Skip to main content

Teams & Access Control

Manage who can access your organization and what they can do.

Organizations

An organization is a workspace that groups your projects, applications, and team members. Each organization has its own:

  • Projects and applications
  • Databases and resources
  • Billing subscription (instance plan)
  • Team members and roles
  • Notification channels

Team Members

Inviting Members

  1. Go to Organization SettingsTeam
  2. Click Invite Member
  3. Enter their email address
  4. Select a role
  5. Click Send Invite

The invited member receives an email with a link to join your organization.

Roles

RolePermissions
OwnerFull access. Manage billing, team, and all resources. Cannot be removed.
AdminManage projects, apps, databases, and team members. Cannot manage billing.
MemberView and deploy applications. Cannot create/delete projects or manage team.

Managing Members

  • Change role: Go to Team → click the member → select new role
  • Remove member: Go to Team → click Remove next to the member

Authentication

Email & Password

Standard sign-up with email verification. Password requirements:

  • Minimum 8 characters
  • Mix of letters and numbers recommended

OAuth Providers

Sign in with third-party providers (availability depends on platform configuration):

  • GitHub
  • Google
  • GitLab

Two-Factor Authentication (2FA)

Add an extra layer of security with TOTP-based 2FA:

  1. Go to Account SettingsSecurity
  2. Click Enable 2FA
  3. Scan the QR code with your authenticator app (Google Authenticator, Authy, 1Password, etc.)
  4. Enter the verification code
  5. Save your recovery codes in a secure location
caution

Store your recovery codes safely. If you lose access to your authenticator app and don't have recovery codes, you'll need to contact your platform administrator.

API Keys

Generate API keys for programmatic access to your organization's resources.

Creating an API Key

  1. Go to Organization SettingsAPI Keys
  2. Click Create Key
  3. Enter a description (e.g., "CI/CD Pipeline")
  4. Select permissions scope
  5. Click Create
  6. Copy the key immediately — it won't be shown again

Using API Keys

Include the API key in request headers:

curl -H "Authorization: Bearer your-api-key" \
  https://your-kuploy-instance.com/api/...

Managing Keys

  • Revoke: Go to API Keys → click Revoke next to the key
  • Keys should be rotated periodically for security
  • Delete unused keys

Best Practices

  1. Use least privilege — Assign the minimum role needed for each team member
  2. Enable 2FA — Especially for admin and owner accounts
  3. Rotate API keys — Regularly rotate keys used in CI/CD pipelines
  4. Audit team access — Periodically review who has access and remove inactive members
  5. Use separate keys per service — Don't share a single API key across multiple systems