Organizations & Teams
An organization is noBGP's sharing and billing boundary. Networks, nodes, and services belong to an organization; every member of the organization can work with them, and the organization receives one bill.
Personal organizations
Every account gets a personal organization automatically at signup — you are its Owner, and everything you create lands there by default. If you only ever use noBGP solo, you never need to think about organizations at all.
A personal organization is named after you: its name follows your profile name automatically, so renaming it is done by editing your profile.
Team organizations
Create a separate, shared organization when you want a team to operate the same infrastructure:
Create an organization called "Acme Corp"
Your AI assistant uses the org_create tool; you become the new organization's Owner. You can also manage organizations in the web app under Account.
New networks go to your personal org unless you target the team org (org_id on network_create, or select the organization in the app). Nodes are billed to the organization that owns the network they registered in.
Roles
Organization membership is tiered. Roles gate which operations a member may perform:
| Role | Capabilities |
|---|---|
| Owner | Everything — including billing, SSO, transferring ownership, and deleting the organization |
| Admin | Manage members and invites, create/delete networks, plus all Member capabilities. An Admin cannot manage Owners or grant the Owner role |
| Member | View infrastructure, run commands on nodes, and publish/manage services |
An organization always retains at least one Owner. Ownership is handed off explicitly: the current Owner transfers it to another member and becomes an Admin.
Inviting members
Invite teammates by email from Account → Members in the web app. Each invite:
- Emails a one-time link that expires after 7 days
- Grants a role you choose on acceptance (
memberby default) - Can be resent — resending rotates the link, so the previously issued one stops working
Admins may invite Members or Admins; only an Owner can bring in another Owner.
Renaming an organization
Team organizations can be renamed by an Owner or Admin — inline on the Members page in the app. Personal organizations follow your profile name instead (see above).
Audit log
Every tool invocation against the organization's infrastructure is recorded in a per-organization audit log, visible to Owners and Admins in the app under Account → Audit (filterable and paginated).
Each event captures who called which tool, the target it acted on, when, and the outcome. Tool arguments are not recorded — they can contain secrets.
Single Sign-On (SSO)
Organizations can require members to sign in through the company identity provider. Both OIDC and SAML providers are supported.
Setup is Owner-only:
- Connect an identity provider — the Owner opens an ephemeral admin-portal link and completes the connection (see
org_sso_setupin the MCP Tools Reference). - Optionally turn on enforcement — members must then log in via SSO; password and social logins are rejected. Enforcement can only be enabled after a provider is connected, so an organization can't lock itself out.
Members signing in through the organization's IdP for the first time are provisioned automatically.
Billing
Plans, allowances, and usage are all per organization — see Plans & Billing.