Access Control
Control who can access your projects and what they can do.
Role-Based Access
Organization Roles
| Role | Permissions |
|---|---|
| Owner | Full access, billing, delete org |
| Admin | Manage members, projects, settings |
| Member | Create and edit projects |
| Viewer | View only |
Project Roles
| Role | Permissions |
|---|---|
| Owner | Full project control |
| Editor | Edit content, comments |
| Commenter | Add comments only |
| Viewer | View only |
Managing Members
Invite Members
- Go to Settings → Members
- Click Invite
- Enter email and select role
- Send invitation
Update Roles
- Find member in list
- Click role dropdown
- Select new role
- Changes apply immediately
Remove Members
- Find member in list
- Click Remove
- Confirm removal
SSO (Business+)
Configure SAML SSO:
- Settings → Security → SSO
- Enter IdP metadata URL
- Configure attribute mapping
- Enable SSO
Supported providers:
- Okta
- Azure AD
- Google Workspace
- OneLogin
- Custom SAML 2.0
Two-Factor Authentication
Require 2FA for all members:
- Settings → Security
- Toggle Require 2FA
- Members have 7 days to set up
Session Management
- Sessions expire after 7 days of inactivity
- Force logout all sessions from Settings
- View active sessions and devices
API Key Permissions
Create scoped API keys:
{
"scopes": ["read:projects", "write:comments"],
"expiresAt": "2025-01-01"
}