Organization
A HarborGuard organization is the top-level tenant boundary. All registries, scans, vulnerabilities, reports, and audit events belong to exactly one organization. Members, API keys, SSO connections, and notification channels are scoped to it.
Member lifecycle
| State | Reached by | Can sign in | Counts toward seat limit |
|---|---|---|---|
invited | Admin sends invite, or SCIM creates a user pending first login | No | Yes |
active | Member accepts invite (sets password) or completes first SSO login | Yes | Yes |
suspended | Admin suspends — preserves all assignments, audit history, and triage ownership | No | No |
Removing a member is a hard delete of the membership row rather than a status transition. The underlying user record is retained where they own historical artifacts (audit-log entries, attestations, triage assignments) so their actions remain attributable, but they no longer count against the seat limit and cannot sign in to this organization.
Invites are sent by email and expire after 7 days. Re-sending the invite issues a fresh token; the old token is invalidated.
Suspending instead of removing is the recommended pattern for offboarding. It keeps SLA assignments and exception ownership intact for audit traceability while immediately revoking access.
Inviting members
Navigate to Settings -> Members -> Invite member. Provide:
- Email address
- Role (see Roles and permissions)
- Optional team assignment
The invitee receives an email with a one-time link. They set a password and land on the dashboard with the assigned role.
For automated provisioning at scale, configure SSO with just-in-time provisioning, or use the SCIM provisioning hook.
Teams
Teams group members and scope their access to a subset of registries. A member belongs to zero or more teams; their effective registry access is the union of all team-granted registries plus any organization-wide grants from their role.
Create teams under Settings -> Teams. For each team you can:
- Assign members
- Grant access to specific registries
- Map an IdP group to the team (auto-membership for SSO/SCIM users — see SCIM)
Teams do not override role permissions; they restrict the resource scope the role applies to.
Transfer ownership
Every organization has exactly one Owner. Owners can transfer the role from Settings -> Organization -> Transfer ownership:
- Select an existing Admin in the org. Owners cannot transfer to non-members or to suspended accounts.
- Confirm with the current Owner's password.
- The current Owner is downgraded to Admin atomically with the promotion. The transfer is recorded in the audit log.
Owners are the only role that can delete the organization, change billing details, or transfer ownership.
Organization deletion
Deleting an organization is a soft-delete followed by a 14-day retention window. During the window:
- All sessions are terminated
- All scans and webhooks are paused
- The Owner can restore from Settings -> Organization -> Restore
After 14 days, all organizational data is purged irrecoverably. Audit log exports taken before deletion remain valid evidence.
What's in this section
Roles and permissions
Built-in roles and the permission matrix that scopes member access.
SSO
SAML and OIDC single sign-on with just-in-time user provisioning.
User provisioning
SCIM provisioning hooks for automated user and group lifecycle management.
API keys
Organization-scoped API keys for machine access to the REST API.
Personal access tokens
User-scoped tokens that inherit the issuing member's permissions.
Audit log
Immutable record of every policy edit, role change, and export.