Everything a workspace shares — identity, people, billing, data model, and workflow infrastructure — is configured under /settings. What you see there depends on your workspace role.
Roles and access
Every member has a workspace-level role:
- Member — works in the workspace; sees General, Agents, Usage, Runtime policy, Connections, Secrets, and Devices.
- Admin — everything above, plus Members, Cycles, Audit log, Billing, Trash, and the Data section.
- Owner — the workspace creator’s protected role. Only the owner sees the Danger zone.
Pages that members can open but not change (General, Runtime policy) show a note and render read-only controls. Admin-only pages redirect non-admins back to General.
General
The workspace’s identity and defaults. Members can view; admins can edit.
- Name — rename the workspace in place.
- Fiscal year starts — pick the start month. Fiscal-year filter tokens shift for everyone in the workspace.
- License — self-hosted installations also see a commercial-license notice here. Cloud workspaces never see this section. See Licensing.
Members
Admins invite teammates, adjust roles, and manage access at /settings/members.
- Invite member — enter an email and choose Member or Admin. Invitees join with a workspace-level role; team membership is managed on team pages.
- Change role — switch a member between Member and Admin. The select saves on change. You cannot demote yourself if you are the last admin, and the owner’s role can’t be changed here.
- Invites — resend or revoke a pending invite.
- Suspend / Activate — suspended members immediately lose access but keep their history.
- Remove — removes the member from the workspace immediately. The owner can’t be suspended or removed from settings.
Agents
AI agent identities you bind to message and call trigger nodes in your Workflows. Any active member can create a private agent; sharing follows the private/team/workspace model, and team access inherits through the hierarchy.
- Each agent has a name, handle, description, and avatar.
- The capability profile (model, BYOK model, token budget, BYOK connection) overrides the AI node’s own settings wherever the agent acts.
- Deactivated agents keep their bindings but stop answering. Admins can designate a workspace-shared agent as the default.
- The agent’s Registered workflows list is read-only here — edit bindings from the trigger node in the workflow editor.
Cycles
Moving sprints for the workspace: fixed-length iterations that advance on their own and carry unfinished work forward. Admin-only.
Turn cycles on, then set the schedule: cycle length, start day, cooldown between cycles, how many upcoming cycles to keep ready, and a name template ({n} becomes the cycle number). Two automation toggles: Roll over unfinished tasks when a cycle ends, and Add started tasks to the active cycle. Schedule changes apply to future cycles only — the active cycle keeps its dates.
Usage
A read-only view of what the workspace’s workflows consumed over the recent window: usage credit balance (runner time, storage, and managed AI), spend by workflow, workflow activity, and cluster resources. Use Refresh to re-read the numbers. Everyone can view; the Buy credit shortcut is admin-only.
Billing
Admin-only. Shows the current plan with its included usage credit, concurrent-run limit, and storage allowance; the subscription (Paddle is the merchant of record — receipts and payment methods live in their emails); the usage-credit balance; and prepaid credit packs you can buy to top up.
Data
Admin-only pages for shaping workspace data:
- Data model — record types and labels. See Record Types & Records for the full guide.
- Task configuration — task statuses and task types.
Connections
Credentials and connectivity that back workflow Nodes — OAuth, credential, and connectivity providers. Add and share Connections at /settings/connections. See Integrations for providers, scopes, and sharing.
Secrets
Named values workflow steps resolve at runtime. Values are write-only: set exactly once at creation and never viewable again, anywhere.
- Names are UPPER_SNAKE_CASE (a letter, then letters, digits, or underscores; max 63 characters).
-
A secret is either a locally encrypted value or a 1Password reference (
op://vault/item/field) — the reference option appears only when the workspace has a 1Password Connection. - Sharing follows the private/team/workspace model. Workspace admins do not bypass private secrets.
- Every access to the secret store is recorded in the audit log. See Security for the encryption model.
Runtime policy
Network rules applied to the workspace’s workflow Runs. Members can read the policy; only admins can change it.
- Outbound network access — off by default. When on, Runs can only reach the listed destinations over HTTPS: plan defaults plus custom additions on paid tiers. Changes apply to new Runs within a few minutes.
- Container image registries — off by default. When on, workflow images must come from the allowed registries; custom entries replace the defaults (docker.io, ghcr.io). Enforced when Workflows are saved and when Runs start.
Devices
Devices registered by the Rollout client apps, with per-device sharing and the capabilities exposed to Workflows. See Desktop App Companion.
Trash
Admin-only. Archived Workflows and Projects live here; Restore brings an item back exactly as it was. Archived Workflows keep their runs, snapshots, and branches — restoring re-arms Triggers only if the Workflow is enabled. Archived Projects keep their tasks and history.
Audit log
Admin-only, append-only — entries cannot be edited or deleted. Records secret-store activity, including reads by workflow Runs and lookups of names that don’t exist. See Security.
API keys
API keys are personal and live under your account at /account/api-keys, not in workspace settings. Each key is bound to one workspace and acts on your behalf inside it. Generate a key, copy it once, and use it as a bearer token — for example in your local MCP config (see MCP Integration). Revoke keys individually or all at once.
Danger zone
Owner-only. Delete workspace permanently deletes the workspace and all of its data — projects, tasks, workflows, messages, and activity history. There is no grace period and no recovery. You confirm by typing the workspace name, and a recent re-authentication is required; everyone in the workspace loses access immediately.