Teams & Collaboration
Temps includes unlimited seats — invite your entire team at no extra cost. Access is controlled by roles at the organization and project level.
Inviting team members
Invite a team member
- 1
Go to Settings, then Team, then click Invite Member.
- 2
Enter the email address and choose a role.
- 3
Send the invite. The invitee receives an email link valid for 48 hours.
Checkpoint: Once they accept, confirm they appear in the member list under Settings, then Team.
- Go to Settings → Team → Invite Member
- Enter the email address and choose a role
- The invitee receives an email link valid for 48 hours
- Once accepted, they appear in the member list
bunx @temps-sdk/cli users create --email [email protected] --username alex --roles developer -y
Pending invitations can be revoked from Settings → Team → Pending Invites.
Roles
| Role | Description |
|---|---|
| Owner | Full access — billing, team management, all projects |
| Admin | All project access, can manage team members (not billing) |
| Developer | Deploy, view logs, manage environment variables |
| Viewer | Read-only access to projects and logs |
Roles apply organization-wide by default. You can override them per project.
Project-level overrides
Grant a project-level role override
- 1
Open the project and go to Settings, then Access.
- 2
Click Add Member.
- 3
Select the user and the role for this project, then save.
Checkpoint: Confirm the narrower project role is listed for that user on the project Access page; the narrower scope always wins.
Grant a user a different role on a specific project without changing their org-wide role:
- Go to Project → Settings → Access
- Click Add Member
- Select the user and the role for this project
A user with the org-wide Viewer role can be a Developer on one specific project. The narrower scope always wins.
Removing members
Remove a team member
- 1
Go to Settings, then Team.
- 2
Find the member you want to remove.
- 3
Click Remove.
Checkpoint: Their sessions are invalidated immediately; confirm they no longer appear in the member list.
Go to Settings → Team, find the member, and click Remove. Their sessions are invalidated immediately. Projects they deployed remain untouched.
Audit log
Every action that changes state — deploys, environment variable edits, domain changes, team changes — is recorded in the audit log.
Settings → Audit Log shows:
- Who performed the action
- What changed (before/after for variable edits)
- When it happened (UTC timestamp)
- Which project or resource was affected
The audit log is append-only and cannot be edited or deleted.
# Export audit log
bunx @temps-sdk/cli audit list --from 2026-01-01 --to 2026-12-31 --json > audit-export.json
SSO
Enable SSO (OIDC)
- 1
Go to Settings, then Security, then SSO.
- 2
Configure your identity provider with the OIDC details.
- 3
Enable SSO. Once enabled, password and OAuth login are disabled for SSO-enrolled users.
Checkpoint: SSO enforcement does not affect the owner account until the owner explicitly enables it for themselves, which prevents accidental lockout during setup.
Temps supports SSO via OpenID Connect (OIDC). Configure your identity provider under Settings → Security → SSO — see OIDC Single Sign-On for the full setup guide. Once enabled, all team members must authenticate through the IdP — password and OAuth login are disabled for SSO-enrolled users.
SSO enforcement does not affect the owner account until the owner explicitly enables it. This prevents accidental lockout during setup.