Skip to main content

Organizations & Teams

An organization is noBGP's sharing and billing boundary. Networks, nodes, and services belong to an organization; every member of the organization can work with them, and the organization receives one bill.

Personal organizations

Every account gets a personal organization automatically at signup — you are its Owner, and everything you create lands there by default. If you only ever use noBGP solo, you never need to think about organizations at all.

A personal organization is named after you: its name follows your profile name automatically, so renaming it is done by editing your profile.

Team organizations

Create a separate, shared organization when you want a team to operate the same infrastructure:

Create an organization called "Acme Corp"

Your AI assistant uses the org_create tool; you become the new organization's Owner. You can also manage organizations in the web app under Account.

New networks go to your personal org unless you target the team org (org_id on network_create, or select the organization in the app). Nodes are billed to the organization that owns the network they registered in.

Roles

Organization membership is tiered. Roles gate which operations a member may perform:

RoleCapabilities
OwnerEverything — including billing, SSO, transferring ownership, and deleting the organization
AdminManage members and invites, create/delete networks, plus all Member capabilities. An Admin cannot manage Owners or grant the Owner role
MemberView infrastructure, run commands on nodes, and publish/manage services

An organization always retains at least one Owner. Ownership is handed off explicitly: the current Owner transfers it to another member and becomes an Admin.

Inviting members

Invite teammates by email from Account → Members in the web app. Each invite:

  • Emails a one-time link that expires after 7 days
  • Grants a role you choose on acceptance (member by default)
  • Can be resent — resending rotates the link, so the previously issued one stops working

Admins may invite Members or Admins; only an Owner can bring in another Owner.

Renaming an organization

Team organizations can be renamed by an Owner or Admin — inline on the Members page in the app. Personal organizations follow your profile name instead (see above).

Audit log

Every tool invocation against the organization's infrastructure is recorded in a per-organization audit log, visible to Owners and Admins in the app under Account → Audit (filterable and paginated).

Each event captures who called which tool, the target it acted on, when, and the outcome. Tool arguments are not recorded — they can contain secrets.

Single Sign-On (SSO)

Organizations can require members to sign in through the company identity provider. Both OIDC and SAML providers are supported.

Setup is Owner-only:

  1. Connect an identity provider — the Owner opens an ephemeral admin-portal link and completes the connection (see org_sso_setup in the MCP Tools Reference).
  2. Optionally turn on enforcement — members must then log in via SSO; password and social logins are rejected. Enforcement can only be enabled after a provider is connected, so an organization can't lock itself out.

Members signing in through the organization's IdP for the first time are provisioned automatically.

Billing

Plans, allowances, and usage are all per organization — see Plans & Billing.