Product has been added to your cart.
Sign inTry Demo
Product has been added to your cart.
Try Demo

Editing and Deactivating User Accounts

Teams change. People switch roles, update their contact details, forget passwords, or leave the organisation entirely. Task Session gives admins full control to update user information, reset credentials, and deactivate accounts — all without losing a single record of the work that has been done. This guide covers every user management action you will need as your team evolves.

Who this guide is for: Admins who manage team member and client accounts within Task Session.

What you will need: Admin-level access to your Task Session installation.

Editing User Information

User details can change at any time — a team member gets a new email address, a client’s company name changes, or someone’s role within your organisation evolves. Admins can update any user’s profile without affecting their project history, task assignments, or file uploads.

What You Can Edit

FieldWhere It AppearsNotes
Full nameTask assignments, chat, invoices, activity logsUpdates reflect across the system immediately.
Email addressLogin credentials, notifications, invoice emailsThe user will need to log in with the new email going forward.
Role / permissionsSystem-wide access controlChange takes effect on the user’s next page load or login.
PasswordLogin credentialsAdmin can reset directly. See the password reset section below.
Profile photo / avatarChat, task cards, team listsUsers can also update their own photo from their profile.
Company / contact details (clients)Client profiles, invoicesUseful when a client’s billing address or company name changes.

Step-by-Step: Edit a User Profile

  1. Log in to Task Session with an Admin account.
  2. Navigate to the Users section from the main navigation menu.
  3. Locate the user you want to update. You can search by name or email, or browse the user list.
  4. Click on the user’s name or the Edit option to open their profile.
  5. Update the relevant fields — name, email, role, or any other editable information.
  6. Click Save to apply the changes.

Important: If you change a user’s email address, make sure to inform them. Their old email will no longer work for logging in or receiving Task Session notifications.

Changing a User’s Role

Roles determine what a user can see and do within Task Session. You may need to change a role when someone is promoted, changes responsibilities, or when you realise a user was assigned the wrong level of access.

To change a user’s role:

  1. Open the user’s profile from the Users section.
  2. Find the Role dropdown or assignment field.
  3. Select the new role — Admin, Staff, Client, or any custom role you have created.
  4. Save the changes.

The new permissions take effect immediately. If the user is currently logged in, the updated access will apply on their next page load.

Caution: Be careful when granting Admin access. Admin users have full system control — including the ability to manage payment gateways, delete projects, and modify other users’ accounts. Only assign this role to people who genuinely need it.

Resetting Passwords

Forgotten passwords are one of the most common support requests. Task Session provides two ways to reset a password depending on the situation.

Method 1: User Self-Service Reset (via Email)

If your SMTP email settings are configured correctly, users can reset their own passwords:

  1. On the Task Session login page, the user clicks “Forgot your password?” (or the equivalent link).
  2. They enter their registered email address.
  3. Task Session sends a password reset link to that email.
  4. The user clicks the link and creates a new password.

Prerequisite: This method only works if SMTP/email sending is properly configured on your server. If the user does not receive the reset email, check your SMTP settings and spam/junk folders first. See our guide on Email Notifications Not Working? Here’s How to Fix It.

Method 2: Admin Manual Reset

If the user cannot access their email, or if email sending is not configured, an Admin can reset the password directly:

  1. Log in to Task Session with your Admin account.
  2. Go to the Users section.
  3. Find and open the affected user’s profile.
  4. Locate the Password field and enter a new password.
  5. Save the changes.
  6. Communicate the new temporary password to the user securely (not via an unencrypted email if possible). Ask them to change it after logging in.

Method 3: Database Reset (Emergency / Locked-Out Admin)

If you are the sole Admin and have been locked out entirely — for example, you have forgotten your password and email is not working — you can reset the password directly in the database.

Advanced method — use with care. This requires access to your server’s database (via phpMyAdmin, MySQL command line, or a similar database management tool). Only use this method if the other options are not available.

  1. Access your database management tool (e.g., phpMyAdmin from your hosting control panel).
  2. Open the Task Session database.
  3. Locate the users table (the exact table name may vary — look for the table that stores user records).
  4. Find the row for the Admin account you need to reset.
  5. Update the password field with a new hashed value. The hashing method depends on your Task Session version — commonly bcrypt or password_hash() in PHP.
  6. Save the database change and log in with the new password.

For a more detailed walkthrough, see our dedicated article: Forgot Admin Password? How to Reset It.

Deactivating User Accounts

When a team member leaves, a contractor’s engagement ends, or a client project is completed, you will want to revoke their access. The recommended approach is to deactivate the account rather than delete it.

Deactivate vs. Delete: What is the Difference?

ActionLogin AccessData Preserved?Reversible?When to Use
DeactivateRevokedYes — all tasks, comments, files, invoices, and chat history remain intact.Yes — reactivate at any time.Recommended in most cases. Staff departures, completed client projects, paused collaborations.
DeleteRevokedDepends on implementation — associated records may become orphaned or removed.No — permanent.Only when you need to permanently remove a user and accept the risk of data loss.

Our recommendation: Always deactivate rather than delete. A deactivated account costs nothing (remember — Task Session has no per-seat pricing), preserves your complete project history, and can be reactivated if the person returns. There is no downside to keeping a deactivated account in the system.

Step-by-Step: Deactivate a User Account

  1. Log in to Task Session with an Admin account.
  2. Navigate to the Users section.
  3. Find the user you want to deactivate.
  4. Open their profile and look for the Deactivate option (this may be a toggle, a status dropdown, or a button depending on your Task Session version).
  5. Confirm the deactivation.

Once deactivated:

  • The user cannot log in to Task Session or the Client Portal.
  • All their existing data remains untouched — their name still appears on tasks they were assigned to, comments they left, files they uploaded, and invoices they are associated with.
  • They will no longer receive email notifications from the system.
  • Their user record remains in the system and can be reactivated at any time.

Step-by-Step: Reactivate a User Account

  1. Go to the Users section. You may need to filter the list to show inactive or deactivated accounts.
  2. Find the deactivated user.
  3. Open their profile and change the status back to Active.
  4. Save. The user can now log in again with their existing credentials.

Tip: If the reactivated user has forgotten their password, use the password reset methods described earlier in this guide to get them back in.

Common Scenarios and How to Handle Them

A staff member is leaving the company

  1. Reassign their active tasks — open any tasks still assigned to them and transfer ownership to another team member so nothing falls through the cracks.
  2. Review their project access — make a note of which projects they were involved in, in case you need context later.
  3. Deactivate the account — this preserves their entire contribution history while immediately revoking access.

A client project has been completed

  1. Confirm all invoices are paid — check the invoicing section for any outstanding balances before winding down access.
  2. Archive the project — move the project to an archived state to keep the data but remove it from active views.
  3. Deactivate the client account — if the client has no other active projects. If they return for future work, simply reactivate their account and create a new project.

A team member’s role has changed

If someone is promoted from a Staff role to a managerial position, update their role rather than creating a new account. Go to their profile, change the role to a more appropriate level (or assign a custom role with the right permissions), and save. All their existing task history, chat messages, and file uploads remain linked to the same account.

A user’s email address has changed

  1. Open the user’s profile from the Users section.
  2. Update the email address field to the new email.
  3. Save the changes.
  4. Notify the user — let them know their login email has changed. If they use Google Login (OAuth), they may need to re-link their account depending on the new email domain.

Admin is locked out and cannot reset password via email

This happens when SMTP is not configured or the admin email is inaccessible. Use the database reset method described in the password section above. Access phpMyAdmin (or your preferred database tool) through your hosting control panel, locate the users table, and update the admin password hash directly. For full instructions, see Forgot Admin Password? How to Reset It.

Best Practices for User Account Management

1. Always Deactivate, Never Delete

Since Task Session has unlimited users at no extra cost, there is no financial reason to delete accounts. Deactivation gives you the same security benefit (no login access) while preserving a complete audit trail of work done.

2. Use Strong Password Policies

Task Session supports configurable password policies and login attempt limits. Enable these settings to reduce the chance of compromised accounts — especially important for accounts with Admin access. Navigate to your system settings to configure minimum password length and login attempt thresholds.

3. Audit User Access Quarterly

Set a recurring reminder to review your active user list every quarter. Look for:

  • Accounts that should have been deactivated (former employees, completed client projects).
  • Users with Admin access who no longer need it.
  • Custom roles that may need updated permissions as your workflows evolve.

4. Communicate Changes to Users

Whenever you change a user’s email, role, or password, let them know directly. Task Session may send an automated notification (depending on your SMTP configuration), but a personal heads-up avoids confusion — especially for clients.

5. Configure SMTP Before You Need It

Many password reset and account management features depend on email delivery. Set up and test your SMTP settings early so that self-service password resets work when your users need them. Do not wait until someone is locked out to discover that email is not configured.

Quick Reference

TaskWho Can Do ItSteps Summary
Edit user name or emailAdminUsers ? Select user ? Edit fields ? Save
Change user roleAdminUsers ? Select user ? Change Role dropdown ? Save
Self-service password resetAny user (SMTP required)Login page ? Forgot Password ? Enter email ? Reset via link
Admin manual password resetAdminUsers ? Select user ? Set new password ? Save ? Notify user
Database password resetServer ownerphpMyAdmin ? Users table ? Update password hash ? Save
Deactivate a userAdminUsers ? Select user ? Deactivate ? Confirm
Reactivate a userAdminUsers ? Filter inactive ? Select user ? Set Active ? Save

Frequently Asked Questions

Will deactivating a user free up a licence seat?

Task Session does not use per-seat licensing, so there are no “seats” to free up. All plans include unlimited users. Deactivation simply revokes the user’s ability to log in — it has no effect on your billing or licence.

Can I edit a client’s profile the same way I edit a staff profile?

Yes. Client accounts can be edited from the Clients section (or from the Users section depending on your Task Session version). The same fields are available — name, email, company details, and permissions. You can also adjust what the client can see in the Client Portal.

What happens to tasks assigned to a deactivated user?

The tasks remain as they are — assigned to the deactivated user’s name. However, the deactivated user cannot act on them. You should reassign any open tasks to an active team member before or after deactivation to ensure work continues uninterrupted.

Can a deactivated user still appear in chat history and task comments?

Yes. All messages, comments, and contributions made by the user before deactivation remain visible and attributed to their name. Deactivation does not erase or anonymise historical activity.

Is there a way to bulk-deactivate multiple users at once?

This depends on your Task Session version. If bulk actions are available, you will see a checkbox or multi-select option in the Users list. Otherwise, deactivation is done one account at a time. If you manage a large team and need to off-board many users simultaneously, consider scripting the update via the database — but always back up your database first.

Can I change my own Admin password from inside Task Session?

Yes. Log in and navigate to your own profile or account settings. You should be able to update your password from there without needing another Admin’s help.