Team Management

reading time 3 mins

Access Levels

Doppler offers 4 levels of access: owner, admin, collaborator, viewer.

Access Level

Description

Owner

Has access to everything in your Doppler workplace.

Admin

Has access to all of Enclave, but does not have access to the Team, Settings, and Billing dashboards.

Collaborator

Does not have access to projects initially. An owner or admin must add them to each project manually. Learn more

Viewer

Does not have access to projects initially. An owner or admin must add them to each project manually. They will have read-only permissions. Learn more

Here is a detailed breakdown of the access levels with the individual permissions.

Core

Owner

Admin

Collaborator

Viewer

Activity Logs

Read

Read

❌

❌

Team

Invite
Roll API Key
Remove

Read

Read

Read

Billing

Write

Read

Read

Read

Settings

Write

❌

❌

❌

Secrets Manager

Owner

Admin

Collaborator

Viewer

Projects

Read
Create
Rename
Delete

Read
Create
Rename
Delete

Invite Required
(Read + Write)

Invite Required
(Read Only)

Project Tools

Webhooks
Access

Webhooks
Access

❌

❌

Configs

Read
Create
Rename
Duplicate
Delete

Read
Create
Rename
Duplicate
Delete

Read

Read

Config Logs

Read
Rollbacks

Read
Rollbacks

Read
Rollbacks

Read

🚧

Workplace Ownership

Doppler does not have the ability to change ownership roles in your workplace. If in the rare case you have a single user with owner permissions and they are unable to access their account, your workplace will now be blocked from making changes that require owner permissions. It is highly recommended that you have at least 2 users with owner permissions to prevent this edge case from happening.

Adding Users

Doppler offers 3 ways to add users to your workplace: manual invites, email single-sign-on, and saml single-sign-on. Let's go over how and when to use each method.

Manual Invites

When you need to add individual users that may not be in your identity provider or google domain, adding them manually to Doppler is an easy way to get them on the workplace.

To add a user, go to the team dashboard.

Then click Invite User, which will present a modal asking for the users work email and access level.

Email Single Sign-On

Google Email SSO is a great way to quickly set up your workplace to onboard your entire company. To setup SSO head over the the Email Single Sign-On section on the team page. Then add the domain(s) a user needs to have to be automatically added to the workplace on registration. You will also need to select the default access level a user will receive when joining your workplace.

SAML Single Sign-On

Similarly to Email SSO, when SAML SSO is set up your team will be able to join the workplace using the SSO login flow. To set up single sign-on, head over to the SAML Single Sign-On section on the team page. We also have a great guide to help get you started.

You will need to fill in 3 fields to setup single sign-on: identity provider xml, email domain, and the default access level. Once those are saved you should see a SSO URL which will login or register your users.

Removing Users

Removing a user from Doppler is simple. Once you find the user you would like to remove, click the Remove button. After confirming, the user will be immediately removed from the workplace, and all their tokens will be revoked.


Did this page help you?