Platform Reference
Organizations
Learn more and understand the concept of Infisical organizations.
Infisical is structured around organizations and projects.
Infisical supports user identities (representing people) and machine identities (representing services, CI/CD pipelines, or agents). The same roles and permissions can be applied to either type of identity.
To manage access at scale, Infisical also supports user groups — roles assigned to a group apply to all of its members automatically.
Note that Infisical distinguishes between organization-level and project-level access control:
To learn more about how permissions work in detail, refer to the access control documentation.
To learn more, refer to the app connections documentation.
Organizations
An organization represents a company or high-level entity (e.g. Acme Corp) and acts as the root scope for managing members and machine identities, projects, usage and billing, global integrations and configuration (such as single sign-on, provisioning, etc), and more. Within an organization, you can create any number of projects—each tied to a specific product type such as Secrets Management or PKI that determines the functionality available.
Projects
The Projects tab shows a list of projects that you have access to. If you’re an organization admin, you also have the option to view All Projects—a complete view of every project within the organization, including those you are not currently a member of— and gain access to any project. Admins can gain access to any project in the organization by opening the options menu (⋮) next to a project and selecting Access. This will add you to the project as an admin and allow full visibility and control.
Roles and Access Control
The Access Control tab lets you view and manage roles and permissions for users, machine identities, and groups across your organization. Users are invited to an organization and assigned organization-level roles such asAdmin or Member. You can also define custom roles at the organization level to fit your permission model.
Infisical supports user identities (representing people) and machine identities (representing services, CI/CD pipelines, or agents). The same roles and permissions can be applied to either type of identity.
To manage access at scale, Infisical also supports user groups — roles assigned to a group apply to all of its members automatically.
Note that Infisical distinguishes between organization-level and project-level access control:
- Organization-level access control: Roles and permissions governing access to organization-level resources and controls such as billing, member management, and identity provider configuration.
- Project-level access control: Roles and permissions governing access to resources and workflows within a specific project (e.g., secrets, certificates, SSH hosts).
To learn more about how permissions work in detail, refer to the access control documentation.
Infisical provides immutable roles such as
admin and member for free.If you’re using Infisical Cloud, the ability to create custom roles is available under the Pro Tier.If you’re self-hosting Infisical, then you should contact [email protected] to purchase an enterprise license to use it.Usage & Billing
The Usage & Billing tab provides an overview of your organization’s billing information and platform usage. Infisical calculates usage at the organization level—aggregating activity across all projects and product types (e.g., Secrets Management, SSH, PKI). From this tab, you can track usage, view billing details, and manage your Infisical Cloud subscription.
Audit Logs
Infisical provides a unified view of audit logs at the organization level. All platform activity—including secret access, certificate issuance, platform logins across the organization —is recorded and searchable in a central log view. Audit logs are also viewable at the project level, where they are scoped to show only events relevant to that specific project. This allows project administrators to monitor activity and investigate changes without requiring organization-wide access.App Connections
Infisical supports app connections — integrations configured at the organization level with third-party platforms such as AWS, GCP, GitHub, and many others. Once configured, these connections can be reused across multiple projects as part of any feature that requires third-party integrations—such as secret syncing or dynamic credential generation.
To learn more, refer to the app connections documentation.
Organization Settings
The Organization Settings tab lets you configure global behavior and security controls for the organization. Key configuration areas include:- General: Manage the organization’s name, slug, and default role for newly invited members.
- Single Sign-On (SSO): Enable SAML, LDAP, or OIDC-based authentication for user login.
- Provisioning: Enable SCIM to automatically provision and deprovision users and groups from an identity provider.
- Security Policies: Enforce MFA and configure session duration limits.
- Encryption: Integrate with external KMS systems or bring your own encryption keys (BYOK).
- Audit Log Streaming: Forward audit events to third-party logging tools like SIEMs or cloud storage.
- Workflow Integrations: Trigger Slack or Microsoft Teams notifications for events like access requests.
- Project Templates: Define default environments, roles, and settings to standardize project creation.
- KMIP (Enterprise): Connect to KMIP-compatible HSMs for hardware-backed key storage and operations.