Organizations form the basis of collective state within Buildless, across users, projects, and settings. Orgs are also referred to as "tenants."
In general, Organizations facilitate powerful team-wide features within Buildless. Caches can easily be shared across orgs, along with settings, replication, authorization, and more.
- Can invite any Buildless user to join
- Can create "managed" users, for instance, synchronized with a directory via SCIM
- Can automatically share access to caches across an organization
- Can create organization-level cache projects
- IT and finance users can be invited to manage auth or billing features
Organizations can own Projects, which are, by default, accessible to all users who are members of an org. Projects have a range of settings which control access and propagation.
There are two access levels available to organization-owned projects:
INTERNAL: Projects which are considered org-private. "Internal" projects, by default, share access controls within the organization, and allow any org user with sufficient access privileges to read or write cached objects.
PRIVATE: Projects which are controlled within an organization. "Private" projects enforce explicit access requirements, with no defaults for an organization.
PUBLIC: Projects which allow public reads. "Public" projects allow any connected client to read cache objects associated with this project. This mode is well suited for collaborative or open source projects.
The default access mode for org-owned projects is
Organizations have several options for managing users:
- Any Buildless individual user can be invited to an organization and granted permissions
- Organizations can create managed users, which only exist within the scope of their org
For minimal management overhead, smaller orgs are encouraged to use the invite-based flow, which is supported for any Buildless user account. Users should be encouraged to login however they are most comfortable, ideally via GitHub, so that source control integration doesn't need additional linkage.
Any member of an organization with at least
ADMIN privileges, or
IT_ADMIN privileges, can create and manage user accounts.
For larger organizations who want seamless integration, SCIM and SSO technologies are supported. Managed Users are user accounts which are managed by org administrators.
Managed users are provisioned and controlled entirely by org administrators, and do not exist outside of a Buildless org. As a result, some features are not available on the wider Buildless platform for managed users:
- Managed users cannot be invited to other orgs at this time
- Managed users cannot create public projects without administrator permission
- Managed users are entirely managed by customer systems, through technologies like SAML and SCIM
- Managed users can be mixed with invited users in an organization
Buildless supports the following auth and provisioning scenarios:
|✅ SAML, version 2.0||✅ SCIM, version 2.0|
|✅ WSFederate||✅ On-demand provisioning|
|✅ Google Workspace|
|✅ Microsoft Azure AD|
|✅ OIDC-compliant IDP|
See below for identity and provisioning support by provider:
|Google Workspace||✅ Supported (SAML or OIDC)||✅ Supported (SCIM)|
|Microsoft Azure AD||✅ Supported (SAML + OIDC)||✅ Supported (SCIM)|
|Okta||✅ Supported (SAML)||✅ Supported (SCIM)|
|OneLogin||✅ Supported (SAML)||✅ Supported (SCIM)|
|PingFederate||✅ Supported (SAML)||🚧 Talk to us|
Updated 29 days ago