docs/documentation/platform/organization.mdx
Infisical is structured around organizations and projects.
An organization represents a company or high-level entity (e.g. Acme Corp) and acts as the root scope for managing members and machine identities, projects, usage and billing, global integrations and configuration (such as single sign-on, provisioning, etc), and more.
Within an organization, you can create any number of projects—each tied to a specific product type such as Secrets Management or PKI that determines the functionality available.
Large enterprises may need to create sub-organizations to segment by business unit, delegate administration, and maintain clear boundaries between teams. Each sub-organization works like a regular organization with its own projects and settings, while sharing authentication and billing with the root organization.
<Info> Sub-organizations is a paid feature available under the **Enterprise Tier**. </Info>The Projects tab shows a list of projects that you have access to.
If you're an organization admin, you also have the option to view All Projects—a complete view of every project within the organization, including those you are not currently a member of— and gain access to any project.
Admins can gain access to any project in the organization by opening the options menu (⋮) next to a project and selecting Access. This will add you to the project as an admin and allow full visibility and control.
The Access Control tab lets you view and manage roles and permissions for users, machine identities, and groups across your organization.
Users are invited to an organization and assigned organization-level roles such as Admin or Member. You can also define custom roles at the organization level to fit your permission model.
Infisical supports user identities (representing people) and machine identities (representing services, CI/CD pipelines, or agents). The same roles and permissions can be applied to either type of identity.
To manage access at scale, Infisical also supports user groups — roles assigned to a group apply to all of its members automatically.
Note that Infisical distinguishes between organization-level and project-level access control:
To learn more about how permissions work in detail, refer to the access control documentation.
<Info> Infisical provides immutable roles such as `admin` and `member` for free.If you're using Infisical Cloud, the ability to create custom roles is available under the Pro Tier.
If you're self-hosting Infisical, then you should contact [email protected] to purchase an enterprise license to use it.
</Info>The Usage & Billing tab provides an overview of your organization's billing information and platform usage.
Infisical calculates usage at the organization level—aggregating activity across all projects and product types (e.g., Secrets Management, PAM, PKI). From this tab, you can track usage, view billing details, and manage your Infisical Cloud subscription.
Infisical provides a unified view of audit logs at the organization level. All platform activity—including secret access, certificate issuance, platform logins across the organization —is recorded and searchable in a central log view.
Audit logs are also viewable at the project level, where they are scoped to show only events relevant to that specific project. This allows project administrators to monitor activity and investigate changes without requiring organization-wide access.
Infisical supports app connections — integrations configured at the organization level with third-party platforms such as AWS, GCP, GitHub, and many others.
Once configured, these connections can be reused across multiple projects as part of any feature that requires third-party integrations—such as secret syncing or dynamic credential generation.
To learn more, refer to the app connections documentation.
The Organization Settings tab lets you configure global behavior and security controls for the organization.
Key configuration areas include: