Organizations & Teams

Ferrule is multi-tenant: every resource (integrations, API keys, prompts) belongs to an organization, not an individual user. This lets firms share a single Ferrule instance across their team while keeping each firm's data isolated.

Organizations

When you sign up for Ferrule you create an organization. All integrations you connect, API keys you generate, and prompts you store belong to that organization.

Members of your organization can access shared integrations through a single AI assistant connection — each member generates their own API key, which Ferrule traces back to the organization's integration credentials.

Members and roles

Every member of an organization has one of three built-in roles:

Admins and owners bypass all access control — they always have access to every connected integration.

Custom roles

If you need finer-grained control you can create custom roles that restrict which integrations a member can access.

Custom roles apply only to members with the Member built-in role. A custom role is a named set of integrations: members assigned that role can only call tools from those integrations, not the full set the organization has connected.

Custom role management is available under Dashboard → Roles (admin or owner access required).

Inviting team members

Owners and admins can invite new members via Dashboard → Members → Invite. Invitees receive an email with a one-time link. Once they accept, they join the organization with the Member role and can be promoted or assigned a custom role afterward.

API keys

Each member generates their own API keys under Dashboard → API Keys. API keys:

• Are scoped to the member's accessible integrations (respecting custom roles).
• Expire after a configurable period (default 30 days, maximum 365 days).
• Can be revoked at any time.
• Are stored as a SHA-256 hash — Ferrule cannot recover the plaintext after creation, so copy it immediately after generating.