store.GetUserByEmailAndOrgID(ctx, user.Email, user.OrgID)
+	existingUser, err := module.GetNonDeletedUserByEmailAndOrgID(ctx, user.Email, user.OrgID)
 	if err != nil {
 		if !errors.Ast(err, errors.TypeNotFound) {
 			return nil, err
@@ -485,6 +642,16 @@ func (module *Module) GetOrCreateUser(ctx context.Context, user *types.User, opt
 	}
 
 	if existingUser != nil {
+		// for users logging through SSO flow but are having status as pending_invite
+		if existingUser.Status == types.UserStatusPendingInvite {
+			// respect the role coming from the SSO
+			existingUser.Update("", user.Role)
+			// activate the user
+			if err = module.activatePendingUser(ctx, existingUser); err != nil {
+				return nil, err
+			}
+		}
+
 		return existingUser, nil
 	}
 
@@ -561,12 +728,15 @@ func (module *Module) CreateFirstUser(ctx context.Context, organization *types.O
 
 func (module *Module) Collect(ctx context.Context, orgID valuer.UUID) (map[string]any, error) {
 	stats := make(map[string]any)
-	count, err := module.store.CountByOrgID(ctx, orgID)
+	counts, err := module.store.CountByOrgIDAndStatuses(ctx, orgID, []string{types.UserStatusActive.StringValue(), types.UserStatusDeleted.StringValue(), types.UserStatusPendingInvite.StringValue()})
 	if err == nil {
-		stats["user.count"] = count
+		stats["user.count"] = counts[types.UserStatusActive] + counts[types.UserStatusDeleted] + counts[types.UserStatusPendingInvite]
+		stats["user.count.active"] = counts[types.UserStatusActive]
+		stats["user.count.deleted"] = counts[types.UserStatusDeleted]
+		stats["user.count.pending_invite"] = counts[types.UserStatusPendingInvite]
 	}
 
-	count, err = module.store.CountAPIKeyByOrgID(ctx, orgID)
+	count, err := module.store.CountAPIKeyByOrgID(ctx, orgID)
 	if err == nil {
 		stats["factor.api_key.count"] = count
 	}
@@ -574,6 +744,28 @@ func (module *Module) Collect(ctx context.Context, orgID valuer.UUID) (map[strin
 	return stats, nil
 }
 
+// this function restricts that only one non-deleted user email can exist for an org ID, if found more, it throws an error
+func (module *Module) GetNonDeletedUserByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*types.User, error) {
+	existingUsers, err := module.store.GetUsersByEmailAndOrgID(ctx, email, orgID)
+	if err != nil {
+		return nil, err
+	}
+
+	// filter out the deleted users
+	existingUsers = slices.DeleteFunc(existingUsers, func(user *types.User) bool { return user.ErrIfDeleted() != nil })
+
+	if len(existingUsers) > 1 {
+		return nil, errors.Newf(errors.TypeInternal, errors.CodeInternal, "Multiple non-deleted users found for email %s in org_id: %s", email.StringValue(), orgID.StringValue())
+	}
+
+	if len(existingUsers) == 1 {
+		return existingUsers[0], nil
+	}
+
+	return nil, errors.Newf(errors.TypeNotFound, errors.CodeNotFound, "No non-deleted user found with email %s in org_id: %s", email.StringValue(), orgID.StringValue())
+
+}
+
 func (module *Module) createUserWithoutGrant(ctx context.Context, input *types.User, opts ...root.CreateUserOption) error {
 	createUserOpts := root.NewCreateUserOptions(opts...)
 	if err := module.store.RunInTx(ctx, func(ctx context.Context) error {
@@ -598,3 +790,25 @@ func (module *Module) createUserWithoutGrant(ctx context.Context, input *types.U
 
 	return nil
 }
+
+func (module *Module) activatePendingUser(ctx context.Context, user *types.User) error {
+	err := module.authz.Grant(
+		ctx,
+		user.OrgID,
+		[]string{roletypes.MustGetSigNozManagedRoleFromExistingRole(user.Role)},
+		authtypes.MustNewSubject(authtypes.TypeableUser, user.ID.StringValue(), user.OrgID, nil),
+	)
+	if err != nil {
+		return err
+	}
+
+	if err := user.UpdateStatus(types.UserStatusActive); err != nil {
+		return err
+	}
+	err = module.store.UpdateUser(ctx, user.OrgID, user)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

pkg/modules/user/impluser/service.go

@@ -143,7 +143,7 @@ func (s *service) reconcileRootUser(ctx context.Context, orgID valuer.UUID) erro
 }
 
 func (s *service) createOrPromoteRootUser(ctx context.Context, orgID valuer.UUID) error {
-	existingUser, err := s.store.GetUserByEmailAndOrgID(ctx, s.config.Email, orgID)
+	existingUser, err := s.module.GetNonDeletedUserByEmailAndOrgID(ctx, s.config.Email, orgID)
 	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
 		return err
 	}

pkg/modules/user/impluser/store.go

@@ -25,77 +25,6 @@ func NewStore(sqlstore sqlstore.SQLStore, settings factory.ProviderSettings) typ
 	return &store{sqlstore: sqlstore, settings: settings}
 }
 
-// CreateBulkInvite implements types.InviteStore.
-func (store *store) CreateBulkInvite(ctx context.Context, invites []*types.Invite) error {
-	_, err := store.sqlstore.BunDB().NewInsert().
-		Model(&invites).
-		Exec(ctx)
-
-	if err != nil {
-		return store.sqlstore.WrapAlreadyExistsErrf(err, types.ErrInviteAlreadyExists, "invite with email: %s already exists in org: %s", invites[0].Email, invites[0].OrgID)
-	}
-	return nil
-}
-
-// Delete implements types.InviteStore.
-func (store *store) DeleteInvite(ctx context.Context, orgID string, id valuer.UUID) error {
-	_, err := store.sqlstore.BunDB().NewDelete().
-		Model(&types.Invite{}).
-		Where("org_id = ?", orgID).
-		Where("id = ?", id).
-		Exec(ctx)
-	if err != nil {
-		return store.sqlstore.WrapNotFoundErrf(err, types.ErrInviteNotFound, "invite with id: %s does not exist in org: %s", id.StringValue(), orgID)
-	}
-	return nil
-}
-
-func (store *store) GetInviteByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*types.Invite, error) {
-	invite := new(types.Invite)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).NewSelect().
-		Model(invite).
-		Where("email = ?", email).
-		Where("org_id = ?", orgID).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrInviteNotFound, "invite with email %s does not exist in org %s", email, orgID)
-	}
-
-	return invite, nil
-}
-
-func (store *store) GetInviteByToken(ctx context.Context, token string) (*types.GettableInvite, error) {
-	invite := new(types.Invite)
-
-	err := store.
-		sqlstore.
-		BunDBCtx(ctx).
-		NewSelect().
-		Model(invite).
-		Where("token = ?", token).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrInviteNotFound, "invite does not exist", token)
-	}
-
-	return invite, nil
-}
-
-func (store *store) ListInvite(ctx context.Context, orgID string) ([]*types.Invite, error) {
-	invites := new([]*types.Invite)
-	err := store.sqlstore.BunDB().NewSelect().
-		Model(invites).
-		Where("org_id = ?", orgID).
-		Scan(ctx)
-	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrInviteNotFound, "invite with org id: %s does not exist", orgID)
-	}
-	return *invites, nil
-}
-
 func (store *store) CreatePassword(ctx context.Context, password *types.FactorPassword) error {
 	_, err := store.
 		sqlstore.
@@ -175,24 +104,25 @@ func (store *store) GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id v
 	return user, nil
 }
 
-func (store *store) GetUserByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*types.User, error) {
-	user := new(types.User)
+func (store *store) GetUsersByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) ([]*types.User, error) {
+	var users []*types.User
+
 	err := store.
 		sqlstore.
 		BunDBCtx(ctx).
 		NewSelect().
-		Model(user).
+		Model(&users).
 		Where("org_id = ?", orgID).
 		Where("email = ?", email).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user with email %s does not exist in org %s", email, orgID)
+		return nil, err
 	}
 
-	return user, nil
+	return users, nil
 }
 
-func (store *store) GetUsersByRoleAndOrgID(ctx context.Context, role types.Role, orgID valuer.UUID) ([]*types.User, error) {
+func (store *store) GetActiveUsersByRoleAndOrgID(ctx context.Context, role types.Role, orgID valuer.UUID) ([]*types.User, error) {
 	var users []*types.User
 
 	err := store.
@@ -202,6 +132,7 @@ func (store *store) GetUsersByRoleAndOrgID(ctx context.Context, role types.Role,
 		Model(&users).
 		Where("org_id = ?", orgID).
 		Where("role = ?", role).
+		Where("status = ?", types.UserStatusActive.StringValue()).
 		Scan(ctx)
 	if err != nil {
 		return nil, err
@@ -221,6 +152,7 @@ func (store *store) UpdateUser(ctx context.Context, orgID valuer.UUID, user *typ
 		Column("role").
 		Column("is_root").
 		Column("updated_at").
+		Column("status").
 		Where("org_id = ?", orgID).
 		Where("id = ?", user.ID).
 		Exec(ctx)
@@ -247,20 +179,10 @@ func (store *store) ListUsersByOrgID(ctx context.Context, orgID valuer.UUID) ([]
 	return users, nil
 }
 
-func (store *store) DeleteUser(ctx context.Context, orgID string, id string) error {
-	tx, err := store.sqlstore.BunDB().BeginTx(ctx, nil)
-	if err != nil {
-		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to start transaction")
-	}
-
-	defer func() {
-		_ = tx.Rollback()
-	}()
-
+func (store *store) deleteUserAssociationsTx(ctx context.Context, tx bun.Tx, id string) error {
 	// get the password id
-
 	var password types.FactorPassword
-	err = tx.NewSelect().
+	err := tx.NewSelect().
 		Model(&password).
 		Where("user_id = ?", id).
 		Scan(ctx)
@@ -313,6 +235,23 @@ func (store *store) DeleteUser(ctx context.Context, orgID string, id string) err
 		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to delete tokens")
 	}
 
+	return nil
+}
+
+func (store *store) DeleteUser(ctx context.Context, orgID string, id string) error {
+	tx, err := store.sqlstore.BunDB().BeginTx(ctx, nil)
+	if err != nil {
+		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to start transaction")
+	}
+
+	defer func() {
+		_ = tx.Rollback()
+	}()
+
+	if err := store.deleteUserAssociationsTx(ctx, tx, id); err != nil {
+		return err
+	}
+
 	// delete user
 	_, err = tx.NewDelete().
 		Model(new(types.User)).
@@ -331,10 +270,46 @@ func (store *store) DeleteUser(ctx context.Context, orgID string, id string) err
 	return nil
 }
 
+func (store *store) SoftDeleteUser(ctx context.Context, orgID string, id string) error {
+	tx, err := store.sqlstore.BunDB().BeginTx(ctx, nil)
+	if err != nil {
+		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to start transaction")
+	}
+
+	defer func() {
+		_ = tx.Rollback()
+	}()
+
+	if err := store.deleteUserAssociationsTx(ctx, tx, id); err != nil {
+		return err
+	}
+
+	// soft delete user
+	now := time.Now()
+	_, err = tx.NewUpdate().
+		Model(new(types.User)).
+		Set("status = ?", types.UserStatusDeleted).
+		Set("deleted_at = ?", now).
+		Set("updated_at = ?", now).
+		Where("org_id = ?", orgID).
+		Where("id = ?", id).
+		Exec(ctx)
+	if err != nil {
+		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to delete user")
+	}
+
+	err = tx.Commit()
+	if err != nil {
+		return errors.Wrapf(err, errors.TypeInternal, errors.CodeInternal, "failed to commit transaction")
+	}
+
+	return nil
+}
+
 func (store *store) CreateResetPasswordToken(ctx context.Context, resetPasswordToken *types.ResetPasswordToken) error {
 	_, err := store.
 		sqlstore.
-		BunDB().
+		BunDBCtx(ctx).
 		NewInsert().
 		Model(resetPasswordToken).
 		Exec(ctx)
@@ -367,7 +342,7 @@ func (store *store) GetPasswordByUserID(ctx context.Context, userID valuer.UUID)
 
 	err := store.
 		sqlstore.
-		BunDB().
+		BunDBCtx(ctx).
 		NewSelect().
 		Model(password).
 		Where("user_id = ?", userID).
@@ -383,7 +358,7 @@ func (store *store) GetResetPasswordTokenByPasswordID(ctx context.Context, passw
 
 	err := store.
 		sqlstore.
-		BunDB().
+		BunDBCtx(ctx).
 		NewSelect().
 		Model(resetPasswordToken).
 		Where("password_id = ?", passwordID).
@@ -396,7 +371,7 @@ func (store *store) GetResetPasswordTokenByPasswordID(ctx context.Context, passw
 }
 
 func (store *store) DeleteResetPasswordTokenByPasswordID(ctx context.Context, passwordID valuer.UUID) error {
-	_, err := store.sqlstore.BunDB().NewDelete().
+	_, err := store.sqlstore.BunDBCtx(ctx).NewDelete().
 		Model(&types.ResetPasswordToken{}).
 		Where("password_id = ?", passwordID).
 		Exec(ctx)
@@ -418,23 +393,14 @@ func (store *store) GetResetPasswordToken(ctx context.Context, token string) (*t
 		Where("token = ?", token).
 		Scan(ctx)
 	if err != nil {
-		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrResetPasswordTokenNotFound, "reset password token does not exist", token)
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrResetPasswordTokenNotFound, "reset password token does not exist")
 	}
 
 	return resetPasswordRequest, nil
 }
 
 func (store *store) UpdatePassword(ctx context.Context, factorPassword *types.FactorPassword) error {
-	tx, err := store.sqlstore.BunDB().BeginTx(ctx, nil)
-	if err != nil {
-		return err
-	}
-
-	defer func() {
-		_ = tx.Rollback()
-	}()
-
-	_, err = tx.
+	_, err := store.sqlstore.BunDBCtx(ctx).
 		NewUpdate().
 		Model(factorPassword).
 		Where("user_id = ?", factorPassword.UserID).
@@ -443,20 +409,6 @@ func (store *store) UpdatePassword(ctx context.Context, factorPassword *types.Fa
 		return store.sqlstore.WrapNotFoundErrf(err, types.ErrPasswordNotFound, "password for user %s does not exist", factorPassword.UserID)
 	}
 
-	_, err = tx.
-		NewDelete().
-		Model(&types.ResetPasswordToken{}).
-		Where("password_id = ?", factorPassword.ID).
-		Exec(ctx)
-	if err != nil {
-		return err
-	}
-
-	err = tx.Commit()
-	if err != nil {
-		return err
-	}
-
 	return nil
 }
 
@@ -582,6 +534,36 @@ func (store *store) CountByOrgID(ctx context.Context, orgID valuer.UUID) (int64,
 	return int64(count), nil
 }
 
+func (store *store) CountByOrgIDAndStatuses(ctx context.Context, orgID valuer.UUID, statuses []string) (map[valuer.String]int64, error) {
+	user := new(types.User)
+	var results []struct {
+		Status valuer.String `bun:"status"`
+		Count  int64         `bun:"count"`
+	}
+
+	err := store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(user).
+		ColumnExpr("status").
+		ColumnExpr("COUNT(*) AS count").
+		Where("org_id = ?", orgID.StringValue()).
+		Where("status IN (?)", bun.In(statuses)).
+		GroupExpr("status").
+		Scan(ctx, &results)
+	if err != nil {
+		return nil, err
+	}
+
+	counts := make(map[valuer.String]int64, len(results))
+	for _, r := range results {
+		counts[r.Status] = r.Count
+	}
+
+	return counts, nil
+}
+
 func (store *store) CountAPIKeyByOrgID(ctx context.Context, orgID valuer.UUID) (int64, error) {
 	apiKey := new(types.StorableAPIKey)
 
@@ -638,3 +620,41 @@ func (store *store) ListUsersByEmailAndOrgIDs(ctx context.Context, email valuer.
 
 	return users, nil
 }
+
+func (store *store) GetUserByResetPasswordToken(ctx context.Context, token string) (*types.User, error) {
+	user := new(types.User)
+
+	err := store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(user).
+		Join(`JOIN factor_password ON factor_password.user_id = "user".id`).
+		Join("JOIN reset_password_token ON reset_password_token.password_id = factor_password.id").
+		Where("reset_password_token.token = ?", token).
+		Scan(ctx)
+	if err != nil {
+		return nil, store.sqlstore.WrapNotFoundErrf(err, types.ErrCodeUserNotFound, "user not found for reset password token")
+	}
+
+	return user, nil
+}
+
+func (store *store) GetUsersByEmailsOrgIDAndStatuses(ctx context.Context, orgID valuer.UUID, emails []string, statuses []string) ([]*types.User, error) {
+	users := []*types.User{}
+
+	err := store.
+		sqlstore.
+		BunDBCtx(ctx).
+		NewSelect().
+		Model(&users).
+		Where("email IN (?)", bun.In(emails)).
+		Where("org_id = ?", orgID).
+		Where("status in (?)", bun.In(statuses)).
+		Scan(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	return users, nil
+}

pkg/modules/user/user.go

@@ -42,7 +42,6 @@ type Module interface {
 	// invite
 	CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID valuer.UUID, bulkInvites *types.PostableBulkInviteRequest) ([]*types.Invite, error)
 	ListInvite(ctx context.Context, orgID string) ([]*types.Invite, error)
-	DeleteInvite(ctx context.Context, orgID string, id valuer.UUID) error
 	AcceptInvite(ctx context.Context, token string, password string) (*types.User, error)
 	GetInviteByToken(ctx context.Context, token string) (*types.Invite, error)
 
@@ -53,6 +52,8 @@ type Module interface {
 	RevokeAPIKey(ctx context.Context, id, removedByUserID valuer.UUID) error
 	GetAPIKey(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*types.StorableAPIKeyUser, error)
 
+	GetNonDeletedUserByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*types.User, error)
+
 	statsreporter.StatsCollector
 }
 
@@ -78,6 +79,9 @@ type Getter interface {
 	// Count users by org id.
 	CountByOrgID(context.Context, valuer.UUID) (int64, error)
 
+	// Count of users by org id and grouped by status.
+	CountByOrgIDAndStatuses(context.Context, valuer.UUID, []string) (map[valuer.String]int64, error)
+
 	// Get factor password by user id.
 	GetFactorPasswordByUserID(context.Context, valuer.UUID) (*types.FactorPassword, error)
 }

pkg/signoz/provider.go

@@ -170,6 +170,8 @@ func NewSQLMigrationProviderFactories(
 		sqlmigration.NewAddRootUserFactory(sqlstore, sqlschema),
 		sqlmigration.NewAddUserEmailOrgIDIndexFactory(sqlstore, sqlschema),
 		sqlmigration.NewMigrateRulesV4ToV5Factory(sqlstore, telemetryStore),
+		sqlmigration.NewAddStatusUserFactory(sqlstore, sqlschema),
+		sqlmigration.NewDeprecateUserInviteFactory(sqlstore, sqlschema),
 	)
 }
 

pkg/sqlmigration/067_add_status_user.go

@@ -0,0 +1,109 @@
+package sqlmigration
+
+import (
+	"context"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type addStatusUser struct {
+	sqlstore  sqlstore.SQLStore
+	sqlschema sqlschema.SQLSchema
+}
+
+func NewAddStatusUserFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(
+		factory.MustNewName("add_status_user"),
+		func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
+			return &addStatusUser{
+				sqlstore:  sqlstore,
+				sqlschema: sqlschema,
+			}, nil
+		},
+	)
+}
+
+func (migration *addStatusUser) Register(migrations *migrate.Migrations) error {
+	if err := migrations.Register(migration.Up, migration.Down); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (migration *addStatusUser) Up(ctx context.Context, db *bun.DB) error {
+	if err := migration.sqlschema.ToggleFKEnforcement(ctx, db, false); err != nil {
+		return err
+	}
+
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		_ = tx.Rollback()
+	}()
+
+	table, uniqueConstraints, err := migration.sqlschema.GetTable(ctx, sqlschema.TableName("users"))
+	if err != nil {
+		return err
+	}
+
+	statusColumn := &sqlschema.Column{
+		Name:     sqlschema.ColumnName("status"),
+		DataType: sqlschema.DataTypeText,
+		Nullable: false,
+	}
+
+	sqls := migration.sqlschema.Operator().AddColumn(table, uniqueConstraints, statusColumn, "active")
+
+	// add deleted_at (zero time = not deleted, non-zero = deletion timestamp) to enable the
+	// composite unique index that replaces the partial index approach
+	deletedAtColumn := &sqlschema.Column{
+		Name:     sqlschema.ColumnName("deleted_at"),
+		DataType: sqlschema.DataTypeTimestamp,
+		Nullable: false,
+	}
+
+	sqls = append(sqls, migration.sqlschema.Operator().AddColumn(table, uniqueConstraints, deletedAtColumn, time.Time{})...)
+
+	// we need to drop the unique index on (email, org_id)
+	sqls = append(sqls, migration.sqlschema.Operator().DropIndex(&sqlschema.UniqueIndex{TableName: "users", ColumnNames: []sqlschema.ColumnName{"email", "org_id"}})...)
+
+	for _, sql := range sqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	// add a composite unique index on (org_id, email, deleted_at).
+	// active and pending users have deleted_at=time.Time{} (zero), forming a unique (org_id, email, zero) tuple.
+	// soft-deleted users have deleted_at set to the deletion timestamp, making each deleted row unique
+	// and allowing the same email to be re-invited after deletion without a constraint violation.
+	newIndexSqls := migration.sqlschema.Operator().CreateIndex(&sqlschema.UniqueIndex{TableName: "users", ColumnNames: []sqlschema.ColumnName{"org_id", "email", "deleted_at"}})
+	for _, sql := range newIndexSqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	if err := tx.Commit(); err != nil {
+		return err
+	}
+
+	if err := migration.sqlschema.ToggleFKEnforcement(ctx, db, true); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (migration *addStatusUser) Down(ctx context.Context, db *bun.DB) error {
+	return nil
+}

pkg/sqlmigration/068_deprecate_user_invite.go

@@ -0,0 +1,154 @@
+package sqlmigration
+
+import (
+	"context"
+	"database/sql"
+	"time"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/factory"
+	"github.com/SigNoz/signoz/pkg/sqlschema"
+	"github.com/SigNoz/signoz/pkg/sqlstore"
+	"github.com/uptrace/bun"
+	"github.com/uptrace/bun/migrate"
+)
+
+type deprecateUserInvite struct {
+	sqlstore  sqlstore.SQLStore
+	sqlschema sqlschema.SQLSchema
+}
+
+type userInviteRow struct {
+	bun.BaseModel `bun:"table:user_invite"`
+
+	ID        string    `bun:"id"`
+	Name      string    `bun:"name"`
+	Email     string    `bun:"email"`
+	Role      string    `bun:"role"`
+	OrgID     string    `bun:"org_id"`
+	Token     string    `bun:"token"`
+	CreatedAt time.Time `bun:"created_at"`
+	UpdatedAt time.Time `bun:"updated_at"`
+}
+
+type pendingInviteUser struct {
+	bun.BaseModel `bun:"table:users"`
+
+	ID          string    `bun:"id"`
+	DisplayName string    `bun:"display_name"`
+	Email       string    `bun:"email"`
+	Role        string    `bun:"role"`
+	OrgID       string    `bun:"org_id"`
+	IsRoot      bool      `bun:"is_root"`
+	Status      string    `bun:"status"`
+	CreatedAt   time.Time `bun:"created_at"`
+	UpdatedAt   time.Time `bun:"updated_at"`
+	DeletedAt   time.Time `bun:"deleted_at"`
+}
+
+func NewDeprecateUserInviteFactory(sqlstore sqlstore.SQLStore, sqlschema sqlschema.SQLSchema) factory.ProviderFactory[SQLMigration, Config] {
+	return factory.NewProviderFactory(
+		factory.MustNewName("deprecate_user_invite"),
+		func(ctx context.Context, ps factory.ProviderSettings, c Config) (SQLMigration, error) {
+			return &deprecateUserInvite{
+				sqlstore:  sqlstore,
+				sqlschema: sqlschema,
+			}, nil
+		},
+	)
+}
+
+func (migration *deprecateUserInvite) Register(migrations *migrate.Migrations) error {
+	if err := migrations.Register(migration.Up, migration.Down); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (migration *deprecateUserInvite) Up(ctx context.Context, db *bun.DB) error {
+	table, _, err := migration.sqlschema.GetTable(ctx, sqlschema.TableName("user_invite"))
+	if err != nil {
+		if err == sql.ErrNoRows || errors.Ast(err, errors.TypeNotFound) {
+			return nil
+		}
+		return err
+	}
+
+	tx, err := db.BeginTx(ctx, nil)
+	if err != nil {
+		return err
+	}
+
+	defer func() {
+		_ = tx.Rollback()
+	}()
+
+	// existing invites
+	var invites []*userInviteRow
+	err = tx.NewSelect().Model(&invites).Scan(ctx)
+	if err != nil && err != sql.ErrNoRows {
+		return err
+	}
+
+	// move all invitations to the users table as a pending_invite user
+	// skipping any invite whose email+org already has a user entry with non-deleted status
+	users := make([]*pendingInviteUser, 0, len(invites))
+
+	for _, invite := range invites {
+		existingCount, err := tx.NewSelect().
+			TableExpr("users").
+			Where("email = ?", invite.Email).
+			Where("org_id = ?", invite.OrgID).
+			Where("status != ?", "deleted").
+			Count(ctx)
+		if err != nil {
+			return err
+		}
+
+		if existingCount > 0 {
+			continue
+		}
+
+		user := &pendingInviteUser{
+			ID:          invite.ID,
+			DisplayName: invite.Name,
+			Email:       invite.Email,
+			Role:        invite.Role,
+			OrgID:       invite.OrgID,
+			IsRoot:      false,
+			Status:      "pending_invite",
+			CreatedAt:   invite.CreatedAt,
+			UpdatedAt:   time.Now(),
+			DeletedAt:   time.Time{},
+		}
+
+		users = append(users, user)
+	}
+
+	if len(users) > 0 {
+		_, err = tx.NewInsert().Model(&users).Exec(ctx)
+		if err != nil {
+			return err
+		}
+	}
+
+	// finally drop the user_invite table
+	dropTableSqls := migration.sqlschema.Operator().DropTable(table)
+
+	for _, sql := range dropTableSqls {
+		if _, err := tx.ExecContext(ctx, string(sql)); err != nil {
+			return err
+		}
+	}
+
+	if err := tx.Commit(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (migration *deprecateUserInvite) Down(ctx context.Context, db *bun.DB) error {
+	return nil
+}

pkg/types/authtypes/authn.go

@@ -125,7 +125,7 @@ func (typ *Identity) ToClaims() Claims {
 
 type AuthNStore interface {
 	// Get user and factor password by email and orgID.
-	GetUserAndFactorPasswordByEmailAndOrgID(ctx context.Context, email string, orgID valuer.UUID) (*types.User, *types.FactorPassword, error)
+	GetActiveUserAndFactorPasswordByEmailAndOrgID(ctx context.Context, email string, orgID valuer.UUID) (*types.User, *types.FactorPassword, error)
 
 	// Get org domain from id.
 	GetAuthDomainFromID(ctx context.Context, domainID valuer.UUID) (*AuthDomain, error)

pkg/types/factor_password.go

@@ -2,6 +2,7 @@ package types
 
 import (
 	"encoding/json"
+	"fmt"
 	"slices"
 	"time"
 	"unicode"
@@ -220,3 +221,7 @@ func comparePassword(hashedPassword string, password string) bool {
 func (r *ResetPasswordToken) IsExpired() bool {
 	return r.ExpiresAt.Before(time.Now())
 }
+
+func (r *ResetPasswordToken) FactorPasswordResetLink(frontendBaseUrl string) string {
+	return fmt.Sprintf("%s/password-reset?token=%s", frontendBaseUrl, r.Token)
+}

pkg/types/invite.go

@@ -54,7 +54,29 @@ type PostableInvite struct {
 }
 
 type PostableBulkInviteRequest struct {
-	Invites []PostableInvite `json:"invites"`
+	Invites []PostableInvite `json:"invites" required:"true"`
+}
+
+func (request *PostableBulkInviteRequest) UnmarshalJSON(data []byte) error {
+	type Alias PostableBulkInviteRequest
+
+	var temp Alias
+	if err := json.Unmarshal(data, &temp); err != nil {
+		return err
+	}
+
+	// check for duplicate emails in the same request
+	seen := make(map[string]struct{}, len(temp.Invites))
+	for _, invite := range temp.Invites {
+		email := invite.Email.StringValue()
+		if _, exists := seen[email]; exists {
+			return errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "Duplicate email in request: %s", email)
+		}
+		seen[email] = struct{}{}
+	}
+
+	*request = PostableBulkInviteRequest(temp)
+	return nil
 }
 
 type GettableCreateInviteResponse struct {

pkg/types/user.go

@@ -3,6 +3,7 @@ package types
 import (
 	"context"
 	"encoding/json"
+	"slices"
 	"time"
 
 	"github.com/SigNoz/signoz/pkg/errors"
@@ -21,6 +22,15 @@ var (
 	ErrAPIKeyAlreadyExists              = errors.MustNewCode("api_key_already_exists")
 	ErrAPIKeyNotFound                   = errors.MustNewCode("api_key_not_found")
 	ErrCodeRootUserOperationUnsupported = errors.MustNewCode("root_user_operation_unsupported")
+	ErrCodeUserStatusDeleted            = errors.MustNewCode("user_status_deleted")
+	ErrCodeUserStatusPendingInvite      = errors.MustNewCode("user_status_pending_invite")
+)
+
+var (
+	UserStatusPendingInvite = valuer.NewString("pending_invite")
+	UserStatusActive        = valuer.NewString("active")
+	UserStatusDeleted       = valuer.NewString("deleted")
+	ValidUserStatus         = []valuer.String{UserStatusPendingInvite, UserStatusActive, UserStatusDeleted}
 )
 
 type GettableUser = User
@@ -29,11 +39,13 @@ type User struct {
 	bun.BaseModel `bun:"table:users"`
 
 	Identifiable
-	DisplayName string       `bun:"display_name" json:"displayName"`
-	Email       valuer.Email `bun:"email" json:"email"`
-	Role        Role         `bun:"role" json:"role"`
-	OrgID       valuer.UUID  `bun:"org_id" json:"orgId"`
-	IsRoot      bool         `bun:"is_root" json:"isRoot"`
+	DisplayName string        `bun:"display_name" json:"displayName"`
+	Email       valuer.Email  `bun:"email" json:"email"`
+	Role        Role          `bun:"role" json:"role"`
+	OrgID       valuer.UUID   `bun:"org_id" json:"orgId"`
+	IsRoot      bool          `bun:"is_root" json:"isRoot"`
+	Status      valuer.String `bun:"status" json:"status"`
+	DeletedAt   time.Time     `bun:"deleted_at" json:"-"`
 	TimeAuditable
 }
 
@@ -45,7 +57,7 @@ type PostableRegisterOrgAndAdmin struct {
 	OrgName        string       `json:"orgName"`
 }
 
-func NewUser(displayName string, email valuer.Email, role Role, orgID valuer.UUID) (*User, error) {
+func NewUser(displayName string, email valuer.Email, role Role, orgID valuer.UUID, status valuer.String) (*User, error) {
 	if email.IsZero() {
 		return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "email is required")
 	}
@@ -58,6 +70,10 @@ func NewUser(displayName string, email valuer.Email, role Role, orgID valuer.UUI
 		return nil, errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "orgID is required")
 	}
 
+	if !slices.Contains(ValidUserStatus, status) {
+		return nil, errors.Newf(errors.TypeInvalidInput, errors.CodeInvalidInput, "invalid status: %s, allowed status are: %v", status, ValidUserStatus)
+	}
+
 	return &User{
 		Identifiable: Identifiable{
 			ID: valuer.GenerateUUID(),
@@ -67,6 +83,7 @@ func NewUser(displayName string, email valuer.Email, role Role, orgID valuer.UUI
 		Role:        role,
 		OrgID:       orgID,
 		IsRoot:      false,
+		Status:      status,
 		TimeAuditable: TimeAuditable{
 			CreatedAt: time.Now(),
 			UpdatedAt: time.Now(),
@@ -92,6 +109,7 @@ func NewRootUser(displayName string, email valuer.Email, orgID valuer.UUID) (*Us
 		Role:        RoleAdmin,
 		OrgID:       orgID,
 		IsRoot:      true,
+		Status:      UserStatusActive,
 		TimeAuditable: TimeAuditable{
 			CreatedAt: time.Now(),
 			UpdatedAt: time.Now(),
@@ -111,6 +129,23 @@ func (u *User) Update(displayName string, role Role) {
 	u.UpdatedAt = time.Now()
 }
 
+func (u *User) UpdateStatus(status valuer.String) error {
+	// no updates allowed if user is in delete state
+	if err := u.ErrIfDeleted(); err != nil {
+		return errors.WithAdditionalf(err, "cannot update status of a deleted user")
+	}
+
+	// not udpates allowed from active to pending state
+	if status == UserStatusPendingInvite && u.Status == UserStatusActive {
+		return errors.New(errors.TypeUnsupported, errors.CodeUnsupported, "cannot move user to pending state from active state")
+	}
+
+	u.Status = status
+	u.UpdatedAt = time.Now()
+
+	return nil
+}
+
 // PromoteToRoot promotes the user to a root user with admin role.
 func (u *User) PromoteToRoot() {
 	u.IsRoot = true
@@ -133,12 +168,31 @@ func (u *User) ErrIfRoot() error {
 	return nil
 }
 
+// ErrIfDeleted returns an error if the user is in deleted state.
+// This error can be enriched with specific operation by the called using errors.WithAdditionalf
+func (u *User) ErrIfDeleted() error {
+	if u.Status == UserStatusDeleted {
+		return errors.New(errors.TypeUnsupported, ErrCodeUserStatusDeleted, "unsupported operation for deleted user")
+	}
+	return nil
+}
+
+// ErrIfPending returns an error if the user is in pending invite state.
+// This error can be enriched with specific operation by the called using errors.WithAdditionalf
+func (u *User) ErrIfPending() error {
+	if u.Status == UserStatusPendingInvite {
+		return errors.New(errors.TypeUnsupported, ErrCodeUserStatusPendingInvite, "unsupported operation for pending user")
+	}
+	return nil
+}
+
 func NewTraitsFromUser(user *User) map[string]any {
 	return map[string]any{
 		"name":         user.DisplayName,
 		"role":         user.Role,
 		"email":        user.Email.String(),
 		"display_name": user.DisplayName,
+		"status":       user.Status,
 		"created_at":   user.CreatedAt,
 	}
 }
@@ -160,17 +214,6 @@ func (request *PostableRegisterOrgAndAdmin) UnmarshalJSON(data []byte) error {
 }
 
 type UserStore interface {
-	// invite
-	CreateBulkInvite(ctx context.Context, invites []*Invite) error
-	ListInvite(ctx context.Context, orgID string) ([]*Invite, error)
-	DeleteInvite(ctx context.Context, orgID string, id valuer.UUID) error
-
-	// Get invite by token.
-	GetInviteByToken(ctx context.Context, token string) (*Invite, error)
-
-	// Get invite by email and org.
-	GetInviteByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*Invite, error)
-
 	// Creates a user.
 	CreateUser(ctx context.Context, user *User) error
 
@@ -181,13 +224,13 @@ type UserStore interface {
 	GetByOrgIDAndID(ctx context.Context, orgID valuer.UUID, id valuer.UUID) (*User, error)
 
 	// Get user by email and orgID.
-	GetUserByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) (*User, error)
+	GetUsersByEmailAndOrgID(ctx context.Context, email valuer.Email, orgID valuer.UUID) ([]*User, error)
 
 	// Get users by email.
 	GetUsersByEmail(ctx context.Context, email valuer.Email) ([]*User, error)
 
 	// Get users by role and org.
-	GetUsersByRoleAndOrgID(ctx context.Context, role Role, orgID valuer.UUID) ([]*User, error)
+	GetActiveUsersByRoleAndOrgID(ctx context.Context, role Role, orgID valuer.UUID) ([]*User, error)
 
 	// List users by org.
 	ListUsersByOrgID(ctx context.Context, orgID valuer.UUID) ([]*User, error)
@@ -195,8 +238,12 @@ type UserStore interface {
 	// List users by email and org ids.
 	ListUsersByEmailAndOrgIDs(ctx context.Context, email valuer.Email, orgIDs []valuer.UUID) ([]*User, error)
 
+	// Get users for an org id using emails and statuses
+	GetUsersByEmailsOrgIDAndStatuses(context.Context, valuer.UUID, []string, []string) ([]*User, error)
+
 	UpdateUser(ctx context.Context, orgID valuer.UUID, user *User) error
 	DeleteUser(ctx context.Context, orgID string, id string) error
+	SoftDeleteUser(ctx context.Context, orgID string, id string) error
 
 	// Creates a password.
 	CreatePassword(ctx context.Context, password *FactorPassword) error
@@ -217,10 +264,14 @@ type UserStore interface {
 	CountAPIKeyByOrgID(ctx context.Context, orgID valuer.UUID) (int64, error)
 
 	CountByOrgID(ctx context.Context, orgID valuer.UUID) (int64, error)
+	CountByOrgIDAndStatuses(ctx context.Context, orgID valuer.UUID, statuses []string) (map[valuer.String]int64, error)
 
 	// Get root user by org.
 	GetRootUserByOrgID(ctx context.Context, orgID valuer.UUID) (*User, error)
 
+	// Get user by reset password token
+	GetUserByResetPasswordToken(ctx context.Context, token string) (*User, error)
+
 	// Transaction
 	RunInTx(ctx context.Context, cb func(ctx context.Context) error) error
 }

templates/email/invitation.gotmpl

@@ -5,7 +5,7 @@
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>You're Invited to Join SigNoz</title>
+  <title>{{.subject}}</title>
 </head>
 
 <body style="margin:0;padding:0;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,'Helvetica Neue',Arial,sans-serif;line-height:1.6;color:#333;background:#fff">
@@ -41,13 +41,13 @@
                 </tr>
               </table>
               <p style="margin:0 0 16px;font-size:16px;color:#333;line-height:1.6">
-                Accept the invitation to get started.
+                Click the button below to set your password and activate your account:
               </p>
               <table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="margin:0 0 16px">
                 <tr>
                   <td align="center">
                     <a href="{{.link}}" target="_blank" style="display:inline-block;padding:16px 48px;font-size:16px;font-weight:600;color:#fff;background:#4E74F8;text-decoration:none;border-radius:4px">
-                      Accept Invitation
+                      Set Password
                     </a>
                   </td>
                 </tr>
@@ -60,6 +60,18 @@
                   {{.link}}
                 </a>
               </p>
+              <table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="margin:0 0 16px">
+                <tr>
+                  <td style="padding:16px;background:#fff4e6;border-radius:6px;border-left:4px solid #ff9800">
+                    <p style="margin:0;font-size:14px;color:#333;line-height:1.6">
+                      <strong>&#9201; This link will expire in {{.Expiry}}.</strong>
+                    </p>
+                  </td>
+                </tr>
+              </table>
+              <p style="margin:0 0 16px;font-size:16px;color:#333;line-height:1.6">
+                If you didn't expect this invitation, please ignore this email. No account will be activated.
+              </p>
               {{ if .format.Help.Enabled }}
               <p style="margin:0 0 16px;font-size:16px;color:#333;line-height:1.6">
                 Need help? Chat with our team in the SigNoz application or email us at <a href="mailto:{{.format.Help.Email}}" style="color:#4E74F8;text-decoration:none">{{.format.Help.Email}}</a>.

tests/integration/src/callbackauthn/02_saml.py

@@ -4,6 +4,7 @@ from typing import Any, Callable, Dict, List
 
 import requests
 from selenium import webdriver
+from sqlalchemy import sql
 from wiremock.resources.mappings import Mapping
 
 from fixtures.auth import (
@@ -570,3 +571,121 @@ def test_saml_empty_name_fallback(
 
     assert found_user is not None
     assert found_user["role"] == "VIEWER"
+
+
+def test_saml_sso_login_activates_pending_invite_user(
+    signoz: SigNoz,
+    idp: TestContainerIDP,  # pylint: disable=unused-argument
+    driver: webdriver.Chrome,
+    create_user_idp_with_groups: Callable[[str, str, bool, List[str]], None],
+    idp_login: Callable[[str, str], None],
+    get_token: Callable[[str, str], str],
+    get_session_context: Callable[[str], str],
+) -> None:
+    """
+    Verify that an invited user (pending_invite) who logs in via SAML SSO is
+    auto-activated with the role from the invite, not the SSO default/group role.
+
+    1. Admin invites user as ADMIN
+    2. User exists in IDP with 'signoz-viewers' group (would normally get VIEWER)
+    3. SSO login activates the user with VIEWER role (SSO Wins)
+    """
+    email = "sso-pending-invite@saml.integration.test"
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Invite user as ADMIN
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        json={"email": email, "role": "ADMIN", "name": "SAML SSO Pending User"},
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.CREATED
+
+    # Create IDP user in viewer group — SSO would normally assign VIEWER
+    create_user_idp_with_groups(email, "password", True, ["signoz-viewers"])
+
+    perform_saml_login(
+        signoz, driver, get_session_context, idp_login, email, "password"
+    )
+
+    # User should be active with VIEWER role from SSO
+    found_user = get_user_by_email(signoz, admin_token, email)
+    assert found_user is not None
+    assert found_user["status"] == "active"
+    assert found_user["role"] == "VIEWER"
+
+
+def test_saml_sso_deleted_user_gets_new_user_on_login(
+    signoz: SigNoz,
+    idp: TestContainerIDP,  # pylint: disable=unused-argument
+    driver: webdriver.Chrome,
+    create_user_idp: Callable[[str, str, bool, str, str], None],
+    idp_login: Callable[[str, str], None],
+    get_token: Callable[[str, str], str],
+    get_session_context: Callable[[str], str],
+) -> None:
+    """
+    Verify the full deleted-user SAML SSO lifecycle:
+    1. Invite + activate a user (EDITOR)
+    2. Soft delete the user
+    3. SSO login attempt — user should remain deleted (blocked)
+    5. SSO login — new user should created
+    """
+    email = "sso-deleted-lifecycle@saml.integration.test"
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # --- Step 1: Invite and activate via password reset ---
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        json={"email": email, "role": "EDITOR", "name": "SAML SSO Lifecycle User"},
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.CREATED
+    user_id = response.json()["data"]["id"]
+    reset_token = response.json()["data"]["token"]
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": "password123Z$", "token": reset_token},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.NO_CONTENT
+
+    # --- Step 2: Soft delete via DB using API
+    response = requests.delete(
+        signoz.self.host_configs["8080"].get(f"/api/v1/user/{user_id}"),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.NO_CONTENT
+
+    # --- Step 3: SSO login should be blocked for deleted user ---
+    create_user_idp(email, "password", True, "SAML", "Lifecycle")
+
+    perform_saml_login(signoz, driver, get_session_context, idp_login, email, "password")
+
+    # Verify user is NOT reactivated — check via DB since API may filter deleted users
+    with signoz.sqlstore.conn.connect() as conn:
+        result = conn.execute(
+            sql.text("SELECT status FROM users WHERE id = :user_id"),
+            {"user_id": user_id},
+        )
+        row = result.fetchone()
+        assert row is not None
+        assert row[0] == "deleted"
+
+    # Verify a NEW active user was auto-provisioned via SSO
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    found_user = next(
+        (user for user in response.json()["data"] if user["email"] == email and user["id"] != user_id),
+        None,
+    )
+    assert found_user is not None
+    assert found_user["status"] == "active"
+    assert found_user["role"] == "VIEWER"  # default role from SSO domain config

tests/integration/src/callbackauthn/03_oidc.py

@@ -4,6 +4,7 @@ from urllib.parse import urlparse
 
 import requests
 from selenium import webdriver
+from sqlalchemy import sql
 from wiremock.resources.mappings import Mapping
 
 from fixtures.auth import (
@@ -532,3 +533,54 @@ def test_oidc_empty_name_uses_fallback(
     assert found_user is not None
     assert found_user["role"] == "VIEWER"
     # Note: displayName may be empty - this is a known limitation
+
+
+def test_oidc_sso_login_activates_pending_invite_user(
+    signoz: SigNoz,
+    idp: TestContainerIDP,
+    driver: webdriver.Chrome,
+    create_user_idp_with_groups: Callable[[str, str, bool, List[str]], None],
+    idp_login: Callable[[str, str], None],
+    get_token: Callable[[str, str], str],
+    get_session_context: Callable[[str], str],
+) -> None:
+    """
+    Verify that an invited user (pending_invite) who logs in via OIDC SSO is
+    auto-activated with the role from the invite, not the SSO default/group role.
+
+    1. Admin invites user as ADMIN
+    2. User exists in IDP with 'signoz-viewers' group (would normally get VIEWER)
+    3. SSO login activates the user with VIEWER role (SSO wins)
+    """
+    email = "sso-pending-invite@oidc.integration.test"
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Invite user as ADMIN
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        json={"email": email, "role": "ADMIN", "name": "OIDC SSO Pending User"},
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.CREATED
+
+    # Create IDP user in viewer group — SSO would normally assign VIEWER
+    create_user_idp_with_groups(email, "password123", True, ["signoz-viewers"])
+
+    perform_oidc_login(
+        signoz, idp, driver, get_session_context, idp_login, email, "password123"
+    )
+
+    # User should be active with ADMIN role from invite, not VIEWER from SSO
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    found_user = next(
+        (user for user in response.json()["data"] if user["email"] == email),
+        None,
+    )
+    assert found_user is not None
+    assert found_user["status"] == "active"
+    assert found_user["role"] == "VIEWER"

tests/integration/src/passwordauthn/01_register.py

@@ -104,68 +104,66 @@ def test_register(signoz: types.SigNoz, get_token: Callable[[str, str], str]) ->
 def test_invite_and_register(
     signoz: types.SigNoz, get_token: Callable[[str, str], str]
 ) -> None:
+    admin_token = get_token("admin@integration.test", "password123Z$")
     # Generate an invite token for the editor user
     response = requests.post(
         signoz.self.host_configs["8080"].get("/api/v1/invite"),
         json={"email": "editor@integration.test", "role": "EDITOR", "name": "editor"},
         timeout=2,
         headers={
-            "Authorization": f"Bearer {get_token("admin@integration.test", "password123Z$")}"
+            "Authorization": f"Bearer {admin_token}"
         },
     )
 
     assert response.status_code == HTTPStatus.CREATED
 
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v1/invite"),
-        timeout=2,
-        headers={
-            "Authorization": f"Bearer {get_token("admin@integration.test", "password123Z$")}"
-        },
-    )
+    invited_user = response.json()["data"]
+    assert invited_user["email"] == "editor@integration.test"
+    assert invited_user["role"] == "EDITOR"
 
-    invite_response = response.json()["data"]
-    found_invite = next(
-        (
-            invite
-            for invite in invite_response
-            if invite["email"] == "editor@integration.test"
-        ),
+    # Verify the user user appears in the users list but as pending_invite status
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (user for user in user_response if user["email"] == "editor@integration.test"),
         None,
     )
+    assert found_user is not None
+    assert found_user["status"] == "pending_invite"
+    assert found_user["role"] == "EDITOR"
 
-    # Register the editor user using the invite token
+    reset_token = invited_user["token"]
+
+    # Reset the password to complete the invite flow (activates the user and also grants authz)
     response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
-        json={
-            "password": "password123Z$",
-            "displayName": "editor",
-            "token": f"{found_invite['token']}",
-        },
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": "password123Z$", "token": reset_token},
         timeout=2,
     )
-    assert response.status_code == HTTPStatus.CREATED
+    assert response.status_code == HTTPStatus.NO_CONTENT
 
-    # Verify that the invite token has been deleted
-    response = requests.get(
-        signoz.self.host_configs["8080"].get(f"/api/v1/invite/{found_invite['token']}"),
-        timeout=2,
-    )
-
-    assert response.status_code in (HTTPStatus.NOT_FOUND, HTTPStatus.BAD_REQUEST)
+    # Verify the user can now log in
+    editor_token = get_token("editor@integration.test", "password123Z$")
+    assert editor_token is not None
 
     # Verify that an admin endpoint cannot be called by the editor user
     response = requests.get(
         signoz.self.host_configs["8080"].get("/api/v1/user"),
         timeout=2,
         headers={
-            "Authorization": f"Bearer {get_token("editor@integration.test", "password123Z$")}"
+            "Authorization": f"Bearer {editor_token}"
         },
     )
 
     assert response.status_code == HTTPStatus.FORBIDDEN
 
-    # Verify that the editor has been created
+    # Verify that the editor user status has been updated to ACTIVE
     response = requests.get(
         signoz.self.host_configs["8080"].get("/api/v1/user"),
         timeout=2,
@@ -186,59 +184,40 @@ def test_invite_and_register(
     assert found_user["role"] == "EDITOR"
     assert found_user["displayName"] == "editor"
     assert found_user["email"] == "editor@integration.test"
+    assert found_user["status"] == "active"
 
 
 def test_revoke_invite_and_register(
     signoz: types.SigNoz, get_token: Callable[[str, str], str]
 ) -> None:
     admin_token = get_token("admin@integration.test", "password123Z$")
-    # Generate an invite token for the viewer user
+
+    # Invite the viewer user
     response = requests.post(
         signoz.self.host_configs["8080"].get("/api/v1/invite"),
         json={"email": "viewer@integration.test", "role": "VIEWER"},
         timeout=2,
         headers={"Authorization": f"Bearer {admin_token}"},
     )
-
     assert response.status_code == HTTPStatus.CREATED
+    invited_user = response.json()["data"]
+    reset_token = invited_user["token"]
 
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v1/invite"),
-        timeout=2,
-        headers={
-            "Authorization": f"Bearer {get_token("admin@integration.test", "password123Z$")}"
-        },
-    )
-
-    invite_response = response.json()["data"]
-    found_invite = next(
-        (
-            invite
-            for invite in invite_response
-            if invite["email"] == "viewer@integration.test"
-        ),
-        None,
-    )
-
+    # Delete the pending invite user (revoke the invite)
     response = requests.delete(
-        signoz.self.host_configs["8080"].get(f"/api/v1/invite/{found_invite['id']}"),
+        signoz.self.host_configs["8080"].get(f"/api/v1/user/{invited_user['id']}"),
         timeout=2,
         headers={"Authorization": f"Bearer {admin_token}"},
     )
-
     assert response.status_code == HTTPStatus.NO_CONTENT
 
-    # Try registering the viewer user with the invite token
+
+    # Try to use the reset token — should fail (user deleted)
     response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
-        json={
-            "password": "password123Z$",
-            "displayName": "viewer",
-            "token": f"{found_invite["token"]}",
-        },
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": "password123Z$", "token": reset_token},
         timeout=2,
     )
-
     assert response.status_code in (HTTPStatus.BAD_REQUEST, HTTPStatus.NOT_FOUND)
 
 
@@ -269,3 +248,85 @@ def test_self_access(
 
     assert response.status_code == HTTPStatus.OK
     assert response.json()["data"]["role"] == "EDITOR"
+
+
+def test_old_invite_flow(signoz: types.SigNoz, get_token: Callable[[str, str], str]):
+    admin_token = get_token("admin@integration.test", "password123Z$")
+
+    # invite a new user
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        json={"email": "oldinviteflow@integration.test", "role": "VIEWER", "name": "old invite flow"},
+        timeout=2,
+        headers={"Authorization": f"Bearer {admin_token}"},
+    )
+    assert response.status_code == HTTPStatus.CREATED
+
+    # get the invite token using get api
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        timeout=2,
+        headers={
+            "Authorization": f"Bearer {admin_token}"
+        },
+    )
+
+    invite_response = response.json()["data"]
+    found_invite = next(
+        (
+            invite
+            for invite in invite_response
+            if invite["email"] == "oldinviteflow@integration.test"
+        ),
+        None,
+    )
+
+    # accept the invite
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
+        json={
+            "password": "password123Z$",
+            "displayName": "old invite flow",
+            "token": f"{found_invite['token']}",
+        },
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.CREATED
+
+    # verify the invite token has been deleted
+    response = requests.get(
+        signoz.self.host_configs["8080"].get(f"/api/v1/invite/{found_invite['token']}"),
+        timeout=2,
+    )
+    assert response.status_code in (HTTPStatus.NOT_FOUND, HTTPStatus.BAD_REQUEST)
+
+    # verify that admin endpoints cannot be called
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={
+            "Authorization": f"Bearer {get_token("oldinviteflow@integration.test", "password123Z$")}"
+        },
+    )
+    assert response.status_code == HTTPStatus.FORBIDDEN
+
+    # verify the user has been created
+    response = requests.get(
+        signoz.self.host_configs["8080"].get("/api/v1/user"),
+        timeout=2,
+        headers={
+            "Authorization": f"Bearer {admin_token}"
+        },
+    )
+    assert response.status_code == HTTPStatus.OK
+
+    user_response = response.json()["data"]
+    found_user = next(
+        (user for user in user_response if user["email"] == "oldinviteflow@integration.test"),
+        None,
+    )
+
+    assert found_user is not None
+    assert found_user["role"] == "VIEWER"
+    assert found_user["displayName"] == "old invite flow"
+    assert found_user["email"] == "oldinviteflow@integration.test"

tests/integration/src/passwordauthn/04_password.py

@@ -22,50 +22,17 @@ def test_change_password(
         timeout=2,
         headers={"Authorization": f"Bearer {admin_token}"},
     )
-
     assert response.status_code == HTTPStatus.CREATED
+    invited_user = response.json()["data"]
+    reset_token = invited_user["token"]
 
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v1/invite"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {admin_token}"},
-    )
-
-    invite_response = response.json()["data"]
-    found_invite = next(
-        (
-            invite
-            for invite in invite_response
-            if invite["email"] == "admin+password@integration.test"
-        ),
-        None,
-    )
-
-    # Accept the invite with a bad password which should fail
+    # Reset password to activate user
     response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
-        json={
-            "password": "password",
-            "displayName": "admin password",
-            "token": f"{found_invite['token']}",
-        },
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": "password123Z$", "token": reset_token},
         timeout=2,
     )
-
-    assert response.status_code == HTTPStatus.BAD_REQUEST
-
-    # Accept the invite with a good password
-    response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
-        json={
-            "password": "password123Z$",
-            "displayName": "admin password",
-            "token": f"{found_invite['token']}",
-        },
-        timeout=2,
-    )
-
-    assert response.status_code == HTTPStatus.CREATED
+    assert response.status_code == HTTPStatus.NO_CONTENT
 
     # Get the user id
     response = requests.get(
@@ -301,33 +268,16 @@ def test_forgot_password_creates_reset_token(
     )
     assert response.status_code == HTTPStatus.CREATED
 
-    # Get the invite token
-    response = requests.get(
-        signoz.self.host_configs["8080"].get("/api/v1/invite"),
-        timeout=2,
-        headers={"Authorization": f"Bearer {admin_token}"},
-    )
-    invite_response = response.json()["data"]
-    found_invite = next(
-        (
-            invite
-            for invite in invite_response
-            if invite["email"] == "forgot@integration.test"
-        ),
-        None,
-    )
+    invited_user = response.json()["data"]
+    reset_token = invited_user["token"]
 
-    # Accept the invite to create the user
+    # Activate user via reset password
     response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
-        json={
-            "password": "originalPassword123Z$",
-            "displayName": "forgotpassword user",
-            "token": f"{found_invite['token']}",
-        },
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": "originalPassword123Z$", "token": reset_token},
         timeout=2,
     )
-    assert response.status_code == HTTPStatus.CREATED
+    assert response.status_code == HTTPStatus.NO_CONTENT
 
     # Get org ID
     response = requests.get(

tests/integration/src/passwordauthn/05_role.py

@@ -23,20 +23,16 @@ def test_change_role(
 
     assert response.status_code == HTTPStatus.CREATED
 
-    invite_token = response.json()["data"]["token"]
+    invited_user = response.json()["data"]
+    reset_token = invited_user["token"]
 
-    # Accept the invite of the new user
+    # Activate user via reset password
     response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
-        json={
-            "password": "password123Z$",
-            "displayName": "role change user",
-            "token": f"{invite_token}",
-        },
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": "password123Z$", "token": reset_token},
         timeout=2,
     )
-
-    assert response.status_code == HTTPStatus.CREATED
+    assert response.status_code == HTTPStatus.NO_CONTENT
 
     # Make some API calls as new user
     new_user_token, new_user_refresh_token = get_tokens(

tests/integration/src/passwordauthn/06_duplicate_invite.py

@@ -20,43 +20,39 @@ def test_duplicate_user_invite_rejected(
     """
     admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
 
-    # Step 1: Invite a new user.
-    initial_invite_response = requests.post(
+    # Invite a new user
+    response = requests.post(
         signoz.self.host_configs["8080"].get("/api/v1/invite"),
         json={"email": DUPLICATE_USER_EMAIL, "role": "EDITOR"},
         headers={"Authorization": f"Bearer {admin_token}"},
         timeout=2,
     )
-    assert initial_invite_response.status_code == HTTPStatus.CREATED
-    initial_invite_token = initial_invite_response.json()["data"]["token"]
+    assert response.status_code == HTTPStatus.CREATED
+    invited_user = response.json()["data"]
+    reset_token = invited_user["token"]
 
-    # Step 2: Accept the invite to create the user.
-    initial_accept_response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
-        json={"token": initial_invite_token, "password": "password123Z$"},
-        timeout=2,
-    )
-    assert initial_accept_response.status_code == HTTPStatus.CREATED
-
-    # Step 3: Invite the same email again.
-    duplicate_invite_response = requests.post(
+    # Invite the same email again — should fail
+    response = requests.post(
         signoz.self.host_configs["8080"].get("/api/v1/invite"),
         json={"email": DUPLICATE_USER_EMAIL, "role": "VIEWER"},
         headers={"Authorization": f"Bearer {admin_token}"},
         timeout=2,
     )
+    assert response.status_code == HTTPStatus.CONFLICT
 
-    # The invite creation itself may be rejected if the app checks for existing users.
-    if duplicate_invite_response.status_code != HTTPStatus.CREATED:
-        assert duplicate_invite_response.status_code == HTTPStatus.CONFLICT
-        return
-
-    duplicate_invite_token = duplicate_invite_response.json()["data"]["token"]
-
-    # Step 4: Accept the duplicate invite — should fail due to unique constraint.
-    duplicate_accept_response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
-        json={"token": duplicate_invite_token, "password": "password123Z$"},
+    # activate the user
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": "password123Z$", "token": reset_token},
         timeout=2,
     )
-    assert duplicate_accept_response.status_code == HTTPStatus.CONFLICT
+    assert response.status_code == HTTPStatus.NO_CONTENT
+
+    # Try to invite the same email again — should fail
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        json={"email": DUPLICATE_USER_EMAIL, "role": "VIEWER"},
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.CONFLICT

tests/integration/src/passwordauthn/07_invite_status.py

@@ -0,0 +1,105 @@
+from http import HTTPStatus
+from typing import Callable
+
+import requests
+
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
+from fixtures.types import SigNoz
+
+from sqlalchemy import sql
+
+
+def test_reinvite_deleted_user(
+    signoz: SigNoz,
+    get_token: Callable[[str, str], str],
+):
+    """
+    Verify that a deleted user if re-inivited creates a new user altogether:
+    1. Invite and activate a user
+    2. Call the delete user api
+    3. Re-invite the same email — should succeed and create a new user with pending_invite status
+    4. Reset password for the new user
+    5. Get User API returns two users now, one deleted and one active
+    """
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    reinvite_user_email = "reinvite@integration.test"
+    reinvite_user_name = "reinvite user"
+    reinvite_user_role = "EDITOR"
+    reinvite_user_password = "password123Z$"
+
+    # invite the user
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        json={"email": reinvite_user_email, "role": reinvite_user_role, "name": reinvite_user_name},
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.CREATED
+    invited_user = response.json()["data"]
+    reset_token = invited_user["token"]
+
+    # reset the password to make it active
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": reinvite_user_password, "token": reset_token},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.NO_CONTENT
+
+    # call the delete api which now soft deletes the user
+    response = requests.delete(
+        signoz.self.host_configs["8080"].get(f"/api/v1/user/{invited_user['id']}"),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.NO_CONTENT
+
+    # Re-invite the same email — should succeed
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        json={"email": reinvite_user_email, "role": "VIEWER", "name": "reinvite user v2"},
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.CREATED
+    reinvited_user = response.json()["data"]
+    assert reinvited_user["role"] == "VIEWER" 
+    assert reinvited_user["id"] != invited_user["id"] # confirms a new user was created
+
+    reinvited_user_reset_password_token = reinvited_user["token"]
+    
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": "newPassword123Z$", "token": reinvited_user_reset_password_token},
+        timeout=2,
+    )
+    assert response.status_code == HTTPStatus.NO_CONTENT
+
+    # Verify user can log in with new password
+    user_token = get_token("reinvite@integration.test", "newPassword123Z$")
+    assert user_token is not None
+
+
+def test_bulk_invite(
+    signoz: SigNoz,
+    get_token: Callable[[str, str], str],
+):
+    """
+    Verify the bulk invite endpoint creates multiple pending_invite users.
+    """
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite/bulk"),
+        json={
+            "invites": [
+                {"email": "bulk1@integration.test", "role": "EDITOR", "name": "bulk user 1"},
+                {"email": "bulk2@integration.test", "role": "VIEWER", "name": "bulk user 2"},
+            ]
+        },
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=5,
+    )
+    assert response.status_code == HTTPStatus.CREATED

tests/integration/src/passwordauthn/08_user_unique_index.py

@@ -0,0 +1,176 @@
+import uuid
+from http import HTTPStatus
+from typing import Callable
+
+import pytest
+import requests
+from sqlalchemy import sql
+from sqlalchemy.exc import IntegrityError
+
+from fixtures.auth import USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD
+from fixtures.types import SigNoz
+
+UNIQUE_INDEX_USER_EMAIL = "useruniqueindex@integration.test"
+
+
+def test_unique_index_allows_multiple_deleted_rows(
+    signoz: SigNoz,
+    get_token: Callable[[str, str], str],
+):
+    """
+    Verify that the composite unique index on (org_id, email, deleted_at) allows multiple
+    deleted rows for the same (org_id, email) while still enforcing uniqueness among
+    non-deleted rows.
+
+    Non-deleted users share deleted_at=zero-time, so the unique index prevents duplicates.
+    Soft-deleted users each have a distinct deleted_at timestamp, so the index allows
+    multiple deleted rows for the same (org_id, email).
+
+    Steps:
+    1. Invite and soft-delete a user via the API (first deleted row).
+    2. Re-invite and soft-delete the same email via the API (second deleted row).
+    3. Assert via SQL that exactly two deleted rows exist for the email.
+    4. Assert via SQL that inserting one active row succeeds (no conflict — only
+       deleted rows exist), then inserting a second active row for the same
+       (org_id, email) fails with a unique constraint error (both have deleted_at=zero-time).
+    5. Assert via SQL that inserting a third deleted row for the same (org_id, email)
+       with a unique deleted_at succeeds — confirming the index does not cover deleted rows.
+    6. Assert via SQL that the final count of deleted rows is 3.
+    """
+    admin_token = get_token(USER_ADMIN_EMAIL, USER_ADMIN_PASSWORD)
+
+    # Step 1: invite and delete the first user
+    resp = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        json={"email": UNIQUE_INDEX_USER_EMAIL, "role": "EDITOR", "name": "unique index user v1"},
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert resp.status_code == HTTPStatus.CREATED
+    first_user_id = resp.json()["data"]["id"]
+
+    resp = requests.delete(
+        signoz.self.host_configs["8080"].get(f"/api/v1/user/{first_user_id}"),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert resp.status_code == HTTPStatus.NO_CONTENT
+
+    # Step 2: re-invite and delete the same email (second deleted row)
+    resp = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/invite"),
+        json={"email": UNIQUE_INDEX_USER_EMAIL, "role": "EDITOR", "name": "unique index user v2"},
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert resp.status_code == HTTPStatus.CREATED
+    second_user_id = resp.json()["data"]["id"]
+    assert second_user_id != first_user_id
+
+    resp = requests.delete(
+        signoz.self.host_configs["8080"].get(f"/api/v1/user/{second_user_id}"),
+        headers={"Authorization": f"Bearer {admin_token}"},
+        timeout=2,
+    )
+    assert resp.status_code == HTTPStatus.NO_CONTENT
+
+    # Step 3: assert the DB has exactly two deleted rows for this email
+    with signoz.sqlstore.conn.connect() as conn:
+        result = conn.execute(
+            sql.text(
+                "SELECT id, deleted_at FROM users"
+                " WHERE email = :email AND deleted_at != :zero_time"
+            ),
+            {"email": UNIQUE_INDEX_USER_EMAIL, "zero_time": "0001-01-01 00:00:00"},
+        )
+        deleted_rows = result.fetchall()
+
+    assert len(deleted_rows) == 2, (
+        f"expected 2 deleted rows for {UNIQUE_INDEX_USER_EMAIL}, got {len(deleted_rows)}"
+    )
+    deleted_ids = {row[0] for row in deleted_rows}
+    assert first_user_id in deleted_ids
+    assert second_user_id in deleted_ids
+
+    # Retrieve org_id for the direct SQL inserts below
+    with signoz.sqlstore.conn.connect() as conn:
+        result = conn.execute(
+            sql.text("SELECT org_id FROM users WHERE id = :id"),
+            {"id": first_user_id},
+        )
+        org_id = result.fetchone()[0]
+
+    # Step 4: the unique index must still block a duplicate non-deleted row.
+    # Both active rows have deleted_at=zero-time, so they share the same (org_id, email, zero-time)
+    # tuple. First insert must succeed (only deleted rows exist so far).
+    # Second insert for the same (org_id, email) with deleted_at=zero-time must fail.
+    active_id = str(uuid.uuid4())
+    with signoz.sqlstore.conn.connect() as conn:
+        conn.execute(
+            sql.text(
+                "INSERT INTO users"
+                " (id, display_name, email, role, org_id, is_root, status, created_at, updated_at, deleted_at)"
+                " VALUES (:id, :display_name, :email, :role, :org_id,"
+                "         false, 'active', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, :zero_time)"
+            ),
+            {
+                "id": active_id,
+                "display_name": "first active row",
+                "email": UNIQUE_INDEX_USER_EMAIL,
+                "role": "EDITOR",
+                "org_id": org_id,
+                "zero_time": "0001-01-01 00:00:00",
+            },
+        )
+        conn.commit()
+
+    with signoz.sqlstore.conn.connect() as conn:
+        with pytest.raises(IntegrityError):
+            conn.execute(
+                sql.text(
+                    "INSERT INTO users"
+                    " (id, display_name, email, role, org_id, is_root, status, created_at, updated_at, deleted_at)"
+                    " VALUES (:id, :display_name, :email, :role, :org_id,"
+                    "         false, 'active', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, :zero_time)"
+                ),
+                {
+                    "id": str(uuid.uuid4()),
+                    "display_name": "should violate index",
+                    "email": UNIQUE_INDEX_USER_EMAIL,
+                    "role": "EDITOR",
+                    "org_id": org_id,
+                    "zero_time": "0001-01-01 00:00:00",
+                },
+            )
+
+    # Step 5: a third deleted row with a unique deleted_at must be accepted
+    with signoz.sqlstore.conn.connect() as conn:
+        conn.execute(
+            sql.text(
+                "INSERT INTO users"
+                " (id, display_name, email, role, org_id, is_root, status, created_at, updated_at, deleted_at)"
+                " VALUES (:id, :display_name, :email, :role, :org_id,"
+                "         false, 'deleted', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP)"
+            ),
+            {
+                "id": str(uuid.uuid4()),
+                "display_name": "third deleted row",
+                "email": UNIQUE_INDEX_USER_EMAIL,
+                "role": "EDITOR",
+                "org_id": org_id,
+            },
+        )
+        conn.commit()
+
+    # Step 6: confirm three deleted rows now exist
+    with signoz.sqlstore.conn.connect() as conn:
+        result = conn.execute(
+            sql.text(
+                "SELECT COUNT(*) FROM users"
+                " WHERE email = :email AND deleted_at != :zero_time"
+            ),
+            {"email": UNIQUE_INDEX_USER_EMAIL, "zero_time": "0001-01-01 00:00:00"},
+        )
+        count = result.fetchone()[0]
+
+    assert count == 3, f"expected 3 deleted rows after direct insert, got {count}"

tests/integration/src/role/02_user.py

@@ -34,19 +34,15 @@ def test_user_invite_accept_role_grant(
         timeout=2,
     )
     assert invite_response.status_code == HTTPStatus.CREATED
-    invite_token = invite_response.json()["data"]["token"]
+    invited_user = invite_response.json()["data"]
+    reset_token = invited_user["token"]
 
-    # accept the invite for editor
-    accept_payload = {
-        "token": invite_token,
-        "password": "password123Z$",
-    }
-    accept_response = requests.post(
-        signoz.self.host_configs["8080"].get("/api/v1/invite/accept"),
-        json=accept_payload,
+    response = requests.post(
+        signoz.self.host_configs["8080"].get("/api/v1/resetPassword"),
+        json={"password": USER_EDITOR_PASSWORD, "token": reset_token},
         timeout=2,
     )
-    assert accept_response.status_code == HTTPStatus.CREATED
+    assert response.status_code == HTTPStatus.NO_CONTENT
 
     # Login with editor email and password
     editor_token = get_token(USER_EDITOR_EMAIL, USER_EDITOR_PASSWORD)