Teams and User Access Control

Manage user roles and permissions by inheriting from third-party services or setting custom rules.

Stackbit allows you to create different types of access for your team members through one of three methods:

  • Third-Party Sevice: Leveraging existing roles from content sources
  • Single-Sign On: Using SSO to integrate with existing organization systems (enterprise only)
  • Built-In: Setting your own roles, using pre-defined permissions

Basic Concepts

Let's cover a few of the basic concepts to help contextualize how user management works.

Content Editing Roles

There are four pre-defined roles in Stackbit, with the following names and permissions:

  • Viewer: View (read) access only
  • Editor: Edit access, can't publish content changes
  • Publisher: Edit and publish content changes, but not code changes; can't invite collaborators unless also an admin in the organization
  • Developer: Edit and publish content and code; can also invite collaborators and manage project settings (integrations, publishing workflows setup, etc.)

Project Collaborators

Collaborators are Stackbit users invited to contribute to a project.

If the project belongs to an organization, the collaborators will also belong to that organization. Otherwise, they are added directly to the project.

However, collaborators need to be added to an organization to be able to assign unique roles to them. Collaborators assigned directly to a project will automatically be assigned the developer role.

Organization Members

Organizations let you manage access to projects by teams. There are two main organization roles:

  • Admin: Full control over the organization, including projects, members, and teams
  • Member: Able to access projects, add members to a project, but not manage the organization

The same organization member can have different roles in different teams and/or projects (editor, publisher, etc.), but always the same role in the organization (admin or member).

Organization Teams

Teams are organization members grouped into the same role.

Single-Sign On (SSO)

Enterprise Feature

SSO is only available in enterprise plans.

SSO is available for enterprise customers for their members to be able to use their company credentials to edit projects in Stackbit. It is only available as an enterprise feature.

Inviting Members to Organization

Organization Admin

Only organization admin users can invite new new members to the organization.

To invite a new member to the organization in Stackbit, go to Manage Organization > All Members > Invite Member.

Invite Member to Organization
Invite Member to Organization

Users will get an invitation by email. They will appear as pending until they accept the invitation.

If members who have a pending invitation are added to teams or projects, they will immediately have access to those teams and projects upon accepting the invitation.

Managing SSO Users

If using SSO, the organization gets defined in the Identity Provider (IdP). Stackbit is kept in sync and updates additions, deletions, and data updates in the IdP. For that reason, SSO users can not be added or removed via Stackbit.

Managing Teams

Teams provide the ability to grant access to future organization members.

For example, consider a Design team with three members and developer access to Project 1. A new member is added to the Design team, and when they accept the invitation, they immediately get access to Project 1.

Handling SSO Groups

If using SSO, there is no way to automatically sync SSO groups with Stackbit teams. However, this feature is planned in our roadmap.

Creating a New Team

Go to Manage Organization > New Team and give the team a name.

Add New Team
Add New Team

Then add members to the team.

Invite New Team Member
Invite New Team Member

Reserved Teams

There is a built-in team called Everyone. New organization members are automatically added to the Everyone team, unless a project that existed outside an organization is moved inside the organization. In this case, previous collaborators are provided access to that one particular project in the organization, but they are not added to the Everyone team.

Therefore, note that the Everyone team is different than All Members, since All Members contains absolutely all users within the organization, and it cannot be used as a team.

Project Invitations

Inviting users to projects has various implications, depending on where the project is inside an organization or not.

Projects Inside Organizations

To invite an existing organization member to collaborate in a project, open the project and click on Share. Choose the user, give them a role, and click the Grant Access button.

Add Project Collaborators
Add Project Collaborators

After granting access to a user, they will see the project in their dashboard.

Inviting Non-Members

Only organization admins can add non-members as project collaborators. They will be able to invite new users via the dropdown menu in the same collaborators modal.

Once the user accepts the invitation to the project, they will also be added as a member in the organization.

Inviting a Team

Admins also have the ability to add a team to a project. All of that team's current and future members will inherit access to that project.

Projects in SSO Organizations

Since the organization is defined in the Identity Provider (IdP), the collaborators dropdown will only show users of the organization who have logged in Stackbit at least once as part of the org in Stackbit.

However, everyone added to the organization in the IdP will be able to use SSO to log into Stackbit with their company credentials.

Users who have not logged into Stackbit at least once, can still be added to teams and projects, but they will appear as pending until they log into Stackbit for the first time.

Projects Outside Organizations

If a project is not part of an organization, when added to a project, the user will receive an email with an invite that needs to be accepted in order to be able to view, edit, and publish the project.