Safeguard.sh Documentation Center
Enterprise Software Supply Chain Manager (ESSCM)

Organization & User Management

Manage organizations, teams, and user access in Safeguard.sh

Organization & User Management

Configure your organizational structure, manage teams, and control user access across Safeguard.sh products.

Organization Structure

Overview

Safeguard.sh uses a hierarchical structure:

Tenant
└── Organization(s)
    └── Project(s)
        └── Version(s)

Tenant

The top-level container for your company:

  • Single billing entity
  • Global settings
  • SSO configuration
  • API key management

Organizations

Logical groupings within your tenant:

  • Separate business units
  • Different teams
  • Project portfolios
  • Access boundaries

Projects

Individual software projects:

  • SBOM generation targets
  • Security scanning units
  • Policy application scope

Managing Organizations

Creating an Organization

  1. Go to SettingsOrganizations
  2. Click + New Organization
  3. Enter details:
FieldDescription
NameOrganization name
DescriptionPurpose/description
ContactPrimary contact email
  1. Click Create

Organization Settings

Configure per-organization settings:

SettingDescription
Default PolicyDefault security policy
Notification SettingsAlert configuration
Integration DefaultsDefault integrations
Data RetentionRetention period

Deleting an Organization

  1. Go to organization settings
  2. Click Delete Organization
  3. Confirm deletion (this removes all projects)

User Management

User Roles

RolePermissions
Tenant AdminFull access to all organizations and settings
ManagerManage specific organizations, users, policies
UserView and interact with assigned projects
ViewerRead-only access to assigned projects

Role Permissions Matrix

ActionTenant AdminManagerUserViewer
Manage tenant settings
Manage organizations✅*
Invite users✅*
Create projects
Configure integrations
View projects
Export data
Manage mitigations

*Within assigned organizations

Inviting Users

  1. Go to SettingsMembers
  2. Click + Invite Member
  3. Enter:
FieldDescription
EmailUser's email address
RoleSelect user role
OrganizationsAssign to organizations
  1. Click Send Invitation

Managing Members

The Members page shows:

  • Member name and email
  • Status (Active/Pending/Disabled)
  • Role assignment
  • Organization membership
  • Last active date

Modifying User Access

  1. Click on a user
  2. Modify role or organizations
  3. Save changes

Removing Users

  1. Click on a user
  2. Click Remove Access
  3. Confirm removal

Teams

Creating Teams

Group users into teams for easier management:

  1. Go to SettingsTeams
  2. Click + New Team
  3. Enter team name and description
  4. Add team members
  5. Assign organizations

Team Permissions

Teams can be assigned:

  • Organization access
  • Project access
  • Notification preferences
  • Policy ownership

Access Control

Project-Level Access

Control who can access specific projects:

  1. Open project settings
  2. Go to Access tab
  3. Add users or teams
  4. Set permission level

Permission Levels

LevelCapabilities
AdminFull project control
WriteModify project data
ReadView project data

SSO Integration

Automatic Provisioning

With SSO configured:

  • Users auto-created on first login
  • Group mappings assign roles
  • Attributes set permissions

Group Mapping

Map SSO groups to Safeguard.sh roles:

  1. Go to SettingsSSOGroup Mappings
  2. Add mapping:
SSO GroupSafeguard RoleOrganizations
security-teamManagerAll
developersUserEngineering
auditorsViewerAll

Audit Trail

User Activity Logs

Track user actions:

EventLogged Data
LoginUser, time, IP
Project accessUser, project, action
Setting changesUser, setting, old/new value
Role changesAdmin, user, role change

Viewing Logs

  1. Go to SettingsAudit Log
  2. Filter by user, action, date
  3. Export logs as needed

API Access

# List users
curl -X GET https://api.safeguard.sh/v1/users \
  -H "Authorization: Bearer $API_KEY"

# Invite user
curl -X POST https://api.safeguard.sh/v1/users/invite \
  -H "Authorization: Bearer $API_KEY" \
  -d '{"email": "user@example.com", "role": "user", "organizations": ["org-id"]}'

# List organizations
curl -X GET https://api.safeguard.sh/v1/organizations \
  -H "Authorization: Bearer $API_KEY"

# Create organization
curl -X POST https://api.safeguard.sh/v1/organizations \
  -H "Authorization: Bearer $API_KEY" \
  -d '{"name": "Engineering", "description": "Engineering team projects"}'

Best Practices

Organization Design

  • Align with business structure
  • Keep hierarchy simple
  • Plan for growth
  • Document ownership

User Management

  • Use SSO when possible
  • Apply least privilege
  • Review access regularly
  • Remove inactive users

Security

  • Enable MFA for all users
  • Review audit logs periodically
  • Document access policies
  • Train users on security

Next Steps

Policies & Gates

Define and enforce security requirements across your software supply chain

JIRA Integration

Connect Safeguard.sh with JIRA for automated issue tracking

On this page

Organization & User ManagementOrganization StructureOverviewTenantOrganizationsProjectsManaging OrganizationsCreating an OrganizationOrganization SettingsDeleting an OrganizationUser ManagementUser RolesRole Permissions MatrixInviting UsersManaging MembersModifying User AccessRemoving UsersTeamsCreating TeamsTeam PermissionsAccess ControlProject-Level AccessPermission LevelsSSO IntegrationAutomatic ProvisioningGroup MappingAudit TrailUser Activity LogsViewing LogsAPI AccessBest PracticesOrganization DesignUser ManagementSecurityNext Steps