# Mark staff member account In-scope

This cookbook demonstrates how to mark a staff member account as **in-scope** using the Sprinto Developer API.

When a staff member is marked as in-scope, they are included in your audit compliance scope and mapped to the relevant controls and automated checks configured in your Sprinto account.

This operation is performed using a GraphQL **mutation**.

***

### Before you begin

Ensure that you have:

* A valid **API key**
* Access to the Sprinto API Playground (if using the playground)
* The **email address** of the staff member you want to mark as in-scope

If the provided email address does not belong to an active staff member, the API returns an error.

***

### API Status

The Sprinto Developer API is currently in beta.

* Endpoints and schema fields may change as new functionality is introduced.

***

### Mutation: `markStaffAsInScope`

This mutation marks a staff member as in-scope using their email address.

#### Input Arguments

<table><thead><tr><th width="114.61328125">Argument</th><th width="92.6640625">Type</th><th width="111.40234375">Required</th><th>Description</th></tr></thead><tbody><tr><td><code>email</code></td><td>String</td><td>Yes</td><td>Email address of the staff member to mark as in-scope</td></tr></tbody></table>

***

### Example Mutation

{% tabs %}
{% tab title="Query" %}

```graphql
mutation Mutation($email: String!) {
  markStaffAsInScope(email: $email) {
    user {
      email
      fullName
    }
  }
}
```

{% endtab %}

{% tab title="Response" %}

```json
{
  "data": {
    "markStaffAsInScope": {
      "user": {
        "firstName": "John",
        "lastName": "Doe",
        "email": "johndoe@example.com",
        "pk": "edadfasdfdcdcadc"
      }
    }
  }
}
```

{% endtab %}
{% endtabs %}

**Try yourself**: [United States](https://app.sprinto.com/dev-api/explorer): [Europe](https://eu.sprinto.com/dev-api/explorer): [India](https://in.sprinto.com/dev-api/explorer)

***

### How the mutation works

* The request starts with the `Mutation` root type.
* The `markStaffAsInScope` mutation identifies the staff member using the `email` argument.
* If the operation succeeds, the API returns the updated `user` object.

***

### Response fields

You can request the following fields from the returned `user` object:

<table><thead><tr><th width="123.58984375">Field</th><th width="107.28125">Type</th><th width="343.5703125">Description</th></tr></thead><tbody><tr><td><code>firstName</code></td><td>String</td><td>First name of the staff member</td></tr><tr><td><code>lastName</code></td><td>String</td><td>Last name of the staff member</td></tr><tr><td><code>fullName</code></td><td>String</td><td>Full name of the staff member</td></tr><tr><td><code>email</code></td><td>String</td><td>Email address of the staff member</td></tr></tbody></table>

***

### Response codes and errors

The following response codes may be returned for this mutation:

<table><thead><tr><th width="128.0546875">Status code</th><th width="135.62109375">Status</th><th>Message</th><th>Reason</th></tr></thead><tbody><tr><td>200</td><td>Success</td><td>The account is marked as in-scope.</td><td>The staff member was successfully updated.</td></tr><tr><td>200</td><td>Error</td><td>Invalid email address or a non-staff account.</td><td>The email does not belong to a valid staff account or is marked as non-staff.</td></tr><tr><td>200</td><td>Error</td><td>The email was assigned to an offboarded staff member.</td><td>Offboarded staff members cannot be marked as in-scope.</td></tr><tr><td>401</td><td>Unauthorized</td><td>Invalid or expired API token.</td><td>The API key is invalid or disabled.</td></tr><tr><td>429</td><td>Too many requests</td><td>Too many requests. Please try again later.</td><td>The API rate limit has been exceeded.</td></tr></tbody></table>

***

### Next steps

After marking a staff member as in-scope, you can:

* Map them to relevant controls and automated checks
* Query in-scope staff members using paginated queries
* Mark staff members as **not-in-scope** when required


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sprinto.com/api-references/sprinto-cookbooks/mark-staff-member-account-in-scope.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.