Organization
Manage teams, Single Sign-On (SSO), and audit logs from a single page. Organization is the central hub for access control and security.
Overview
The Organization page has three tabs:
- Team — Create teams, invite members, assign roles
- SSO — Configure Single Sign-On (SAML 2.0 or OpenID Connect)
- Audit Log — Track all actions across your account
Team Selector
If you have multiple teams, a team selector appears at the top. SSO and Audit Log are scoped to the selected team.
Team Management
Teams let you organize members and control who can access what. Each team has its own endpoints, API keys, and webhook configurations.
Creating a Team
Click the "Create Team" button in the top right corner. Enter a team name and confirm. You become the owner automatically.
Inviting Members
Open a team, click "Invite Member", enter their email and select a role. They receive an invite link. The link expires in 7 days.
Roles
Each member has one of three roles:
Admin
Full access. Can invite/remove members, change roles, delete team, manage SSO.
Editor
Can create and manage endpoints, API keys, and webhooks. Cannot manage team members.
Viewer
Read-only access. Can view endpoints, deliveries, and analytics. Cannot make changes.
Permission Matrix
| Action | Admin | Editor | Admin | docsOrganization.permDeveloper | docsOrganization.permAnalyst | Viewer |
|---|---|---|---|---|---|---|
| Create/edit endpoints | ||||||
| Send webhooks | ||||||
| View deliveries | ||||||
| Manage API keys | ||||||
| docsOrganization.permViewAnalytics | ||||||
| Invite members | ||||||
| Remove members | ||||||
| Change roles | ||||||
| Delete team | ||||||
| Manage SSO |
Transferring Ownership
The owner can transfer ownership to any admin. Go to team settings → Transfer Ownership. The new owner gets full control; the old owner becomes an admin.
Deleting a Team
The owner can delete a team. All members are removed, all endpoints and API keys are deleted. This cannot be undone. If the team is linked to an SSO config, remove the SSO reference first.
Leaving a Team
Any member can leave a team. The owner cannot leave — they must transfer ownership first or delete the team.
Single Sign-On (SSO)
SSO lets your team log in with their existing identity provider (Okta, Azure AD, Google Workspace, Auth0, Keycloak, etc.) instead of creating separate HookSniff accounts.
Enterprise Only
SSO is available on the Enterprise plan. Other plans see an upgrade prompt.
Supported Providers
SAML 2.0
Okta, OneLogin, Azure AD, Google Workspace, Ping Identity
OpenID Connect (OIDC)
Auth0, Keycloak, AWS Cognito, Microsoft Entra ID
Setup Steps
Step 1: Choose Provider
Select SAML 2.0 or OpenID Connect. Choose based on your identity provider.
Step 2: Configure
For SAML: Enter the Metadata URL, Entity ID, SSO URL, and X.509 Certificate from your identity provider.
For OIDC: Enter the Issuer URL, Client ID, and Client Secret from your identity provider.
Step 3: Test
Click "Test Connection" to verify your configuration. HookSniff connects to your identity provider and validates the settings.
Step 4: Enforce
After a successful test, click "Enforce SSO". A confirmation modal appears:
- All team members will be required to log in via SSO
- Password login will be disabled
Admin Bypass
Optionally, allow admins to keep using password login. Useful for emergency access.
Auto Team Join
When SSO is enforced, you can configure automatic team assignment. New users who log in via SSO are automatically added to a team with a specified role.
Default Team
The team new SSO users join automatically.
Default Role
The role assigned to new SSO users (viewer, editor, or admin).
Verified Domain
Email domain for automatic SSO user discovery. Users with this domain will be matched to this organization.
How domain verification works:
- Enter your domain (e.g., company.com)
- HookSniff generates a TXT record
- Add the TXT record to your DNS
- Click "Verify Domain" — HookSniff checks the DNS record
SSO Login URL
After SSO is enforced, a login URL is generated. Share this with your team:
https://hooksniff.vercel.app/v1/sso/login?email=user@company.comUsers can also go to the normal login page and enter their email — HookSniff detects the SSO provider automatically.
Disabling SSO
To disable SSO, click "Disable SSO" on the status banner. Password login is re-enabled. SSO config is preserved — you can re-enable it later.
Audit Log
The Audit Log tracks all actions performed on your account. Every login, endpoint creation, API key rotation, and team change is recorded.
Filters
Filter by action type: Auth, Endpoints, API Keys, Webhooks, Team, Settings, Billing.
Columns
- Time — When the action happened
- Action — What was done (e.g., endpoint.create, auth.login)
- Actor — Who performed the action (email)
- Resource — What was affected (type/id)
- Details — Additional context
- IP Address — Where the action came from
Tracked Actions
- Auth — login, logout, register
- Endpoints — create, update, delete
- API Keys — create, rotate, delete
- Webhooks — send, replay
- Team — invite, remove
- Settings — update
- Billing — update
API Reference
Teams API
Full CRUD for teams, member management, invites, and role changes.
SSO API
SSO config management, connection testing, domain verification, and login flow.
Audit Log API
Query audit log entries with pagination and filtering.