Managing Multi-User with Scaleway Organizations and Roles

Organization & Roles Overview

Organizations is Scaleway’s Multi-User feature. An Organization is a resource system, with hierarchically organized accesses and permissions. It is a project’s root account. Organizations allow to centrally manage and share resources across multiple accounts depending on the permissions granted by the Owner.

The Owner of an Organization can grant different account access and permission levels to the users. It ensures that they have access to the exact resources they need to work and enforces the security of sensitive account information, like Billing details.

The Organizations system also allows for projects to belong to businesses, instead of its employees, for example. This way, even if an employee eventually leaves a business, the infrastructure on which they worked on still remains available for access to be reassigned within the company.

To ensure that a user joining the Organization has the appropriate permissions to use the correct resources, four different roles are available:

  • Owner: Full access on the Organization. The Owner can manage and has access to projects, role attributions, billing and all other configurations of the account. This role is the only one that detains the right to delete an Organization.
  • Administrator: Has the right to manage and access projects, billing information and all other Owner permissions excluding the possibility of editing members roles and deleting them, managing the Organization’s support plan and deleting the organization.
  • Editor: Is limited to creating and managing most Organization resources, as well as creating API Key, but does not have access to billing information nor the right to manage member permissions or altering support plans.
  • Billing Administrator: Has the right to view and manage the Organization’s billing information solely, but does not have the possibility of viewing or creating resources, adding members or managing support plans.

Creating an Organization

All user accounts are Organizations, simultaneously. When you have a Scaleway Elements account, you consequently have your own Organization of which you are the Owner. Therefore, to create an Organization, you must create a Scaleway Elements account first.

If you are invited to a pre-existing Organization you will join it while occupying a role defined by the Owner or Administrator who sent you the invitation. You will simultaneously be the Owner of your own Organization, which is your personal Scaleway Elements account.

When invited to join an Organization, you receive an invitation e-mail.

1 . Click on Accept Invitation and the Scaleway console opens in a browser window.

2 . A pop-up displays introducing you to the Organization. Click on Go to Organization Dashboard to proceed.

3 . You can choose between creating a new instance or accessing the Organization’s dashboard. Click on your option of choice and you are welcomed to the Organization.

If you want to activate your personal Organization, you can:

1 . Click on its name in the upper right corner menu.

2 . The Scaleway Elements Terms of Service display. Make sure you have read through them before checking I have read and agreed to the terms of service and clicking I Agree to the Terms of Service.

3 . A payment method is requested to continue. Click on Next, fill out the required information and confirm by clicking Add your payment method.

The default project dashboard displays and an overview of all Resource information is shown.

To switch to another Organization, click on its name on the upper right drop down menu.

Note: The organization name is identical with the account owner. In case the account was created without owner name, it will be the prefix of the e-mail used to create the account. For example, if the e-mail used is, the Organization name will be myemail. In this case, the organization name can be set to the account owners name, but only once.

Managing an Organization

The Organization Account page allows members to manage different features and account information for the Organization, such as member invitations, billing information and support plans. All roles have access this page. However, the information displayed on it and permission to edit certain fields differ depending on the role occupied by the members.

To access the page, click on Organization in the upper right menu of the console:

The Organization tab displays showing Organization Informations, Organization Quotas and, only visible to the Owner, the Change Organization Name and Deactivate Organization buttons.

Managing Members

A list of the members that belong or have been invited to an Organization is available upon clicking on the Members tab.

Owners and Administrators can add members and check information such as the date of their last login and if their two factor authentication is activated, but only the Owner can delete or change the role of a member.

Editing Members

The role of a confirmed member can be changed by clicking on the … menu next to their name on the Members list.

Chose a role in the dropdown menu and click on Edit Role to confirm.

Important: The sole member whose role cannot be edited is the Owner. Consequently, the ownership of an Organization cannot be transferred to another member.

Deleting Members

Similarly, you can click on Delete to remove a user from an Organization.

Make sure you have read the warning message before clicking on Delete User to proceed.

The user will disappear from the Members list.

Inviting Members to Your Organization

Users can be added to Organizations through the Scaleway console in two ways:

Option 1 . On the Organization Account page, by clicking + Add user:

Option 2 . Or on the Members tab, by clicking the green + button.

In both cases a pop-up requesting the e-mails and roles of new users displays.

1 . Insert the e-mail address of the users you wish to invite.

Important: If you are inviting more than one user make sure the corresponding e-mail addresses are separated by a line break.

2 . Select a role for the user(s) in the drop down menu and click on Add User(s) to confirm.

An invitation will be automatically sent to the listed e-mail addresses.

Managing Member Invitations

Owners and Administrators can manage invitations sent to members on the Members tab.

1 . If an invitation e-mail must be resent to a certain user, click on the … menu next to their name on the Members list.

2 . Click the Send Invitation button to send a new invitation to the selected user.

You can also cancel an invitation before it is accepted by clicking Cancel Invitation in the … menu.

Managing Credentials

Owners, Administrators and Editors are able to create SSH keys and generate API Key directly from the Project Credentials page.

Note: SSH keys and API Key created under a Project belong to said Project, but are accessible to all members belonging to the Organization who have permission to create credentials.

To create new credentials, first ensure you are currently editing the correct project.

You can verify if you are logged into the correct project by clicking on Project Dashboard on the left menu and checking the project’s name on the top of the page. You can also check if your project’s name is the one appearing in the Selected Project dropdown menu.

Click on the Credentials tab and you will see the options of adding SSH and API Key.

Retrieving your Organization ID

Our system attributes an organization ID to each user. The Organization ID can be found on the Organization Account page under Organization Information.

To retrieve your Organization ID via the API, execute the following request.

N.B.: Replace the $ACCESS_KEY and $SECRET_KEY values respectively with your generated access key and secret key.

$ curl$ACCESS_KEY -H "X-Auth-Token: $SECRET_KEY"

You will find your Organization ID in the output.

  "token": {
    "access_key": "FNQQWFG4H14LBB2ULPIT", 
    "user_id": "4fg6j8li-wr19-13x5-lip8-qacg67bnjdgv", 
    "expires": null, 
    "creation_date": "2020-09-16T14:12:37.273736+00:00", 
    "creation_ip": "XXX.XXX.XXX.XX", 
    "category": "user_created", 
    "deletion_date": null, 
    "inherits_user_perms": false, 
    "roles": {
      "role": null, "organization": null
    "description": "my_project", 
    "project_id": "a1543bb6-d9f8-8955-079f4-7f777bea2f7f", 
    "organization_id": "a1543bb6-d9f8-8955-079f4-7f777bea2f7f", <--
    "use_role_key": true

In the example above, the Organization ID is a1543bb6-d9f8-8955-079f4-7f777bea2f7f.

Configuring Support Plans

Although all roles can open support tickets, only an Owner can alter the Organization’s Support Plan.

The default support plan for an Organization is the Basic plan, but it can upgraded on the Support Plan tab of the Organization page:

1 . Select a plan and click on Choose this plan to proceed.

2 . A pop-up displays a disclaimer message informing that your payment will be made automatically on the current month’s invoice. Make sure you have carefully read the message and click I understand to confirm the change.

3 . An overview of your previous and current plans is available under Support Plans History

Opening Support Tickets

If you have any inquiries and wish to speak to one of our Curtomer Excellence agents, you may open a Support ticket by clicking on Support in the lower left menu.

Or by clicking on the buoy icon on the top menu.

The Support center displays. Click on + Open a new ticket to do so.

Note: The ticket created for an Organization will be visible to the member who created it, as well as to the Owner and the Administrators of the Organization.

Configuring Billing Information

On the Billing tab, Owners, Administrators and Billing Administrators can edit the Billing Address and Billing Contact, set Billing Alerts, add or remove Payment Methods, consult Past Invoices and redeem and monitor past Discounts. This tab is not visible to Editors.

Deactivating or Leaving an Organization

If you are the Owner of an Organization, the Deactivate Organization option will display at the bottom of the Organization Account page. Deactivating an Organization implies permanently deleting all services and backups attached to the account.

Important: There’s a delay of up to 10 days between the time your organization is closed and the time resources are effectively destroyed. It is recommended to cancel all your resources before you close your Organization.

1 . Make sure you have read and agree with the warning message before clicking the Deactivate Organization.

2 . You are asked to confirm by writing Deactivate in the first box. You can fill out the second box with the reason you decided to close your account. Then, click on Deactivate Organization permanently.

Users can leave an Organization they have been invited to at any given time.

1 . Click on My Profile to access your User Account page. A list of your Joined Organizations is available.

2 . Choose the organization you wish to leave and click on the X button next to its name.

3 . A warning pops up informing that after leaving the selected Organization, its resources will no longer be available to you. Click on Leave Organization if you wish to proceed.

The Organization will be removed from your Joined Organizations list.

Discover the Cloud That Makes Sense