Account & billing

Manage your organization, projects, members, teams, billing, RBAC, audit log, SSO, and data residency from one shared admin surface.

The Account section is the org-wide admin surface — billing, members + teams, RBAC, audit log, SSO/SCIM (Enterprise), and per-project data-residency settings. These are the things that exist across projects rather than inside one.

Most pages here are dashboard-driven. They expose a REST API for programmatic management (CI scripts, IdP webhooks, custom admin tools) but the day-to-day surface is the dashboard.

What's here

Plans

Plans & billing

Hobby, Pro, Growth, Enterprise. Per-organisation pricing. Per-product event quotas + retention windows.

People

Teams & members

Invite people, group them into teams, assign teams to projects in one click.

Permissions

RBAC

Viewer / Editor / Admin per project; Owner at the organization level.

Visibility

Audit log

Every flag toggle, deploy promotion, member change, and key rotation. CSV export + webhook stream on Pro+.

Enterprise

SSO & SCIM

SAML 2.0 + OIDC sign-in, SCIM 2.0 user provisioning. Enterprise tier.

Compliance

Data residency

Pin a project to eu-west-1, us-east-1, af-south-1, or ap-southeast-1. Available on all tiers.

Org / project hierarchy at a glance

Sankofa's tenancy model from the Concepts → Organizations and projects page:

  • One organization per company. Created at sign-up. Has billing, plan tier, SSO config, audit log, members, teams.
  • One or more projects per organization. A project is the boundary for events, flags, configs, deploys, surveys, RBAC, API keys.
  • Two environments per projectlive and test — resolved by API key.
ConceptWhere it livesWho manages it
Plan & billingOrganizationOwner
SSO / SCIMOrganizationOwner
Audit logOrganizationAdmin / Owner
Members + teamsOrganizationAdmin / Owner
Per-project membersProjectProject Admin
Data-residency regionPer projectOwner (set at project creation)
API keysPer project + per environmentProject Admin

Common admin tasks

  1. Add a new team member

    /dashboard/account/members → Invite. Email + initial role. They get a sign-up link; once accepted, they show up in the members list and can be assigned to teams or specific projects. See Teams & members.

  2. Spin up a new project

    /dashboard → New project. Pick the data-residency region (default eu-west-1). The project gets a fresh live and test API key. Add members via teams or per-member overrides.

  3. Upgrade your plan

    /dashboard/account/billing → Upgrade. Pay by card, ACH (Pro+), or invoice (Enterprise). The new tier's limits apply immediately; changes are pro-rated. See Plans & billing.

  4. Enable SSO

    /dashboard/account/sso → Configure SAML / OIDC. Available on Enterprise. Your IdP's metadata XML or OIDC discovery URL is enough — Sankofa's SP entity ID + ACS URL are pre-configured. See SSO & SCIM.

  5. Export the audit log

    /dashboard/account/audit-log → Export CSV (Pro+) or configure a webhook subscription to stream events. See Audit log.

Where to go next

Start here

Plans & billing

The tier matrix and what each one includes.

Setup

RBAC

Decide who gets what role before inviting the team.

Concepts

Tenancy model

The deeper concept — why org / project / env splits the way it does.

Edit this page on GitHub