diff --git a/app/main/views/manage_users.py b/app/main/views/manage_users.py
index 843348bcf..0b5f0e7f0 100644
--- a/app/main/views/manage_users.py
+++ b/app/main/views/manage_users.py
@@ -56,8 +56,9 @@ def invite_user(service_id):
     form = InviteUserForm()
     if form.validate_on_submit():
         email_address = form.email_address.data
+        permissions = _get_permissions(request.form)
         try:
-            resp = invite_api_client.create_invite(current_user.id, service_id, email_address)
+            resp = invite_api_client.create_invite(current_user.id, service_id, email_address, permissions)
             flash('Invite sent to {}'.format(resp['email_address']), 'default_with_tick')
             return redirect(url_for('.manage_users', service_id=service_id))
 
@@ -113,3 +114,14 @@ def delete_user(service_id, user_id):
         service=get_service_by_id_or_404(service_id),
         service_id=service_id
     )
+
+
+def _get_permissions(form):
+    permissions = []
+    if form.get('send_messages') and form['send_messages'] == 'yes':
+        permissions.append('send_messages')
+    if form.get('manage_service') and form['manage_service'] == 'yes':
+        permissions.append('manage_service')
+    if form.get('manage_api_keys') and form['manage_api_keys'] == 'yes':
+        permissions.append('manage_api_keys')
+    return ','.join(permissions)
diff --git a/app/notify_client/invite_api_client.py b/app/notify_client/invite_api_client.py
index 7b30dcad6..515422780 100644
--- a/app/notify_client/invite_api_client.py
+++ b/app/notify_client/invite_api_client.py
@@ -13,11 +13,12 @@ class InviteApiClient(BaseAPIClient):
         self.client_id = app.config['ADMIN_CLIENT_USER_NAME']
         self.secret = app.config['ADMIN_CLIENT_SECRET']
 
-    def create_invite(self, invite_from_id, service_id, email_address):
+    def create_invite(self, invite_from_id, service_id, email_address, permissions):
         data = {
             'service': str(service_id),
             'email_address': email_address,
-            'from_user': invite_from_id
+            'from_user': invite_from_id,
+            'permissions': permissions
         }
         resp = self.post(url='/service/{}/invite'.format(service_id), data=data)
         return resp['data']
diff --git a/app/templates/components/yes-no.html b/app/templates/components/yes-no.html
index 4432d6a9f..554a8e1fc 100644
--- a/app/templates/components/yes-no.html
+++ b/app/templates/components/yes-no.html
@@ -5,11 +5,11 @@
     </legend>
     <div class='yes-no-fields inline'>
       <label class='block-label'>
-        <input type='radio' name='{{ name }}' {% if current_value == True %}checked{% endif %} />
+        <input type='radio' name='{{ name }}' value='yes' {% if current_value == True %}checked{% endif %} />
         Yes
       </label>
       <label class='block-label'>
-        <input type='radio' name='{{ name }}' {% if current_value == False %}checked{% endif %} />
+        <input type='radio' name='{{ name }}' value='no' {% if current_value == False %}checked{% endif %} />
         No
       </label>
     </div>
diff --git a/app/templates/views/invite-user.html b/app/templates/views/invite-user.html
index d1e6e5c7b..da40d42ff 100644
--- a/app/templates/views/invite-user.html
+++ b/app/templates/views/invite-user.html
@@ -28,6 +28,7 @@ Manage users – GOV.UK Notify
         <legend class='heading-small'>
           Permissions
         </legend>
+        <span class="form-hint">All team members can see message history</span>
         {{ yes_no('send_messages', 'Send messages', user.permission_send_messages) }}
         {{ yes_no('manage_service', 'Manage service', user.permission_manage_service) }}
         {{ yes_no('manage_api_keys', 'Manage API keys', user.permission_manage_api_keys) }}
diff --git a/tests/app/main/views/test_manage_users.py b/tests/app/main/views/test_manage_users.py
index 9a2e4a9b5..438e3060e 100644
--- a/tests/app/main/views/test_manage_users.py
+++ b/tests/app/main/views/test_manage_users.py
@@ -83,18 +83,22 @@ def test_invite_user(
     from_user = api_user_active.id
     service_id = service_one['id']
     email_address = 'test@example.gov.uk'
+    permissions = 'send_messages,manage_service,manage_api_keys'
 
     with app_.test_request_context():
         with app_.test_client() as client:
             client.login(api_user_active)
             response = client.post(
                 url_for('main.invite_user', service_id=service_id),
-                data={'email_address': email_address},
+                data={'email_address': email_address,
+                      'send_messages': 'yes',
+                      'manage_service': 'yes',
+                      'manage_api_keys': 'yes'},
                 follow_redirects=True
             )
 
         assert response.status_code == 200
-        mock_create_invite.assert_called_with(from_user, service_id, email_address)
+        mock_create_invite.assert_called_with(from_user, service_id, email_address, permissions)
         mock_get_invites_for_service.assert_called_with(service_id=service_id)
         page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
         assert page.h1.string.strip() == 'Manage team'
diff --git a/tests/conftest.py b/tests/conftest.py
index a4fce6a46..02bd09df4 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -538,12 +538,13 @@ def mock_s3_upload(mocker):
 
 @pytest.fixture(scope='function')
 def mock_create_invite(mocker):
-    def _create_invite(from_user, service_id, email_address):
+    def _create_invite(from_user, service_id, email_address, permissions):
         data = {'id': uuid.uuid4(),
                 'from_user': from_user,
                 'service': service_id,
                 'email_address': email_address,
-                'status': 'pending'}
+                'status': 'pending',
+                'permissions': permissions}
         return data
     return mocker.patch('app.invite_api_client.create_invite', side_effect=_create_invite)