Skip to main content

Overview

User management in Signal allows users with the Owner or Admin role to control who has access to the system and what they can do. This includes adding new users, assigning roles, managing user details, and deactivating accounts when staff leave.
Only users with the Owner or Admin role can add, edit, or deactivate user accounts. If you don’t have one of these roles, you won’t see user management options.

Who Can Manage Users?

Permission Required

Only users with the Owner or Admin role can:
  • Add new users
  • Edit user details (name, email, role)
  • Activate or deactivate user accounts
  • Assign users to user groups
  • View user activity logs
  • Reset user authentication
Other roles (DSL, Deputy DSL, Viewer) cannot access user management features.

Adding a New User

1

Navigate to User Management

  1. Log in to Signal with the Owner or Admin role
  2. Go to SettingsUsers
  3. Click the Add User button
2

Enter User Details

Fill in the required information:
  • First Name: User’s first name
  • Last Name: User’s last name
  • Email Address: User’s work email (this will be their login)
  • Role: Select from Owner, DSL, Deputy DSL, Admin, or Viewer
Optional information:
  • Job Title: e.g., “Head of Year 7”, “Designated Safeguarding Lead”
  • Department: e.g., “Pastoral”, “Safeguarding”, “SLT”
  • Phone Number: Contact number for the user
3

Assign to User Groups (Optional)

If you’ve already created user groups, you can assign the new user to one or more groups now. You can also do this later.See User Groups for more information about organizing users into teams.
4

Save and Send Invitation

Click Create User. Signal will:
  • Create the user account
  • Send an email invitation to the user’s email address
  • The email contains a link to set up their account and register a passkey or use email OTP
The user must click the link in the email to activate their account.
New users will receive an email with instructions for logging in. They can set up a passkey (recommended) or use email OTP codes for authentication. See Login & Authentication for details.

User Details and Fields

Required Fields

FieldDescriptionExample
First NameUser’s first nameSarah
Last NameUser’s last nameJohnson
Email AddressWork email (becomes their login)s.johnson@school.ac.uk
RoleOne of the five predefined rolesDSL

Optional Fields

FieldDescriptionWhy It’s Useful
Job TitleUser’s position in the schoolHelps identify responsibilities in audit logs
DepartmentTeam or departmentUseful for filtering and reporting
Phone NumberContact numberFor urgent safeguarding communication
StatusActive, Inactive, or PendingControls account access

User Account Status

Each user account has one of three statuses:
What it means: User account created but not yet activated by the user.What happens:
  • User has been sent an invitation email
  • They haven’t clicked the activation link yet
  • They cannot log in to Signal
What to do:
  • Wait for the user to activate their account
  • If they didn’t receive the email, resend the invitation
  • Check their email address is correct

Editing User Details

1

Find the user

  1. Go to SettingsUsers
  2. Search for the user by name or email
  3. Click on the user to view their profile
2

Click Edit

Click the Edit button on the user’s profile page.
3

Make changes

You can update:
  • Name
  • Email address (this will change their login)
  • Role
  • Job title
  • Department
  • Phone number
  • User group memberships
4

Save changes

Click Save. Changes take effect immediately.
Changing a user’s email address will change their login. They’ll need to use the new email address to log in. Signal will send a notification to both the old and new email addresses.
Changing a user’s role takes effect immediately. If they’re currently logged in, they’ll see updated permissions after refreshing their browser or logging in again.

Resending Invitation Emails

If a new user didn’t receive their invitation email, you can resend it:
1

Find the user

Go to SettingsUsers and search for the user with “Pending” status.
2

Resend invitation

Click on the user, then click Resend Invitation.
3

Verify email address

Confirm the email address is correct. If it’s wrong, edit the user’s details to update it, then resend.
Common reasons:
  • Spam/junk folder: Ask the user to check their spam folder
  • Incorrect email address: Verify the email is correct and update if necessary
  • Email filtering: Your school’s email system may have blocked it (contact IT)
  • Typo in domain: e.g., “@school.co.uk” instead of “@school.ac.uk”

Deactivating a User

When a staff member leaves the school or no longer needs access to Signal, deactivate their account rather than deleting it. This preserves the audit trail and their historical actions.
1

Find the user

Go to SettingsUsers and search for the user.
2

Open user profile

Click on the user to view their details.
3

Deactivate account

Click Deactivate User and confirm.
4

Verify status

The user’s status changes to “Inactive” and they can no longer log in.

What happens when a user is deactivated?

  • User cannot log in
  • Active sessions are terminated (they’re logged out)
  • User no longer receives email notifications or alerts
  • User is removed from user groups
  • All incidents, actions, and updates they created remain in the system
  • Their name still appears in incident history and audit logs
  • Reports and analytics include their historical activity
  • Their contributions to safeguarding records are preserved
Before deactivating a user:
  • Reassign any open actions assigned to them
  • Update alert notification settings if they were receiving alerts
  • Transfer any ongoing incident ownership if necessary
Do not delete user accounts unless absolutely necessary (e.g., account created by mistake). Deleting removes the user from all historical records and breaks the audit trail. Deactivating is almost always the better choice.

Reactivating a User

If a deactivated user returns to the school, you can reactivate their account:
1

Find the deactivated user

Go to SettingsUsers and filter by “Inactive” status.
2

Open user profile

Click on the user to view their details.
3

Reactivate account

Click Reactivate User and confirm.
4

Update details if needed

Check if their email, role, or other details need updating (e.g., new job title).
5

Reassign to user groups

Add them back to appropriate user groups if needed.
The user can now log in again with their previous credentials (passkey or email OTP).

Bulk User Management

For schools setting up Signal for the first time or making large-scale changes, you can import multiple users at once using a CSV file.

CSV Import Process

1

Download CSV template

  1. Go to SettingsUsers
  2. Click Import Users
  3. Download the CSV template
2

Fill in user details

Open the template in Excel or Google Sheets and fill in:
  • First Name
  • Last Name
  • Email Address
  • Role (use exact role names: “Owner”, “DSL”, “Deputy DSL”, “Admin”, or “Viewer”)
  • Job Title (optional)
  • Department (optional)
Important:
  • Do not change the column headers
  • Use exact role names (case-sensitive)
  • One user per row
  • Maximum 200 users per import
3

Upload CSV file

  1. Save your CSV file
  2. Click Choose File in Signal
  3. Select your CSV file
  4. Click Upload
4

Review and confirm

Signal will:
  • Validate the data (check for errors, duplicates, invalid emails)
  • Show you a preview of users to be created
  • Highlight any errors or warnings
Review the preview and click Confirm Import if everything looks correct.
5

Send invitations

After import, Signal will send invitation emails to all new users. They’ll receive instructions for setting up their accounts.
Duplicate checking: If a user with the same email address already exists, Signal will skip that row and flag it as a duplicate. Existing users will not be updated via CSV import.

Student Restrictions

Student restrictions allow you to prevent specific staff members from viewing incidents for certain students. This is useful for managing conflicts of interest or sensitive situations.

When to Use Student Restrictions

Common scenarios include:
  • A staff member has a personal connection to a student (e.g., their own child attends the school)
  • A staff member is involved in an ongoing investigation
  • Sensitive information that should be limited to specific safeguarding leads

Adding Student Restrictions

1

Find the Staff Member

Go to Settings > Users and locate the staff member
2

Open Student Restrictions

Click the dropdown menu on the staff member’s row and select Student Restrictions
3

Select Students

Use the student search to find and select the students this staff member should not see
4

Save

Click Save to apply the restrictions

What Student Restrictions Do

When a student restriction is in place:
  • The staff member cannot see incidents for the restricted student
  • The staff member cannot see the student in incident lists or searches
  • The staff member will not receive alerts for incidents involving the restricted student
  • This applies regardless of the staff member’s role, including DSL and Owner roles
Student restrictions are a powerful tool. Use them carefully and document why restrictions are in place for audit purposes.

Managing Restrictions

  • View restrictions: The Users page shows a “Restrictions” column indicating how many students each staff member is restricted from
  • Filter by restrictions: Use the filter to show only staff with student restrictions set
  • Remove restrictions: Open the Student Restrictions dialog and remove students as needed

User Groups Assignment

When adding or editing users, you can assign them to one or more user groups. User groups determine which students users can access.
For detailed information about user groups, see User Groups.

Assigning a user to user groups

  1. After entering user details, scroll to the User Groups section
  2. Select one or more user groups from the dropdown
  3. Click Create User
The user will have access to students in those groups (according to their role).

Viewing User Activity

Users with the Owner or Admin role can view user activity to monitor system usage and investigate incidents.
1

Open user profile

Go to SettingsUsers and click on a user.
2

View activity tab

Click the Activity tab to see:
  • Recent logins and sessions
  • Incidents created or edited
  • Actions taken
  • Students viewed
  • Transfers created or reviewed
  • Configuration changes made
3

Filter activity

Use filters to narrow down activity by:
  • Date range
  • Action type (login, create incident, view student, etc.)
  • Student or incident involved
4

Export activity log

Click Export to download a detailed activity log for compliance or investigation purposes.
Activity logs are retained for 7 years in line with safeguarding record retention requirements.

Best Practices

Always use staff members’ official work email addresses (e.g., @school.ac.uk). Never use personal email addresses (Gmail, Hotmail, etc.) as this violates GDPR and creates safeguarding risks.
Create user accounts a few days before new staff members start, so they can set up their passkey before their first day. This avoids delays in accessing safeguarding information.
Use clear, descriptive job titles (e.g., “Designated Safeguarding Lead”, “Head of Year 8”). This helps with audit trails and makes it clear why each user has access.
At the start of each term:
  • Add new staff members
  • Deactivate users who have left
  • Update roles for staff who have changed responsibilities
  • Review user group memberships
This ensures access controls stay current.
When staff members leave, deactivate their accounts on their last day. Don’t wait - unauthorized access after someone leaves is a serious security risk.
Give users the minimum role they need to do their job. Most staff should have the “Viewer” role, not “DSL”, “Deputy DSL”, “Admin”, or “Owner” roles.
Keep a record of who has Owner or Admin access and why. This demonstrates appropriate access controls during inspections.

Common Scenarios

Scenario: A new teacher is starting next week and needs access to Signal.Steps:
  1. Add the user with their work email and “Viewer” role
  2. Assign them to the appropriate user group (e.g., “Year 7 Pastoral Team”)
  3. Add their job title for clarity (e.g., “Year 7 Form Tutor”)
  4. Signal sends them an invitation email
  5. They set up their passkey before their start date
Result: On day one, they can log in and access incidents for their students.

Troubleshooting

Check:
  1. Is the email address correct in their user profile?
  2. Have they checked their spam/junk folder?
  3. Is their email system blocking emails from Signal?
Solutions:
  • Resend the invitation
  • Update email address if incorrect
  • Ask user to whitelist noreply@signal.app
  • Contact your IT team to check email filtering
Check:
  1. Is their account status “Active” or “Pending”?
  2. Did they click the activation link in the invitation email?
  3. Are they using the correct email address to log in?
Solutions:
  • If status is “Pending”, resend the invitation
  • If status is “Inactive”, reactivate the account
  • Verify they’re using the email address registered in Signal
Check:
  1. What is their current role?
  2. What do they need to do that they can’t?
  3. Does their role have permission for that action? (See Roles)
Solution:
  • Edit their user profile and change their role
  • Changes take effect immediately
  • User may need to refresh their browser
Common errors:
  • Invalid role name: Use exact role names (“Owner”, “DSL”, “Deputy DSL”, “Admin”, “Viewer”)
  • Invalid email format: Check for typos, missing @ symbols, or invalid domains
  • Duplicate emails: Remove rows with email addresses that already exist
  • Missing required fields: Ensure First Name, Last Name, Email, and Role are filled for every row
  • Wrong column headers: Download a fresh template and don’t modify the headers
Solution: Fix errors in your CSV file and try uploading again.
Important: You should almost never delete user accounts. Deactivating is the correct approach 99% of the time.When to delete:
  • Account created by mistake (wrong email, duplicate, test account)
  • Legal requirement to remove personal data (GDPR right to erasure - very rare in safeguarding context)
How to delete:
  • Contact Signal support - user deletion requires administrator intervention
  • Be prepared to document why deletion is necessary
Warning: Deleting a user removes them from all historical records and breaks the audit trail.

Next Steps

Set Up User Groups

Create user groups to control which students users can access

Understand Roles

Learn about the five roles and their permissions

Users Overview

Return to the Users & Permissions overview

Help & Troubleshooting

Get help with user management issues