diff --git a/app/main/views/manage_users.py b/app/main/views/manage_users.py
index 156775770..ce95e7011 100644
--- a/app/main/views/manage_users.py
+++ b/app/main/views/manage_users.py
@@ -60,7 +60,7 @@ def invite_user(service_id):
         # view_activity is a default role to be added to all users.
         # All users will have at minimum view_activity to allow users to see notifications,
         # templates, team members but no update privileges
-        selected_permissions = [role for role in roles.keys() if request.form.get(role) == 'y']
+        selected_permissions = [role for role in sorted(roles.keys()) if request.form.get(role) == 'y']
         selected_permissions.append('view_activity')
         permissions = ','.join(selected_permissions)
         invited_user = invite_api_client.create_invite(
diff --git a/tests/app/main/views/test_manage_users.py b/tests/app/main/views/test_manage_users.py
index 88d370622..92c4f0686 100644
--- a/tests/app/main/views/test_manage_users.py
+++ b/tests/app/main/views/test_manage_users.py
@@ -161,10 +161,11 @@ def test_invite_user(
         assert page.h1.string.strip() == 'Manage team'
         flash_banner = page.find('div', class_='banner-default-with-tick').string.strip()
         assert flash_banner == 'Invite sent to test@example.gov.uk'
+        excpected_permissions = 'manage_api_keys,manage_service,send_messages,view_activity'
         app.invite_api_client.create_invite.assert_called_once_with(sample_invite['from_user'],
                                                                     sample_invite['service'],
                                                                     email_address,
-                                                                    sample_invite['permissions']+',view_activity')
+                                                                    excpected_permissions)
 
 
 def test_cancel_invited_user_cancels_user_invitations(app_,