Organizations
Create and manage organizations with team members and roles
Organizations
Organizations are the top-level container in MySigner for managing apps, credentials, and team collaboration.
Overview
Every resource in MySigner belongs to an organization:
- Credentials - App Store Connect and Google Play API keys
- Apps - iOS and Android apps synced from the stores
- Certificates & Profiles - iOS code signing resources
- Keystores - Android signing keys
- Team Members - Users with role-based access
Creating an Organization
- Go to Organizations in the sidebar
- Click New Organization
- Enter a name (e.g., "Acme Inc" or "Mobile Team")
- Click Create
You become the Owner of the organization automatically.
Plan note: Organization count is plan-limited. If you hit the cap, MySigner will show an upgrade prompt and point you to the pricing page. Billing is still handled manually during early access.
Organization Settings
From the organization page, you can:
General Settings
- Edit Name - Click the edit button to rename
- Delete Organization - Permanently remove (Owner only)
Team Management
- Invite Members - Send email invitations
- Manage Roles - Change member permissions
- Remove Members - Revoke access
Sync Controls
- Sync iOS - Refresh data from App Store Connect
- Sync Android - Refresh data from Google Play
Team Members and Roles
MySigner has three assignable roles (Admin, Developer, Viewer) plus a special Owner status that belongs to one user per organization.
Owner is not a selectable role. When you create an organization you become its Owner automatically. Ownership is a separate organization-level status — every Owner also has a membership row, and the Owner-status grants the same permissions as Admin plus the ability to delete the organization. Ownership is currently permanent for the lifetime of the organisation — there is no in-app Transfer Ownership flow yet (see below). When you invite someone to the team, the role dropdown only shows Admin, Developer, and Viewer.
Owner (organization-level status, one per org)
- Full access to everything Admin has, plus:
- Can delete the organization
- Cannot currently be changed in-app — ownership is fixed for the lifetime of the organisation (a Transfer Ownership UI is on the roadmap; until then, contact support if you need to reassign)
- Cannot be removed from the team like a regular member
Admin (role)
- Manage team members (invite any role, remove, change roles)
- Manage credentials (add, edit, delete)
- Manage all resources (keystores, devices, profiles)
- Cannot delete organization
Developer (role)
- Ship builds and trigger syncs
- Manage app resources (releases, app config)
- Create API tokens (Read/Write scope only — Admin scope requires Admin or Owner)
- Invite new members (Developer or Viewer roles only)
- View credentials (sensitive values hidden)
- Cannot manage credentials, keystores, or devices
Viewer (role)
- View all resources (read-only)
- View credentials (sensitive values hidden)
- Cannot ship builds, create tokens, or make changes
Role Permissions
| Capability | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| View resources | ✓ | ✓ | ✓ | ✓ |
| Ship builds | ✓ | ✓ | ✓ | ✗ |
| Trigger sync | ✓ | ✓ | ✓ | ✗ |
| Manage releases | ✓ | ✓ | ✓ | ✗ |
| Create API tokens | ✓ | ✓ | ✓ | ✗ |
| Invite members | ✓ | ✓ | ✓* | ✗ |
| Manage devices | ✓ | ✓ | ✗ | ✗ |
| Manage profiles | ✓ | ✓ | ✗ | ✗ |
| Manage keystores | ✓ | ✓ | ✗ | ✗ |
| Manage credentials | ✓ | ✓ | ✗ | ✗ |
| Remove members | ✓ | ✓ | ✗ | ✗ |
| Change roles | ✓ | ✓ | ✗ | ✗ |
| Delete organization | ✓ | ✗ | ✗ | ✗ |
*Developers can only invite Developer or Viewer roles, not Admin.
Transfer ownership is not yet available in-app — the Owner is fixed for the lifetime of the organisation. A Transfer Ownership UI is on the roadmap; until then, contact support if you need to reassign ownership.
Inviting Team Members
Send an Invitation
- Go to your organization page
- Scroll to Team section
- Click Invite Member
- Enter the email address
- Select a role (Admin, Developer, or Viewer)
- Click Send Invitation
Developers can only invite other Developers or Viewers. Only Admins and Owners can invite Admins.Plan note: Team seats are also plan-limited per organization. If the invite flow is blocked, use the upgrade prompt or visit the pricing page to request a higher tier.
Invitation Status
| Status | Description |
|---|---|
| Pending | Invitation sent, awaiting response |
| Accepted | Member joined the organization |
| Expired | Not accepted within 7 days |
Resend Invitation
If an invitation expires or wasn't received:
- Find the pending invitation
- Click Resend
- A new invitation email is sent
Managing Members
Change a Role
- Go to Team section
- Find the member
- Click the role dropdown
- Select the new role
Remove a Member
- Go to Team section
- Find the member
- Click Remove
- Confirm the removal
Removing a member doesn't automatically revoke their API tokens. Remind them to delete tokens or revoke from the API Tokens page.
Transfer Ownership (not yet available)
There is no in-app Transfer Ownership flow today. The Owner of an organisation is set when the organisation is created and is fixed thereafter. If you need to reassign ownership (e.g. when a founding owner leaves the company), please contact support.
A future release will add a self-service Transfer Ownership flow. When it ships, the action will be recorded in the Audit Log on Team plans.
Switching Organizations
In the Dashboard
- Click the organization name in the sidebar
- Select a different organization from the list
With the CLI
# List your organizations
mysigner orgs
# Switch interactively
mysigner switch
Multiple Teams
You can create separate organizations for different purposes:
| Organization | Use Case |
|---|---|
| Acme Inc - Production | Production apps and credentials |
| Acme Inc - Dev | Development and testing |
| Personal Projects | Side projects |
| Client: BigCorp | Client work with separate billing |
Each organization has its own: - Credentials - Team members - Resources - Billing (if applicable)
Best Practices
Organization Structure
- One organization per company/team - Keep related apps together
- Separate production and dev - Use different organizations if you need isolated credentials
- Descriptive names - Make it clear what the organization is for
Team Management
- Minimal permissions - Give members the lowest role they need (see the Permissions matrix for the full role-vs-capability table)
- Admin for leads - Team leads and those managing credentials get Admin
- Developer for engineers - Developers who ship builds get Developer role
- Viewer for stakeholders - Read-only access for those who don't need to make changes
- Regular audits - Review team membership periodically. On Team plans, every membership change (invitation sent, accepted, cancelled, member added, role changed, member removed) is recorded in the Audit Log so you can review the full history.
Security
- Rotate credentials - Update API keys annually
- Enable 2FA - Encourage all members to enable two-factor auth
- Use SSO on Team plans - Centralise identity with SAML 2.0 SSO (Okta, Microsoft Entra, Google Workspace, or any generic IdP). Optional enforcement blocks password / OAuth login for everyone except the Owner.
- Revoke on departure - Remove members when they leave the team
- Separate CI tokens - Use dedicated tokens for automation
Related
- Credentials - Set up App Store Connect and Google Play
- API Tokens - Generate tokens for CLI access
- Permissions - Role-based access control matrix (Team)
- Audit Log - Track sensitive actions across your organisation (Team)
- SSO (SAML 2.0) - Single Sign-On with your IdP (Team)
- Pricing & Plans - Seat limits and tier comparison
- Team Setup Guide - Detailed walkthrough