ASD Logo ASD Logo ASD
Guides

Organisations

Overview

ASD uses a multi-tenant organisation model. Every user belongs to at least one organisation, and all resources —tunnel configurations, API keys, team members, and billing —are scoped to an organisation.

Organisation Hierarchy

Organisations support a three-level hierarchy:

Organisation
├── Department (optional)
│   └── Team
└── Team (can exist without a department)
  • Organisation —the top-level container. Has its own billing, members, and settings.
  • Department —an optional grouping layer. Useful for larger teams that need to separate concerns (e.g., “Engineering”, “QA”, “Operations”). Departments can be enabled or disabled per organisation.
  • Team —the working unit. Teams have a lead and members. Tunnel configs and API keys can be scoped to specific teams.

Creating an Organisation

Every user gets a default organisation during onboarding. Additional organisations can be created from the dashboard:

  1. Go to Account > Organisations
  2. Click Create Organisation
  3. Provide a name and optional description

You automatically become the owner of any organisation you create.

Organisation Membership

Each member has a role that determines what they can do within the organisation:

RoleDescription
OwnerFull control —billing, settings, member management, deletion
AdminMember management, team creation, configuration changes
FinanceAccess to billing and subscription management
MemberStandard access —use tunnels, view team resources

See RBAC for detailed permission breakdowns.

Multi-Organisation Support

Users can belong to multiple organisations simultaneously. The dashboard shows the currently active organisation, and users can switch between them from the sidebar.

Each organisation is fully isolated:

  • Separate billing —each org has its own Stripe subscription
  • Separate members —a user in Org A has no access to Org B unless invited
  • Separate resources —tunnel configs, API keys, and tokens are org-scoped
  • Separate settings —each org configures its own preferences

Departments

Departments add a grouping layer between organisations and teams. They are optional and can be enabled per organisation.

When departments are enabled:

  • Teams belong to departments instead of directly to the organisation
  • Department heads can manage teams within their department
  • Resources can be scoped to a department level

When departments are disabled (the default for smaller teams), teams belong directly to the organisation.

Teams

Teams are the primary unit for organising people and resources:

  • Each team has a lead and members
  • Tunnel configurations can be scoped to a team
  • API keys can be restricted to team-level access
  • Team leads can manage their team’s membership

Creating a Team

  1. Go to Account > Organisation > Teams
  2. Click Create Team
  3. Assign a team lead and add members

Only organisation owners and admins can create teams.

Data Model

TablePurpose
organisationsOrganisation records with settings
organisation_membersUser-org relationships with roles
departmentsOptional department groupings
teamsTeams with leads and members

All tables use Row Level Security (RLS) policies. Permission checks use SECURITY DEFINER functions to avoid recursive policy evaluation.

Related Guides

  • Onboarding — how default organisations are created during signup
  • RBAC — role-based access control and permissions
  • Invitations — invite members to your organisation
← Back to Documentation