Infisical is structured around organizations and projects.

Organizations

An organization represents a company or high-level entity (e.g. Acme Corp) and acts as the root scope for managing members and machine identities, projects, usage and billing, global integrations and configuration (such as single sign-on, provisioning, etc), and more. Within an organization, you can create any number of projects—each tied to a specific product type such as Secrets Management or PKI that determines the functionality available. organization

Projects

The Projects tab shows a list of projects that you have access to. If you’re an organization admin, you also have the option to view All Projects—a complete view of every project within the organization, including those you are not currently a member of— and gain access to any project. Admins can gain access to any project in the organization by opening the options menu (⋮) next to a project and selecting Access. This will add you to the project as an admin and allow full visibility and control. organization projects

Roles and Access Control

The Access Control tab lets you view and manage roles and permissions for users, machine identities, and groups across your organization. Users are invited to an organization and assigned organization-level roles such as Admin or Member. You can also define custom roles at the organization level to fit your permission model. organization users Infisical supports user identities (representing people) and machine identities (representing services, CI/CD pipelines, or agents). The same roles and permissions can be applied to either type of identity. To manage access at scale, Infisical also supports user groups — roles assigned to a group apply to all of its members automatically. Note that Infisical distinguishes between organization-level and project-level access control:
  • Organization-level access control: Roles and permissions governing access to organization-level resources and controls such as billing, member management, and identity provider configuration.
  • Project-level access control: Roles and permissions governing access to resources and workflows within a specific project (e.g., secrets, certificates, SSH hosts).
organization roles To learn more about how permissions work in detail, refer to the access control documentation.
Infisical provides immutable roles such as admin and member for free.If you’re using Infisical Cloud, the ability to create custom roles is available under the Pro Tier.If you’re self-hosting Infisical, then you should contact sales@infisical.com to purchase an enterprise license to use it.

Usage & Billing

The Usage & Billing tab provides an overview of your organization’s billing information and platform usage. Infisical calculates usage at the organization level—aggregating activity across all projects and product types (e.g., Secrets Management, SSH, PKI). From this tab, you can track usage, view billing details, and manage your Infisical Cloud subscription. organization billing

Audit Logs

Infisical provides a unified view of audit logs at the organization level. All platform activity—including secret access, certificate issuance, platform logins across the organization —is recorded and searchable in a central log view. Audit logs are also viewable at the project level, where they are scoped to show only events relevant to that specific project. This allows project administrators to monitor activity and investigate changes without requiring organization-wide access.

App Connections

Infisical supports app connections — integrations configured at the organization level with third-party platforms such as AWS, GCP, GitHub, and many others. Once configured, these connections can be reused across multiple projects as part of any feature that requires third-party integrations—such as secret syncing or dynamic credential generation. organization app connections To learn more, refer to the app connections documentation.

Organization Settings

The Organization Settings tab lets you configure global behavior and security controls for the organization. Key configuration areas include:
  • General: Manage the organization’s name, slug, and default role for newly invited members.
  • Single Sign-On (SSO): Enable SAML, LDAP, or OIDC-based authentication for user login.
  • Provisioning: Enable SCIM to automatically provision and deprovision users and groups from an identity provider.
  • Security Policies: Enforce MFA and configure session duration limits.
  • Encryption: Integrate with external KMS systems or bring your own encryption keys (BYOK).
  • Audit Log Streaming: Forward audit events to third-party logging tools like SIEMs or cloud storage.
  • Workflow Integrations: Trigger Slack or Microsoft Teams notifications for events like access requests.
  • Project Templates: Define default environments, roles, and settings to standardize project creation.
  • KMIP (Enterprise): Connect to KMIP-compatible HSMs for hardware-backed key storage and operations.
organization settings