Skip to content

Organizations & Teams

Jump to bottom
Niccanor Dhas edited this page Feb 22, 2026 · 1 revision

Organizations & Teams

tmam is built for collaboration. All observability data, prompts, guardrails, and API keys are organized within organizations. Each organization can have multiple team members with role-based access control.

Concepts

Entity | Description -- | -- Organization | The top-level workspace. Owns all data, projects, and API keys. Project | A sub-namespace within an organization. Traces and API keys are scoped to a project. Member | A user who has been invited to and accepted a role in an organization. Role | Controls what a member can do within the organization.

Projects

Every organization contains one or more projects. Projects are the observability namespace — API keys are scoped to a project, and all traces, metrics, prompts, and guardrails are associated with a specific project.

Creating a project

  1. Go to Settings → Organizations → [Your Org]
  2. Click New Project
  3. Enter a name and description

See Projects for more detail.

API Keys and Organizations

API keys are tied to both an organization and a project. When the SDK sends data using a key, tmam automatically attributes the traces to the correct org/project combination.

See API Keys for how to generate and manage them.

Example: Multi-Team Setup

Organization: "Acme AI"
├── Project: "Customer Support Bot"
│   ├── API Key: sk-tmam-... (production)
│   └── API Key: sk-tmam-... (staging)
├── Project: "Internal Research"
│   └── API Key: sk-tmam-...
│
Members:
├── alice@acme.com  → Admin
├── bob@acme.com    → Admin
├── carol@acme.com  → Member
└── dave@acme.com   → Member (pending approval)
# Organizations & Teams

tmam is built for collaboration. All observability data, prompts, guardrails, and API keys are organized within organizations. Each organization can have multiple team members with role-based access control.

Concepts

Entity Description
Organization The top-level workspace. Owns all data, projects, and API keys.
Project A sub-namespace within an organization. Traces and API keys are scoped to a project.
Member A user who has been invited to and accepted a role in an organization.
Role Controls what a member can do within the organization.

Creating an Organization

  1. Sign in to the dashboard
  2. Go to Settings → Organizations
  3. Click New Organization
  4. Enter a name and optional description

You can create and manage multiple organizations from a single account. Each organization is fully isolated — its traces, prompts, guardrails, and API keys are not visible to other organizations.

Inviting Team Members

Only organization owners and admins can invite members.

  1. Go to Settings → Organizations and select your organization
  2. Click Add Member
  3. Enter the member's email address and select their role
  4. Click Send Invite

The invited user receives an automated email with their assigned role and the organization name. The email is sent via SendGrid (configured in server/src/.env).

What happens next

1. Invite sent          → member receives invitation email
2. Member registers     → appears as pending in your members list
3. Admin approves       → member gains access to the organization
4. (Optional) Admin rejects → invite is declined

Members can also be added from the Notifications page — when a user is invited to an organization they don't have an account for yet, the invitation appears there after they sign up.

Member Roles

Roles determine what a member can do within an organization:

Role Permissions
Admin (full access) Create/delete projects, manage members, manage API keys, create prompts, guardrails, and all settings
Member (limited access) View data, run evaluations, use prompts — cannot modify org-level settings or manage other members

Roles can be changed at any time by an admin from the Members list.

Managing Members

From Settings → Organizations → [Your Org] → Members:

  • View all members — see join status, role, and when they joined
  • Change role — promote or demote a member's access level
  • Remove member — revoke access immediately
  • Approve / Reject — review pending join requests

Membership States

A member's join lifecycle progresses through these states:

invited → (user registers) → pending → approved/rejected
                                           ↓
                                        active ← → left
State Meaning
Invited Email sent, user hasn't registered yet
Pending User registered and awaiting admin approval
Approved / Active Member has full access per their role
Rejected Admin declined the join request
Left Member left or was removed

Projects

Every organization contains one or more projects. Projects are the observability namespace — API keys are scoped to a project, and all traces, metrics, prompts, and guardrails are associated with a specific project.

Creating a project

  1. Go to Settings → Organizations → [Your Org]
  2. Click New Project
  3. Enter a name and description

See Projects for more detail.

API Keys and Organizations

API keys are tied to both an organization and a project. When the SDK sends data using a key, tmam automatically attributes the traces to the correct org/project combination.

See API Keys for how to generate and manage them.

Example: Multi-Team Setup

Organization: "Acme AI"
├── Project: "Customer Support Bot"
│   ├── API Key: sk-tmam-... (production)
│   └── API Key: sk-tmam-... (staging)
├── Project: "Internal Research"
│   └── API Key: sk-tmam-...
│
Members:
├── alice@acme.com  → Admin
├── bob@acme.com    → Admin
├── carol@acme.com  → Member
└── dave@acme.com   → Member (pending approval)

Clone this wiki locally