Managing Teams

Learn about organizations and how to manage access to projects.


An organization represents your real organization, which contains many users and projects. Every user has a single primary organization, however any user may be invited to secondary organizations as guests. Organization adminstrators have full control over the users in the organization.

Within an organization, users are placed into groups. These groups determine which projects a user has access to, as well as their permissions within those projects. Every organization has a default group called “Administrators” which cannot be deleted and must contain at least one user.

Managing permissions on the organization

Organization groups are assigned the following permissions:

  • Organization admin: Allows users in the group to manage users, runners, and billing settings.
  • Create projects: Determines whether users in the group can create new projects in the organization
  • Default project access: When new projects are created, the group will automatically be assigned these permissions on the project.

Users and groups can be modified by organization admins by visiting “Account Settings” and clicking on “Users & Groups”.


A project is a workspace where one or more pipelines will be built. Projects often represent real-world projects, however they are also helpful for organizing sets of related pipelines and associated data.

The following features are scoped to projects:

  • Pipelines
  • Jobs
  • Credentials
  • Project Variables
  • Run History

Managing access to projects

Users may be granted access to projects in two ways:

  1. by being added to the project access list directly, or
  2. by being a member of an organization group which has access to the project.

Both of these assignments can be given the following project permissions:

  • Role: Grants the user or group access to project data. Can be read, read/write, or admin. The admin role allows the user to manage project access, as well as to delete the project.
  • Run pipelines: Grants the user or group the ability to run existing pipelines and jobs.

To manage project permissions, first open a project, then navigate to “Project Settings” from the main nav bar. Finally, click “Users & Groups” on the left.

Adding new users

To add a new user to your organzation, visit the “Account Settings” page, and then select “Users & Groups” from the left-hand sidebar.

When adding a user, you can specify the group(s) to which they will be added.

The user will receive an email inviting them to create an account. These invitations expire after 48 hours. Pending invitations are displayed below the user list, and you can resend an invitation if it hasn’t been accepted yet. Resending an invitation invalidates the previous invitation, so the user will need to follow the latest link in their inbox.

Collaborating with users outside your organization

The organization that created a user becomes the user’s “primary” organization. If a user is invited to a project or group in a non-primary organization, they will be added as a “guest” user. Guest users can be given all the same permissions as regular users.

Organization user quotas

The number of users in an organization is limited by the organization’s subscription plan. This count includes all primary organization users, as well as guest users and pending invitations.

Two-Factor Authentication

Two-factor authentication (2FA) is supported through Twilio Authy. To enable 2FA, visit the “My Profile” page by selecting “Account Settings” from the top-right dropdown.

Two-factor authentication requires a mobile phone number. The first time you enable 2FA, you will be sent a text message with a verification code that you’ll enter into the application. After enabling 2FA, it’s highly recommended to install the Authy mobile app, which automatically registers with your mobile number. Sophos Factory supports OneTouch login, which sends a push notification to your mobile device that allows you to log in with one tap.

Learn more about Authy