Workplace permissions are assigned at the user level with three tiers of access: Collaborator, Admin, and Owner.
Two workplace owners recommended
For security, Doppler staff are not able to change a user's level of access. If only a single owner exists for a workplace and that account is unable to sign in, your workplace is effectively blocked from performing operations requiring Owner access. We strongly recommend you have two workplace owners as a backup in case one of the owners is unable to sign in. The second account can be a special "admin-only" account that is only used in emergencies.
Role based access requires an upgraded subscription
Workplace owners can configure the default workplace and project permission levels assigned to new users from the Team page, then clicking the Roles tab.
We recommend using our default provided access levels although smaller companies may want to make this less restrictive to reduce having to manually grant project permissions on a per user basis.
Exercise your best judgment and follow the principle of least privilege to ensure you're taking advantage of Doppler's fine-grained access controls. This ensures team members only have access to the secrets for the environments they need to manage.
Users can be added to Doppler using four methods:
- Send Invite
- Self-Serve via Email Single Sign-On
- SAML Single Sign-On
Users can be manually invited to join a workplace from the Team page. The account must be able to receive mail in order to retrieve the confirmation code which must be entered prior to the user being allowed to access the workplace.
If domain verification has been completed, Email Single Sign-On can be enabled via the Team page and allows any user with an email for that domain to self-register their Doppler account at https://dashboard.doppler.com/login.
This is a simple and fast method to give your entire team or company access on a self-serve basis.
Doppler supports SAML Single Sign-On for managing workplace access and authentication using your Single Sign-On provider.
SAML SSO and SCIM require an upgraded subscription
User access permissions can be viewed from the Team page with Owner permissions required in order to add or remove users from a workplace via the dashboard.
You can view the access permissions for a specific user by clicking the user's name with the details screen displaying what projects they can access and what user groups groups they belong to.
Workplace owners and admins have full access to every project and environment while collaborators need to be assigned project access manually (unless SCIM is used for dynamic provisioning and project group assignment).
See our dedicated project permissions guide to learn more.
Groups requires an upgraded subscription
Workplaces using email account-based access and SAML will use the dashboard to remove users from Team page by clicking the Remove link.
Updated about 1 month ago