Collaborate at scale — with structure, control, and flexibility
Overview
Organizations and Projects enable teams to collaborate at scale with proper structure, control, and flexibility. Organize your integrations, workflows, and environments while maintaining clear access control across your team.Organizations
Create dedicated organizations for your company with role-based access control
Projects
Organize integrations, workflows, and environments within your organization
Team Collaboration
Invite team members with specific roles and permissions
Scoped API Keys
Generate API keys scoped to specific organizations or projects
Organizations and Projects are available for enterprise Pica users. Perfect for larger teams, multi-tenant setups, or anyone managing multiple environments under one account.
Organizations
Organizations are the top-level structure for managing your team and resources. Each organization has its own members, projects, connections, and API keys.Organization Roles
Organizations support three roles with different permission levels:Admin (Owner)
Admin (Owner)
Full control over the organizationPermissions:
- Transfer ownership to another admin
- Create, update, and delete all organization resources
- Manage all projects within the organization
- Create and revoke organization invitations
- Manage connections, secrets, and AuthKit configurations
- View all organization activity and settings
There is always one Admin who is the owner of the organization.
Manager
Manager
Manage resources but cannot modify organization settingsPermissions:
- Create and manage projects
- Create, read, update, and delete connections
- Manage secrets and AuthKit configurations
- List and read organization resources
- Cannot create or revoke invitations
- Cannot delete the organization
Member
Member
Read-only access with limited creation rightsPermissions:
- List and view connections
- List and view AuthKit configurations
- Create and list secrets
- Cannot modify or delete resources
- Cannot invite other members
- Cannot manage projects
Creating an Organization
1
Navigate to Organizations
Go to the Pica Dashboard and click on the Personal space in the navbar.
2
Create Organization
Click the + Create Organization button and provide a name for your organization.
Inviting Team Members to an Organization
1
Open Organization Settings
Once inside the Organization, navigate to the settings menu and click on the People tab.
2
Send Invitation
Click + Invite button and enter the email addresses of the people you want to invite.Select the appropriate role for the new member:
- Admin: Full organization control (use sparingly)
- Manager: Can manage resources and projects
- Member: Read-only access with limited creation rights
3
Send Invitation
Click Send Invitation. The recipient will receive an email with instructions to join your organization. You can also choose to resend or revoke the invitation.
Projects
Projects help you organize integrations, workflows, and environments within an organization. Each project can have its own team members, connections, and scoped API keys.Project Roles
Projects share the same role structure as organizations:Admin
Full control over the project and all its resources
Manager
Can manage project resources but cannot delete the project
Member
Read-only access with limited creation rights
Creating a Project
1
Enter Organization
Select the Organization you want to create a project in from the dropdown in the navbar.
2
Create Project
Click the + Create Project button in the navbar.
Inviting Members to a Project
1
Open Project Settings
Inside your project, select the People tab.
2
Invite to Project
Click the + Invite button to add people to this project.
3
Set Project Role
Assign the member’s project role:
- Admin: Full control over the project
- Manager: Manage project resources and settings
- Member: Read-only access with limited creation rights
Project members must also be members of the parent organization. When you invite someone to a project who isn’t in the organization yet, they’ll be added to both.
Scoped API Keys
Organizations and Projects each have their own API keys that are automatically scoped to that specific context. This provides secure, isolated access to resources.Organization API Keys
Organization-scoped API keys provide access to:- All projects within the organization
- Organization-level connections and secrets
- Organization-level AuthKit configurations
- All resources the API key creator has permission to access
1
Navigate to API Keys
From your organization dashboard, go to API Keys in the sidebar.
2
Create API Key
Click Create API Key and provide a descriptive name for the key.
3
Copy Key
Important: Copy the API key immediately. For security reasons, it will only be displayed once.
4
Use in Your Application
Use this API key in your application to access organization resources:
Project API Keys
Project-scoped API keys provide access to:- Resources only within that specific project
- Project-level connections and secrets
- Project-level AuthKit configurations
- Isolated from other projects in the organization
1
Navigate to Project API Keys
From your project dashboard, go to API Keys in the sidebar.
2
Create Project API Key
Click Create API Key and provide a descriptive name.
3
Copy Key
Important: Copy the API key immediately. It will only be displayed once for security.
4
Use in Your Application
Use this project-scoped API key to access only that project’s resources:
Security Best Practices:
- Never expose API keys in client-side code or version control
- Use project-scoped keys when you only need access to specific project resources
- Rotate API keys regularly, especially if they may have been compromised
- Delete unused API keys immediately
Permission Reference
Here’s a complete reference of permissions for each role:Organization Permissions
| Permission | Admin | Manager | Member |
|---|---|---|---|
| Create invitations | ✅ | ❌ | ❌ |
| List invitations | ✅ | ❌ | ❌ |
| Revoke invitations | ✅ | ❌ | ❌ |
| Resend invitations | ✅ | ❌ | ❌ |
| List connections | ✅ | ✅ | ✅ |
| Create connections | ✅ | ✅ | ❌ |
| Read connections | ✅ | ✅ | ❌ |
| Update connections | ✅ | ✅ | ❌ |
| Delete connections | ✅ | ❌ | ❌ |
| List secrets | ✅ | ✅ | ✅ |
| Create secrets | ✅ | ✅ | ✅ |
| Read secrets | ✅ | ✅ | ❌ |
| Update secrets | ✅ | ✅ | ❌ |
| Delete secrets | ✅ | ✅ | ❌ |
| List AuthKit | ✅ | ✅ | ✅ |
| Create AuthKit | ✅ | ✅ | ❌ |
| Read AuthKit | ✅ | ✅ | ✅ |
| Update AuthKit | ✅ | ✅ | ❌ |
| Delete AuthKit | ✅ | ✅ | ❌ |
| Create projects | ✅ | ✅ | ❌ |
Project Permissions
Project permissions follow the same structure as organization permissions, but are scoped to the specific project.| Permission | Admin | Manager | Member |
|---|---|---|---|
| List connections | ✅ | ✅ | ✅ |
| Create connections | ✅ | ✅ | ❌ |
| Read connections | ✅ | ✅ | ❌ |
| Update connections | ✅ | ✅ | ❌ |
| Delete connections | ✅ | ❌ | ❌ |
| List secrets | ✅ | ✅ | ✅ |
| Create secrets | ✅ | ✅ | ✅ |
| Read secrets | ✅ | ✅ | ❌ |
| Update secrets | ✅ | ✅ | ❌ |
| Delete secrets | ✅ | ✅ | ❌ |
| List AuthKit | ✅ | ✅ | ✅ |
| Create AuthKit | ✅ | ✅ | ❌ |
| Read AuthKit | ✅ | ✅ | ✅ |
| Update AuthKit | ✅ | ✅ | ❌ |
| Delete AuthKit | ✅ | ✅ | ❌ |
Best Practices
Use Project-Scoped Keys
Use Project-Scoped Keys
Always use project-scoped API keys when working with specific environments or clients. This provides better security and isolation.
Principle of Least Privilege
Principle of Least Privilege
Grant team members the minimum level of access they need. Use Member roles for read-only access and Manager roles when write access is needed.
Separate Environments
Separate Environments
Create separate projects for development, staging, and production to prevent accidental modifications to production resources.
Regular Access Reviews
Regular Access Reviews
Periodically review organization and project members to ensure everyone still needs their current level of access.
Descriptive Names
Descriptive Names
Use clear, descriptive names for organizations, projects, and API keys to make management easier as you scale.
Monitor API Key Usage
Monitor API Key Usage
Track which API keys are being used and rotate or revoke unused keys regularly.