3 Ways to Add Members to GitHub
Adding people to a GitHub org or repo decides who can view, edit, and deploy your code. I’ll cover three ways to add members, org invites, repo collaborators, and teams, so access fits your team and avoids mistakes.
You’ll see how permission levels (read, triage, write, maintain, admin) map to tasks, plus tips on invitations, team inheritance, and cross-repo access control. Pick the safest fit.
Table of Contents
Use Github’s UI
Here you’ll use the GitHub web UI to add someone to an organization or invite them as a repository collaborator. The steps below follow GitHub’s own guidance (see docs titled “Inviting collaborators to a repository” and “Inviting users to join your organization”).
Invite someone to an organization
- Go to your organization page on github.com and click
People. - Click
Invite member. - Type the person’s GitHub username or email, then click their name when seems.
- Choose a role for the invitee:
- Member
- Billing manager (if needed)
- Owner (only for trusted admins)
- Optionally add them to one or more teams so they get the right repo access.
- Click
Send invitation. The person will get an email and an in-site notification.
Add a collaborator to a repository
- Open the repository on github.com.
- Click
Settings(you need repo admin rights). - On the left, click
Manage access. - Click
Invite a collaborator. - Enter the GitHub username or email, choose the correct user, and set the permission level:
- Read
- Triage
- Write
- Maintain
- Admin
- Click
Add <username>to send the invite.
Check, resend, or cancel invites
- For organization invites: go to
People>Invitationsto see pending invites. - For repository invites: go to the repo
Settings>Manage accessto view pending collaborators. - From those screens you can resend or cancel invites if needed.
Notes and common pitfalls
- You must be an organization owner to invite members to the organization, or a repo admin to add collaborators.
- The invitee needs a GitHub account. If your org enforces SAML SSO or other access rules, they may also need to accept additional prompts before getting repo access.
- If the person doesn’t show up when you search, double-check their exact username or ask them for the email tied to their GitHub account.
If you want GitHub’s step-by-step visuals, look up the official docs titled “Inviting collaborators to a repository” and “Inviting users to join your organization” for screenshots and extra details.
Use Torii
Rather than doing this directly in Github, you can handle member additions through Torii, a SaaS Management Platform. SMPs let you centralize management of SaaS apps and subscriptions, making it simple to programmatically onboard/offboard users, inspect subscription details, and more.
Instead of a manual update in Github, Torii lets you automate the task so it runs whenever a defined trigger occurs - for example, a new hire, an employee exit, or a contract renewal. Automating repetitive member changes can save considerable time and reduce human error.
To add member in Github straight from Torii, follow these steps:
1. Sign up for Torii
Contact Torii, and ask for your free two-week proof-of-concept.
2. Connect your Github account to Torii
After your Torii account is set up, link Github to Torii (assuming you already have an account). Here are the instructions for the Github integration.
3. Create a Torii workflow for Github
In Torii, build an automated workflow that adds a member to Github: go to the Workflows tab, define the trigger, then add an action that performs the Github member addition. Once the workflow is active, Github will be updated automatically each time the trigger fires.
Use Github’s API
Here, you’ll use the GitHub REST API to invite someone into an organization. The steps cover how to build the request, check whether they joined, and revoke the invite if needed.
1. Get a token with org admin rights
You need an auth token that can manage organization invitations. Use a personal access token with the admin:org scope, or a GitHub App configured for organization invitations. Keep the token secret and send it in the Authorization header.
2. (Optional) Find the user’s numeric ID
If you want to invite by GitHub account rather than email, find the user’s numeric ID first.
Example curl:
curl -H "Authorization: token YOUR_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/users/USERNAME
Look for the id field in the JSON response and use that as invitee_id.
3. Create the invitation
Send a POST to the organization invitations endpoint. The body accepts different fields depending on how you invite.
- The request body can include:
invitee_id(integer) to invite by account idemail(string) to invite by email addressrole(string) common values:direct_memberoradminteam_ids(array) team IDs to add the member to
Example curl:
curl -X POST -H "Authorization: token YOUR_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
-H "Content-Type: application/json" \
https://api.github.com/orgs/ORG/invitations \
-d '{"invitee_id": 123456, "role": "direct_member", "team_ids": [111111,222222]}'
A successful creation typically returns 201 with the invitation object in JSON.
4. Check invitation status or membership
To see pending invites for the org, list invitations. To check if a user is already a member, request the membership endpoint.
Example curl to list pending invitations:
curl -H "Authorization: token YOUR_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/orgs/ORG/invitations
Example curl to check membership (status codes matter):
curl -I -H "Authorization: token YOUR_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/orgs/ORG/members/USERNAME
- 204 means the user is a member.
- 404 means not a member (or not visible to the token).
5. Revoke a pending invitation
If you need to cancel an invitation, delete it by invitation ID.
Example curl:
curl -X DELETE -H "Authorization: token YOUR_TOKEN" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/orgs/ORG/invitations/INVITATION_ID
A successful delete usually returns 204 No Content.
Notes on common responses
- 201: invitation created
- 204: no content (used for membership check or delete success)
- 403/401: auth or permission problem - verify token scopes and org admin rights
- 404: resource not found or not visible to your token
That’s the API flow: get a token, identify the invite target (username or email), POST an invitation, then check or revoke as needed.
Frequently Asked Questions
You have three ways to grant access: GitHub’s web UI for quick invites, Torii for workflow-driven automation, or the GitHub REST API for scripted control. Each path sends an invitation the recipient accepts before joining your organization or repository.
Repository roles map to specific actions: Read lets users view code; Triage handles issue and PR triage; Write pushes commits; Maintain manages settings without full admin; Admin grants all rights, including deleting the repo and changing permissions.
An organization invitation gives the person a membership that can span many repositories, especially when paired with teams. A repository collaborator invite is scoped to one repo only. Choose org membership for long-term employees, and repo collaboration for external contributors.
When you add someone to a team, they inherit every permission that team has across multiple repositories. Adjusting the team’s role updates access everywhere, so teams are safer and easier to audit than granting rights one repo at a time.
Yes. After connecting GitHub to Torii, you can build a workflow that triggers on events like new hires. Torii then calls GitHub’s API to create invitations automatically, ensuring consistent access and reducing manual errors.
Generate a token with the admin:org scope, then POST to /orgs/ORG/invitations with either an email or invitee_id plus role and optional team_ids. A 201 response confirms the invite; use the invitations endpoint to monitor acceptance or DELETE to revoke.
