Organization Management
WebXTerm is built on a multi-tenant architecture where each organization operates independently with its own users, machines, and configurations.
Multi-Tenancy Overview
What is an Organization?
An organization in WebXTerm is an isolated workspace that contains:
- Users: Team members with their roles and permissions
- Machines: Servers and infrastructure registered to the organization
- Settings: Configuration specific to the organization
- Audit Logs: Activity history within the organization
- Billing: Subscription and payment information
Isolation Guarantees
Each organization is completely isolated:
- Users from one organization cannot see or access another organization's resources
- Machines are bound to a single organization
- Data is logically separated at the database level
- Audit logs are organization-specific
Organization Structure
Organization
├── Admins
│ └── Full control over organization settings
├── Users
│ ├── Machine Admins
│ ├── Team Leads
│ ├── Developers
│ └── Viewers
├── Machines
│ ├── Production Servers
│ ├── Development Servers
│ └── Staging Servers
└── Settings
├── Authentication (OIDC)
├── Security Policies
└── Integrations
Organization Administration
Creating an Organization
- Sign up for WebXTerm
- Click "Create Organization"
- Enter organization details:
- Name: Your organization's name
- Slug: URL-friendly identifier (e.g.,
acme-corp) - Industry: For tailored recommendations
- Complete setup wizard
Organization Settings
Access organization settings:
- Click your organization name in the top navigation
- Select "Organization Settings"
General Settings
| Setting | Description |
|---|---|
| Name | Display name of the organization |
| Slug | URL identifier |
| Logo | Custom logo for branding |
| Timezone | Default timezone for the organization |
Security Settings
| Setting | Description |
|---|---|
| Password Policy | Minimum requirements for passwords |
Session Timeout, IP Allowlist, and MFA Requirement per-org settings are on the roadmap and not yet available.
Organization Admins
Admin Responsibilities
Organization admins have full control over:
- User Management: Invite, remove, and manage users
- Machine Management: Add, configure, and remove machines
- Role Management: Create and assign roles
- Security Settings: Configure authentication and security policies
- Billing: Manage subscription and payments
- Audit Access: View all organization activity
Adding Admins
- Go to Team → Members
- Find the user to promote
- Click "Edit"
- Assign the "Organization Admin" role
- Save changes
Be cautious when granting admin access. Admins have full control including the ability to remove other admins.
Admin Best Practices
- Multiple Admins: Have at least 2 admins to prevent lockout
- Dedicated Admin Account: Consider a separate account for admin tasks
- Regular Review: Audit admin access quarterly
- Document Changes: Keep records of administrative actions
Managing Users Within an Organization
User Lifecycle
Invite → Pending → Active → (Suspended) → Removed
Inviting Users
- Navigate to Team → Members
- Click "Invite Member"
- Enter email and select role
- Send invitation
User States
| State | Description |
|---|---|
| Pending | Invitation sent, not yet accepted |
| Active | User can access the organization |
| Suspended | Temporarily disabled access |
| Removed | No longer part of organization |
Suspending Users
Temporarily disable access without removing:
- Find user in Team → Members
- Click "Suspend"
- User cannot access until reactivated
Bulk User Management (CSV import, bulk role change) is on the roadmap and not yet available.
Machine Management
Adding Machines
- Navigate to Machines
- Click "Add Machine"
- Enter machine details:
- Name, host, port
- Authentication method
- Description and tags
- Configure access permissions
- Save
Machine Organization
Use tags and groups to organize machines:
- Tags: Label machines (e.g.,
production,web-server,us-east) - Groups: Logical groupings for access control
Machine Access
Control who can access each machine:
- Go to Machines → [Machine] → Access
- Add users or roles with access
- Set access level (Full, Restricted, View Only)
Cross-Organization Features
Switching Organizations
If you belong to multiple organizations:
- Click your organization name in the top navigation
- Select "Switch Organization"
- Choose the organization to switch to
Organization Invitations
When invited to a new organization:
- Check your email for the invitation
- Click the invitation link
- Accept or decline
- If accepted, the organization appears in your switcher
Organization Deletion
Deleting an Organization
Organization deletion is permanent and cannot be undone. All data including users, machines, logs, and settings will be permanently deleted.
To delete an organization:
- Go to Organization Settings → Danger Zone
- Click "Delete Organization"
- Type the organization name to confirm
- Enter your password
- Click "Permanently Delete"
Before Deletion
- Export any data you need to keep
- Notify all organization members
- Cancel any active subscriptions
- Remove integrations
Enterprise Features
Multiple Organizations (Superadmin)
The Superadmin can manage all organizations from a single WebXTerm deployment:
- Create Organizations: Provision new company workspaces from the admin panel
- Assign Company Admins: Promote users to Organization Admin for their company
- Full Isolation: Each organization's data, machines, and users are completely isolated
- Single Deployment: No need for separate instances per company — unlike Teleport
Teleport has no native multi-tenancy. Running multiple companies requires separate Teleport instances. WebXTerm handles this natively — Superadmin → Company Admin → User — all in one deployment.
Best Practices
- Clear Naming: Use descriptive organization names
- Role Documentation: Document what each role is for
- Regular Audits: Review users and permissions regularly
- Offboarding Process: Have a checklist for removing users
- Backup Admins: Always have multiple admins
- Environment Separation: Consider separate orgs for prod/dev
- Compliance Alignment: Configure settings to meet compliance needs