REVSET LABS · EXPERT GUIDE·CRM & Contacts

Effectively Manage User Access in GoHighLevel: A Step-by-Step Guide

987 words·4 min read·Updated 27 April 2026·beginner·

Arsalan ZaffarLinkedIn

👉 Start your 30-day GoHighLevel free trial.

Quick Answer

To manage user access in GoHighLevel, go to Agency Settings → Team for agency-level users or Sub-Account Settings → My Staff for sub-account users. This process typically takes 3-5 minutes per user, depending on the number of permissions you configure.

Key Takeaways

✓Always apply the principle of least privilege: grant only the minimum necessary permissions to each user.
✓Utilize 'Account' type users for specific client access, restricting their view to designated sub-accounts.
✓Regularly review and update user permissions to align with changing roles and responsibilities.
✓Understand the distinct functionalities of 'Agency' vs. 'Account' user types for proper assignment.
✓Leverage multi-channel OTP for secure verification when changing sensitive user information like email addresses.

Understanding User Access in GoHighLevel

Managing user access in GoHighLevel is crucial for controlling who can do what within your agency and client accounts. This guide shows you how to add, edit, and delete users, ensuring your team and clients have the right level of access. You will learn to navigate both agency-level and sub-account-level user management settings.

How to Manage Users at the Agency Level

This section is for agency owners or administrators who need to grant or modify access for employees or client personnel across multiple client accounts. Here, you manage users who operate across your entire agency structure.

Access Agency Settings — Go to Settings from the left-hand navigation menu while you are in your Agency View. This takes you to your agency-wide configuration options.

Navigate to Team Management — Click on Team. This displays a list of all current users associated with your agency, including those added at the sub-account level.

Add a New User or Edit Existing — To create a new user, click + Add User in the top right corner. To modify an existing user, click on their name in the list.

Enter User Details — Fill in the user's First Name, Last Name, Email (which serves as their login email), Phone Number, and Password. You can also upload a Personal logo for their profile picture.

Define User Type — Under User Type, select either Agency or Account. An 'Agency' user can access all client accounts, while an 'Account' user is restricted to specific client accounts you assign.

Assign Account Access — If you chose 'Account' type, specify which client accounts this user can access. If you selected 'Agency' type, choose which specific accounts they receive notifications for.

Set Roles and Permissions — Configure granular permissions under Roles & Permissions. This controls precisely what the user can view, edit, or delete within GoHighLevel, from marketing tools to settings.

Enable Login As (Optional) — Toggle Enable Login As if you want this specific admin to be able to impersonate and log in as other users. This option is permission-gated per admin.

Save Changes — Click Save to create the new user or update the existing user's profile. The user can now log in with the provided credentials and assigned access.

🔥 Pro Tip

When setting up new agency users, consider enabling Two-Factor Authentication (2FA) for added security. This protects sensitive agency data.

How to Manage Staff within a Specific Sub-Account

This section guides you on managing users (staff or clients) within a specific client's GoHighLevel account. Any user you add here will also be visible and manageable under your Agency Team Management.

Switch to the Relevant Sub-Account — First, switch to the specific client sub-account where you intend to manage staff. You can do this via the account selector dropdown.

Access Sub-Account Settings — In the left-hand navigation menu of the sub-account, click Settings. This opens the configuration options for that particular sub-account.

Go to My Staff — Click My Staff. This displays a list of all employees and users associated with this specific sub-account.

Add or Edit Staff Member — To add a new staff member, click + Add Employee. To modify an existing staff member's profile, click on their name in the list.

Enter Staff Details — Provide the First Name, Last Name, Email (for login), Phone Number, and Password. You also have the option to upload a Personal logo for their profile.

Configure Permissions — Adjust their Permissions to define what they can access and do within this specific sub-account. This allows you to restrict their view to only relevant features like calendars or contacts.

Save Staff Profile — Click Save to finalize the staff member's profile and apply the assigned permissions. The staff member can now log in to the specific sub-account with their credentials.

✅ Automatic personal booking calendar creation for newly added sub-account users depends on your agency-level Preloaded Example Data setting, found in Settings → Company.

Try GoHighLevel Free

Start your 30-day GoHighLevel free trial

Everything in this guide is in your free trial. 30 days, no credit card — the platform behind 78+ revenue systems.

Start 30-Day Free Trial →

Some links are affiliate links — if you sign up we may earn a commission, at no extra cost to you. We only recommend GoHighLevel because we build on it every day.

What are GoHighLevel Roles and Permissions?

Roles and permissions are the core of GoHighLevel's user access control. They allow you to fine-tune exactly what each user can do, which parts of the platform they can see, and what actions they can perform. This ensures data security and operational efficiency.

🔥 Pro Tip

Use permission templates for common roles (e.g., 'Sales Rep,' 'Support Agent') to save time and ensure consistent access levels across similar users. You can create and apply these templates at the agency level.

How to Securely Change a User's Email Address

Changing a user's login email is a sensitive update that requires verification to maintain account security. GoHighLevel supports multi-channel One-Time Password (OTP) verification to confirm identity, even if the existing email is inaccessible.

Initiate Email Change — Navigate to the user's profile (either in Agency Team or My Staff) and attempt to change their Email address in the designated field. Enter the new email address.

Receive Verification Prompt — The system will automatically prompt you for verification using an available Two-Factor Authentication (2FA) method associated with your account or the user's.

Select Verification Method — Choose from available options such as Email OTP, Phone (SMS) OTP, or TOTP (Authenticator app). The options shown depend on the user's verified 2FA methods.

Enter OTP Code — Input the One-Time Password code you receive via your chosen method into the verification field provided by GoHighLevel. This confirms your identity.

Complete Change — Once the OTP is successfully verified, the user's email address will be securely updated. The user can then log in with their new email.

⚠️ If no other verified 2FA method is available for the user, you will be prompted to set up an authenticator app before you can proceed with the email change.

GoHighLevel User Management Best Practices

Adhering to best practices ensures optimal security and efficiency in your GoHighLevel user management. These tips help you maintain a robust and compliant access structure.

Troubleshooting Common Issues

⚠️ User cannot log in after creation or password reset.

Verify the email and password entered for the user, ensure their email is unique and not already in use, and check for any active 2FA requirements preventing login. Reset their password if necessary.

⚠️ User sees too many or too few features/data.

Edit the user's profile and carefully reconfigure their Permissions settings. Ensure the correct User Type (Agency/Account) is selected and that specific sub-accounts are properly assigned under Account assignment.

⚠️ Cannot change a user's login email address.

Ensure the user has at least one 2FA method set up and verified. Follow the multi-channel OTP prompt to confirm identity using an available method (SMS, Email, or Authenticator app).

⚠️ An 'Account' type user cannot access a specific sub-account.

For 'Account' type users, confirm that the specific sub-account is explicitly assigned to them in their user profile. Go to Agency Settings → Team, edit the user, and check their Account assignment.

⚠️ The 'Login As' option is missing for an admin user.

Edit the admin's user profile in Agency Settings → Team. Under Roles & Permissions → User Management, ensure the Enable Login As toggle is switched ON for that specific user.

Common Mistakes to Avoid

→Granting full agency access ('Agency' user type) unnecessarily, violating the principle of least privilege.
→Forgetting to assign specific sub-accounts to 'Account' type users, leading to access denied issues.
→Not regularly reviewing and updating user permissions as roles change, creating security vulnerabilities.
→Using weak or generic passwords for new users, increasing the risk of unauthorized access.
→Ignoring the multi-channel OTP for email changes, which bypasses a critical security layer.

Frequently Asked Questions

QWhat is the main difference between an 'Agency' user and an 'Account' user type in GoHighLevel?

An 'Agency' user type grants broad access across all client accounts under your agency, typically for agency staff. An 'Account' user's access is restricted to only the specific client accounts you explicitly select, making it ideal for client-side employees or roles with limited scope.

QIf I add a new staff member within a sub-account, will they also appear in my Agency Team Management list?

Yes, any user added at the sub-account level (via **My Staff**) is automatically visible and manageable within your **Agency Team Management** list. This provides a centralized overview of all users across your entire GoHighLevel ecosystem.

QHow can I ensure a user only sees specific parts of GoHighLevel, like just the Calendar or Funnels, and not everything?

You can fine-tune access by editing the user's profile and carefully adjusting their **Permissions**. GoHighLevel allows granular control over which features (e.g., Marketing, Settings, Conversations) and actions (view, edit, delete) a user can perform, ensuring they only see what is relevant to their role.

QWhat should I do if a user's role changes and they need different access levels or different sub-account assignments?

Navigate to the user's profile in either **Agency Team** (for agency-level users) or **My Staff** (for sub-account users). You can then easily edit their **User Type**, modify their **Account assignment**, or update their **Permissions** to align with their new responsibilities and access requirements.

QWhy am I prompted for a One-Time Password when attempting to change a user's email address in GoHighLevel?

Changing a user's login email is a critical security action that could potentially compromise an account. GoHighLevel implements multi-channel OTP verification to confirm your identity, safeguarding the account even if the original email is compromised or currently inaccessible, by using another verified 2FA method.

Try GoHighLevel Free

Start your 30-day GoHighLevel free trial

Everything in this guide is in your free trial. 30 days, no credit card — the platform behind 78+ revenue systems.

Start 30-Day Free Trial →

Some links are affiliate links — if you sign up we may earn a commission, at no extra cost to you. We only recommend GoHighLevel because we build on it every day.

Arsalan Zaffar

Revset Labs · Revenue Systems · 78+ GHL Builds

Arsalan writes GHL guides from real build experience — 78+ systems, $9.2M in client pipeline. Wharton, CXL & Google certified.

Connect on LinkedIn

Tags:GoHighLevelUser ManagementAgency SettingsSub-Account StaffPermissionsRolesTeam ManagementGHL Guide