From 520d5fe08471653219a0be763336449d963829e2 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Wed, 25 Jun 2025 17:43:47 +0200 Subject: [PATCH 01/18] Introducing the new Limited Collaborator role. --- ...count.md => 2000-01-01-user-management.md} | 0 .../platform/account/2000-01-01-manage.md | 95 ------------------- .../2000-01-01-collaborators.md | 1 + .../user-management/2000-01-01-guides.md | 58 +++++++++++ .../2000-01-01-manage-collaborators.md | 22 +++++ .../2000-01-01-manage-your-account.md | 94 ++++++++++++++++++ .../user-management/2000-01-01-roles.md | 66 +++++++++++++ .../2000-01-01-user-management.md | 16 ++++ 8 files changed, 257 insertions(+), 95 deletions(-) rename src/_posts/platform/{2000-01-01-account.md => 2000-01-01-user-management.md} (100%) delete mode 100644 src/_posts/platform/account/2000-01-01-manage.md rename src/_posts/platform/{app => user-management}/2000-01-01-collaborators.md (99%) create mode 100644 src/_posts/platform/user-management/2000-01-01-guides.md create mode 100644 src/_posts/platform/user-management/2000-01-01-manage-collaborators.md create mode 100644 src/_posts/platform/user-management/2000-01-01-manage-your-account.md create mode 100644 src/_posts/platform/user-management/2000-01-01-roles.md create mode 100644 src/_posts/platform/user-management/2000-01-01-user-management.md diff --git a/src/_posts/platform/2000-01-01-account.md b/src/_posts/platform/2000-01-01-user-management.md similarity index 100% rename from src/_posts/platform/2000-01-01-account.md rename to src/_posts/platform/2000-01-01-user-management.md diff --git a/src/_posts/platform/account/2000-01-01-manage.md b/src/_posts/platform/account/2000-01-01-manage.md deleted file mode 100644 index 7d85f31c2..000000000 --- a/src/_posts/platform/account/2000-01-01-manage.md +++ /dev/null @@ -1,95 +0,0 @@ ---- -title: Manage your Account -modified_at: 2024-06-20 00:00:00 -tags: account -order: 6 ---- - -The configuration of your account is done using the -[dashboard](https://dashboard.scalingo.com). The following sections are reachable from -the top right menu: - -## Profile - -[Dashboard Profile page](https://dashboard.scalingo.com/account) - -Personal information can be managed from this page. It includes changing -username, full name, location and company as well as configuring Scalingo's newsletter -subscription. - -This page also lets you configure the language of the interface and the theme. - -## Authentication - -[Dashboard Authentication page](https://dashboard.scalingo.com/account/authentication) - -This page lets you update the email address associated to your account along with the password and 2FA. - -In case you created your Scalingo account with the "Login with GitHub" button, you cannot update your password using this form as you don't have any "Current password" to provide. In this situation, please log out and use the [Forgot your password?](https://auth.scalingo.com/users/password/new) form with the email address associated to your GitHub account. - -Account deletion is located here. The action is possible only once your account -does not own any application anymore, make sure to delete them all first. - -## SSH Keys - -[Dashboard SSH keys management page](https://dashboard.scalingo.com/account/keys) - -SSH keys serve as a means of identifying yourself to Scalingo's git server. -Each time a deployment is triggered using the `git push` command, your account -need to be authenticated with one of your SSH Keys. - -[Learn how to configure your SSH key for your operating system]({% post_url platform/getting-started/2000-01-01-troubleshooting-ssh %}) - -## API Tokens - -On this page, the API tokens associated to your account are available. These -tokens let you authenticate to our API if you need to build tools to manage the -platform in a programmable way. Have a look at our [API -documentation](https://developers.scalingo.com) to learn how to use them. - -## Billing - -[Dashboard Billing page](https://dashboard.scalingo.com/billing) - -Configure your payment methods in this section. The platform support 3 methods: - -* Debit/Credit card payments: the beginning of each month, the platform charges -on the cards what has been consumed the month before. - -* Prepaid credit bought with PayPal: buy credit in advance and we'll use them to pay -the invoices. Payment fallback on the bank card if there is not enough credit to -pay an invoice. - -* SEPA payment: for customers located in the European Union, SEPA debit can be used to pay -invoices, an electronic SEPA mandate is generated during the setup process. - -Payment history can also be found on this page, including links to download -your past invoices. - -An invoice from the previous month consumption in the platform is generated -monthly. It sums up all the resources you have used on Scalingo, it includes: - -* Application containers runtime -* Application addons - -If you bought prepaid-credit with PayPal and that you have not enough credit to -pay the invoice, the invoice will be considered **unpaid** and you have to add -more credit. - -If you added a payment card, the platform tries to charge it when the invoice -is generated. If the operation fails, the invoice will be considered -**unpaid**. The charge operation is then retried automatically a few times -up to 12 days after the date the invoice has been issued. - -In both cases, if an invoice remains unpaid your account will be -suspended, you have to either add prepaid credit or change the payment card -during this period. The newly added payment method will directly be used to pay -the unpaid invoice. - -## Referrals - -[Dashboard Referrals page](https://dashboard.scalingo.com/account/referrals) - -Scalingo embeds a referral program: recommend us and share your referral link, -you'll get discounts worth of 20% of the invoices amount received by the people -you've invited, each month during 12 months. diff --git a/src/_posts/platform/app/2000-01-01-collaborators.md b/src/_posts/platform/user-management/2000-01-01-collaborators.md similarity index 99% rename from src/_posts/platform/app/2000-01-01-collaborators.md rename to src/_posts/platform/user-management/2000-01-01-collaborators.md index 7958920bf..a52df73a3 100644 --- a/src/_posts/platform/app/2000-01-01-collaborators.md +++ b/src/_posts/platform/user-management/2000-01-01-collaborators.md @@ -2,6 +2,7 @@ title: Collaborators modified_at: 2025-02-07 00:00:00 tags: app collaborators +order: 1 --- Collaborators is a feature allowing the owner of an app to invite other Scalingo accounts to team up and work jointly on the app. An app can have as many collaborators as needed. diff --git a/src/_posts/platform/user-management/2000-01-01-guides.md b/src/_posts/platform/user-management/2000-01-01-guides.md new file mode 100644 index 000000000..a98080ac1 --- /dev/null +++ b/src/_posts/platform/user-management/2000-01-01-guides.md @@ -0,0 +1,58 @@ +--- +title: Role & Access Management: Recommended Practices by Team Structure +modified_at: 2025-06-25 00:00:00 +tags: account +order: 5 +--- + +This guide outlines recommended practices for managing roles, collaborators, and security settings on Scalingo, depending on your team’s size and structure. While Scalingo keeps access control simple, using roles strategically will help you balance collaboration with operational security. + +## Small Teams + +Structure example: A CTO or lead developer, and a few developers. + +Recommendations: + +* Assign the Owner role to the CTO or technical lead responsible for billing and application lifecycle. +* Give the Collaborator role to developers who are trusted with full access to settings and data. +* If contributors have limited responsibilities, prefer using the Limited Collaborator role to restrict access to sensitive operations. +* Encourage code review and protected branches in your SCM to limit the impact of elevated permissions. + +## Mid-Sized Teams + +Structure example: A CTO, a lead developer, senior developers, junior developers. + +Recommendations: + +* Keep the Owner role for the CTO or an engineering manager in charge of account and billing governance. +* Assign the Collaborator role to trusted leads who need access to all environments, data, and team management. +* Use the Limited Collaborator role for senior developers who handle deployments and logs but don’t need access to sensitive configurations or secrets. +* Junior developers do not need a Scalingo account. They can contribute to the project exclusively through your GitHub or GitLab workflows. +* Leverage branch protections and CI validation workflows for better deployment governance. + +## Large or Multi-Project Teams + +Structure example: Several project teams and multiple environments. + +Recommendations: + +* Use a global Service Account (dedicated Scalingo account) as the application Owner, especially for production apps. This avoids coupling billing or critical permissions to a personal account. +* Apply the same role split as in mid-sized teams: Collaborator for leads, Limited Collaborator for developers. +* Use a specific and dedicated Service Account to scope API tokens to a given application and ensure better isolation between apps. + +## API Tokens: Per-App Scoped Access + +Since API tokens inherit all the permissions of the user account they are generated from, we recommend using a dedicated service account when you need application-scoped API access. +Add this service account as a Collaborator on the specific application only, and generate API tokens from it. + +This ensures that the token has access exclusively to the intended application, and cannot be used across other apps. + +## Verify whether your collaborators have 2FA enabled + +Although 2FA cannot be enforced globally on Scalingo, you can view each collaborator’s 2FA status from the \[Collaborators page\](https://dashboard.scalingo.com/collaborators) of your Scalingo dashboard. + +Recommendations: + +* Perform regular reviews of 2FA status for all collaborators. +* Use our API to automate checks and integrate them into your internal security alerts or audit processes. + diff --git a/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md b/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md new file mode 100644 index 000000000..ac3dd5b9e --- /dev/null +++ b/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md @@ -0,0 +1,22 @@ +--- +title: Manage Collaborators +modified_at: 2025-06-25 00:00:00 +tags: app collaborators +order: 3 +--- + +Inviting collaborators enables you to share access to specific applications while preserving full control and accountability. This feature is designed to support seamless teamwork from development to production. + +{% note %} +Granting collaborator access should be done with care. While collaborators cannot delete an application, they still hold sufficient privileges to modify configurations, deploy new code, or scale resources. These actions can impact the stability or availability of your services. +{% endnote %} + +When inviting a new collaborator, it is essential to assign them the appropriate role based on their responsibilities. [Roles]({% post_url platform/user-management/2000-01-01-roles %} define the level of access and actions a user can perform on your applications and databases. + +@import https://doc.scalingo.com/platform/app/collaborators#managing-collaborators + +When you remove permissions from a user, environment variables and other credentials are not changed. Users can still directly access services if they know the service credentials. To fully revoke access, make sure to rotate all relevant secrets, such as database passwords and API tokens. + +{% note %} +At the moment, updating the password of the default database user requires assistance from the Scalingo support team. Once the password is changed, you must manually update the associated environment variable and restart the parent application for the new credentials to be used. +{% endnote %} diff --git a/src/_posts/platform/user-management/2000-01-01-manage-your-account.md b/src/_posts/platform/user-management/2000-01-01-manage-your-account.md new file mode 100644 index 000000000..c8bab1eb6 --- /dev/null +++ b/src/_posts/platform/user-management/2000-01-01-manage-your-account.md @@ -0,0 +1,94 @@ +--- +title: Manage your Account +modified_at: 2024-06-20 00:00:00 +tags: account +order: 2 +--- + +Your personal Scalingo account enables you to create applications and databases, which are billed based on your resource usage on the associated payment method. + +All account configuration is performed via the \[Scalingo Dashboard\](https://dashboard.scalingo.com). Access account settings from the top-right menu. The main sections include: + +## Profile + +\[Dashboard Profile page\](https://dashboard.scalingo.com/account) + +Manage your personal details including username, full name, location, company information, and newsletter preferences. + +You can also customize your experience by selecting your preferred interface language and theme (light or dark). + +## Contracts + +This section displays all legal agreements applicable to your account, whether currently active or archived. + +## HDS + +\[HDS Profile page\](https://dashboard.scalingo.com/account/hds) + +If you host health data under the French HDS regulations and have signed the HDS annex, this page allows you to view the applicable HDS annexes and manage the designated healthcare data point of contact for your applications. + +{% note %} +Reminder: the point of contact information should be reviewed at least every 12 months and updated if necessary. +{% endnote %} + +## Authentication + +\[Dashboard Authentication page\](https://dashboard.scalingo.com/account/authentication) + +This page lets you update the email address associated with your account along with the password and 2FA. + +If your account was created using “Sign up with GitHub”, you cannot set a password via this form as no current password exists. Instead, log out and use the \[Forgot your password?\](https://auth.scalingo.com/users/password/new) feature with your GitHub associated email. + +## SSH Keys + +\[Dashboard SSH keys management page\](https://dashboard.scalingo.com/account/keys) + +SSH keys serve as a means of identifying yourself to Scalingo's git server. Each time a deployment is triggered using the \`git push\` command, your account needs to be authenticated with one of your SSH Keys. + +\[Learn how to configure your SSH key for your operating system\]({% post\_url platform/getting-started/2000-01-01-troubleshooting-ssh %}) + +## API Tokens + +\[Dashboard API Tokens\](https://dashboard.scalingo.com/account/tokens) + +This page lists the API tokens linked to your account. They allow you to authenticate with our API to build custom tools and interact with the platform in a programmable way. + +{% note %} +API tokens inherit the exact permissions of your account for each application or database. Currently, it is not possible to restrict the scope or permissions of an individual token. +For improved security, especially in larger organizations, we recommend reviewing our \[security best practices guide\]. +{% endnote %} + +Have a look at our \[API documentation\](https://developers.scalingo.com) to learn how to use them. + +## Billing + +\[Dashboard Billing page\](https://dashboard.scalingo.com/billing) + +Configure your payment methods in this section. The platform supports 3 methods: + +* Debit/Credit card payments: the beginning of each month, the platform charges on the cards what has been consumed the month before. +* Prepaid credit bought with PayPal: buy credit in advance and we'll use them to pay the invoices. Payment fallback on the bank card if there is not enough credit to pay an invoice. +* SEPA payment: for customers located in the European Union, SEPA debit can be used to pay invoices, an electronic SEPA mandate is generated during the setup process. + +Payment history can also be found on this page, including links to download your past invoices. + +An invoice from the previous month consumption in the platform is generated monthly. It sums up all the resources you have used on Scalingo, it includes: + +* Application containers runtime +* Application addons + +If you bought prepaid-credit with PayPal and that you have not enough credit to pay the invoice, the invoice will be considered **unpaid** and you have to add more credit. + +If you add a payment card, the platform tries to charge it when the invoice is generated. If the operation fails, the invoice will be considered **unpaid**. The charge operation is then retried automatically a few times before the account is suspended and the data deleted. + +To resolve the issue, you can either add prepaid credit or update your payment method during this period. The new payment method will be charged right away to cover the unpaid invoice. + +## Delete my account + +To delete your account, you must first delete or transfer ownership of all your applications, and ensure all outstanding bills are settled. + +Then go to the Delete your Scalingo account section on the \[authentication\](https://dashboard.scalingo.com/account/authentication) page and click Delete. A final confirmation will be requested by email. + +Your account will be deactivated and marked for deletion. + +This action will queue the removal of all your Scalingo account's data, including: Deployments, Activity, Aliases, Domains, Certificates and your Billing subscription \ No newline at end of file diff --git a/src/_posts/platform/user-management/2000-01-01-roles.md b/src/_posts/platform/user-management/2000-01-01-roles.md new file mode 100644 index 000000000..5f8614c55 --- /dev/null +++ b/src/_posts/platform/user-management/2000-01-01-roles.md @@ -0,0 +1,66 @@ +--- +title: Roles +modified_at: 2025-06-25 00:00:00 +tags: account +order: 4 +--- + +Scalingo provides three predefined roles to help you adapt permissions to the level of responsibility you want to delegate to your collaborators: + +* **Owner**: Reserved for the application owner, this role grants the highest level of permissions, including full administrative control such as deleting or transferring the application. The Owner is also the one who is billed for the application’s usage. +* **Collaborator**: Best suited for trusted team members who require full operational and data access, including the ability to manage other collaborators. +* **Limited** **Collaborator**: Ideal for developers or technical contributors who need to operate applications without accessing sensitive data or modifying critical settings. + +## Role Capabilities Overview + +The following table helps compare roles. **Limited Collaborator** is the safest default for new users. + +| Role | Admin Control (delete/transfer) | App Configuration | Deployment | Add-ons Management | Collaborator Management | Access to Data & Secrets | +| :---- | :---- | :---- | :---- | :---- | :---- | :---- | +| Owner | ✅ Full | ✅ Full | ✅ Full | ✅ Ful | ✅ Full | ✅ Full | +| Collaborator | 🚫 None | ✅ Full | ✅ Full | ✅ Full | ✅ Full | ✅ Full | +| Limited Collaborator | 🚫 None | 🚫 None | ⚠️ Limited | 🚫 None | 🚫 None | 🚫 None | + +This table provides a simplified overview of the main permissions associated with each role. For a complete list of access rights please refer to the full permissions matrix. + +{% note %} +For improved security, especially in larger organizations, we recommend reviewing our [security best practices guide]({% post_url platform/user-management/2000-01-01-guides %}. +{% endnote %} + +## Owner + +Reserved for the application owner, this role grants the highest level of permissions, including full administrative control such as deleting or transferring the application. The Owner is also the one who is billed for the application’s usage. + +## Collaborator + +The Collaborator role is intended for trusted team members who are directly responsible for the configuration, deployment, and operational maintenance of applications and databases. It grants broad permissions, including access to environment variables, hosted data, deployment settings, and collaborator management, making it suitable for lead developers or DevOps engineers who need full technical control over the application. + +While collaborators can perform almost all actions, including inviting and managing other users, they cannot delete, rename, or transfer the application. Those actions remain reserved for the Owner. + +{% note %} +This role should only be assigned to individuals you fully trust, as it allows unrestricted access to sensitive data and the ability to make impactful changes to the application environment. +{% endnote %} + +## Limited Collaborator + +The Limited Collaborators role is designed to minimize the risks associated with granting access to third parties or collaborators without operational responsibility. It allows contributors to perform essential day-to-day operations such as restarting applications, viewing logs or metrics, and managing review apps while preventing actions that could compromise the stability, confidentiality, or integrity of your services. + +This role explicitly restricts access to critical operations like modifying configurations, deploying unvalidated code, exploring or exporting sensitive data and managing collaborators. + +It is especially suited for environments where separation of duties is required. It ensures that users can contribute to the project without being able to compromise service stability, data integrity, or team governance. + +{% note %} +In most cases, we recommend assigning the Limited Collaborator role by default, unless the user explicitly needs full access to configuration, data, or collaborator management. +{% endnote %} + +## Threat Modeling and Shared Responsibility + +Roles on Scalingo are designed to enforce the principle of least privilege within the platform. They control what users can see or modify across applications, databases, deployments, and configuration layers. By assigning roles appropriately, you can reduce the risk of accidental changes or unauthorized access to critical resources. + +However, platform-level access control is only one layer of protection. Application integrity also depends on the quality and trustworthiness of the code being deployed. Scalingo does not inspect your source code or development workflows. As such, it is the responsibility of each owner to: + +* Maintain strict access controls on your SCM provider (GitHub, GitLab) +* Review and validate all code before it reaches production +* Use protected branches and pull request reviews to enforce standards + +While roles can prevent a user from deploying an unvalidated branch directly from the dashboard they do not prevent a developer with access to your repository from introducing harmful logic into your codebase. We strongly recommend aligning your internal security practices with the deployment methods and access permissions you have configured on Scalingo. \ No newline at end of file diff --git a/src/_posts/platform/user-management/2000-01-01-user-management.md b/src/_posts/platform/user-management/2000-01-01-user-management.md new file mode 100644 index 000000000..9cffd8957 --- /dev/null +++ b/src/_posts/platform/user-management/2000-01-01-user-management.md @@ -0,0 +1,16 @@ +--- +title: User and Access Management +modified_at: 2025-06-25 00:00:00 +tags: account +order: 1 +--- + +Scalingo allows you to easily collaborate with others while maintaining full control over your applications, databases and environments. + +Each user account is sovereign and independent. It can be used to create and manage applications, provision databases, define a payment method, download invoices, and access detailed consumption reports. + +This section will help you understand how to: +- Manage your personal user account]({% post_url platform/user-management/2000-01-01-manage-your-account %} +- Manage your collaborators]({% post_url platform/user-management/2000-01-01-manage-collaborators %} +- [Understand the different user roles and their permissions]({% post_url platform/user-management/2000-01-01-roles %} +- [Leverage collaborators efficiently based on your organization’s structure]({% post_url platform/user-management/2000-01-01-guides %} From 4602a946670e30aee7c671737c74e3f2e528fcdb Mon Sep 17 00:00:00 2001 From: Benjamin Date: Wed, 25 Jun 2025 17:48:07 +0200 Subject: [PATCH 02/18] Fix post url --- .../platform/getting-started/2000-01-01-troubleshooting-ssh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/_posts/platform/getting-started/2000-01-01-troubleshooting-ssh.md b/src/_posts/platform/getting-started/2000-01-01-troubleshooting-ssh.md index a1a93296a..d6e412e1d 100644 --- a/src/_posts/platform/getting-started/2000-01-01-troubleshooting-ssh.md +++ b/src/_posts/platform/getting-started/2000-01-01-troubleshooting-ssh.md @@ -253,5 +253,5 @@ $ ssh-add -l -E md5 2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /home/USERNAME/.ssh/id_rsa (RSA) ``` -Go to the [Dashboard > User settings > SSH Keys]({% post_url platform/account/2000-01-01-manage %}#ssh-keys) +Go to the [Dashboard > User settings > SSH Keys]({% post_url platform/user-management/2000-01-01-manage %}#ssh-keys) page and check if the fingerprint is the same as the output of the previous command. From b4212d3a34d97907580c30fd9fe9166cbf89b152 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Wed, 25 Jun 2025 17:50:51 +0200 Subject: [PATCH 03/18] Fix URL et content --- .../platform/getting-started/2000-01-01-troubleshooting-ssh.md | 2 +- src/_posts/platform/user-management/2000-01-01-guides.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_posts/platform/getting-started/2000-01-01-troubleshooting-ssh.md b/src/_posts/platform/getting-started/2000-01-01-troubleshooting-ssh.md index d6e412e1d..5abaa01d0 100644 --- a/src/_posts/platform/getting-started/2000-01-01-troubleshooting-ssh.md +++ b/src/_posts/platform/getting-started/2000-01-01-troubleshooting-ssh.md @@ -253,5 +253,5 @@ $ ssh-add -l -E md5 2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /home/USERNAME/.ssh/id_rsa (RSA) ``` -Go to the [Dashboard > User settings > SSH Keys]({% post_url platform/user-management/2000-01-01-manage %}#ssh-keys) +Go to the [Dashboard > User settings > SSH Keys]({% post_url platform/user-management/2000-01-01-manage-collaborators %}#ssh-keys) page and check if the fingerprint is the same as the output of the previous command. diff --git a/src/_posts/platform/user-management/2000-01-01-guides.md b/src/_posts/platform/user-management/2000-01-01-guides.md index a98080ac1..fcd239b4b 100644 --- a/src/_posts/platform/user-management/2000-01-01-guides.md +++ b/src/_posts/platform/user-management/2000-01-01-guides.md @@ -49,7 +49,7 @@ This ensures that the token has access exclusively to the intended application, ## Verify whether your collaborators have 2FA enabled -Although 2FA cannot be enforced globally on Scalingo, you can view each collaborator’s 2FA status from the \[Collaborators page\](https://dashboard.scalingo.com/collaborators) of your Scalingo dashboard. +Although 2FA cannot be enforced globally on Scalingo, you can view each collaborator’s 2FA status from the [Collaborators page](https://dashboard.scalingo.com/collaborators) of your Scalingo dashboard. Recommendations: From dae78047e62f279184ec488c233487727137b4a5 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Wed, 25 Jun 2025 17:54:46 +0200 Subject: [PATCH 04/18] Fix url content --- .../user-management/2000-01-01-guides.md | 1 - .../2000-01-01-manage-your-account.md | 26 +++++++++---------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/src/_posts/platform/user-management/2000-01-01-guides.md b/src/_posts/platform/user-management/2000-01-01-guides.md index fcd239b4b..75f59a8a7 100644 --- a/src/_posts/platform/user-management/2000-01-01-guides.md +++ b/src/_posts/platform/user-management/2000-01-01-guides.md @@ -55,4 +55,3 @@ Recommendations: * Perform regular reviews of 2FA status for all collaborators. * Use our API to automate checks and integrate them into your internal security alerts or audit processes. - diff --git a/src/_posts/platform/user-management/2000-01-01-manage-your-account.md b/src/_posts/platform/user-management/2000-01-01-manage-your-account.md index c8bab1eb6..2e82a51e5 100644 --- a/src/_posts/platform/user-management/2000-01-01-manage-your-account.md +++ b/src/_posts/platform/user-management/2000-01-01-manage-your-account.md @@ -7,11 +7,11 @@ order: 2 Your personal Scalingo account enables you to create applications and databases, which are billed based on your resource usage on the associated payment method. -All account configuration is performed via the \[Scalingo Dashboard\](https://dashboard.scalingo.com). Access account settings from the top-right menu. The main sections include: +All account configuration is performed via the [Scalingo Dashboard](https://dashboard.scalingo.com). Access account settings from the top-right menu. The main sections include: ## Profile -\[Dashboard Profile page\](https://dashboard.scalingo.com/account) +[Dashboard Profile page](https://dashboard.scalingo.com/account) Manage your personal details including username, full name, location, company information, and newsletter preferences. @@ -23,7 +23,7 @@ This section displays all legal agreements applicable to your account, whether c ## HDS -\[HDS Profile page\](https://dashboard.scalingo.com/account/hds) +[HDS Profile page](https://dashboard.scalingo.com/account/hds) If you host health data under the French HDS regulations and have signed the HDS annex, this page allows you to view the applicable HDS annexes and manage the designated healthcare data point of contact for your applications. @@ -33,36 +33,36 @@ Reminder: the point of contact information should be reviewed at least every 12 ## Authentication -\[Dashboard Authentication page\](https://dashboard.scalingo.com/account/authentication) +[Dashboard Authentication page](https://dashboard.scalingo.com/account/authentication) This page lets you update the email address associated with your account along with the password and 2FA. -If your account was created using “Sign up with GitHub”, you cannot set a password via this form as no current password exists. Instead, log out and use the \[Forgot your password?\](https://auth.scalingo.com/users/password/new) feature with your GitHub associated email. +If your account was created using “Sign up with GitHub”, you cannot set a password via this form as no current password exists. Instead, log out and use the [Forgot your password?](https://auth.scalingo.com/users/password/new) feature with your GitHub associated email. ## SSH Keys -\[Dashboard SSH keys management page\](https://dashboard.scalingo.com/account/keys) +[Dashboard SSH keys management page](https://dashboard.scalingo.com/account/keys) -SSH keys serve as a means of identifying yourself to Scalingo's git server. Each time a deployment is triggered using the \`git push\` command, your account needs to be authenticated with one of your SSH Keys. +SSH keys serve as a means of identifying yourself to Scalingo's git server. Each time a deployment is triggered using the `git push` command, your account needs to be authenticated with one of your SSH Keys. -\[Learn how to configure your SSH key for your operating system\]({% post\_url platform/getting-started/2000-01-01-troubleshooting-ssh %}) +[Learn how to configure your SSH key for your operating system]({% post_url platform/getting-started/2000-01-01-troubleshooting-ssh %}) ## API Tokens -\[Dashboard API Tokens\](https://dashboard.scalingo.com/account/tokens) +[Dashboard API Tokens](https://dashboard.scalingo.com/account/tokens) This page lists the API tokens linked to your account. They allow you to authenticate with our API to build custom tools and interact with the platform in a programmable way. {% note %} API tokens inherit the exact permissions of your account for each application or database. Currently, it is not possible to restrict the scope or permissions of an individual token. -For improved security, especially in larger organizations, we recommend reviewing our \[security best practices guide\]. +For improved security, especially in larger organizations, we recommend reviewing our [security best practices guide]({% post_url platform/user-management/2000-01-01-guides %}. {% endnote %} -Have a look at our \[API documentation\](https://developers.scalingo.com) to learn how to use them. +Have a look at our [API documentation](https://developers.scalingo.com) to learn how to use them. ## Billing -\[Dashboard Billing page\](https://dashboard.scalingo.com/billing) +[Dashboard Billing page](https://dashboard.scalingo.com/billing) Configure your payment methods in this section. The platform supports 3 methods: @@ -87,7 +87,7 @@ To resolve the issue, you can either add prepaid credit or update your payment m To delete your account, you must first delete or transfer ownership of all your applications, and ensure all outstanding bills are settled. -Then go to the Delete your Scalingo account section on the \[authentication\](https://dashboard.scalingo.com/account/authentication) page and click Delete. A final confirmation will be requested by email. +Then go to the Delete your Scalingo account section on the [authentication](https://dashboard.scalingo.com/account/authentication) page and click Delete. A final confirmation will be requested by email. Your account will be deactivated and marked for deletion. From 0ec05e88a077771078aca0bc1af2bf5dd16a3e27 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Wed, 25 Jun 2025 17:59:18 +0200 Subject: [PATCH 05/18] Fix guide title --- src/_posts/platform/user-management/2000-01-01-collaborators.md | 2 +- src/_posts/platform/user-management/2000-01-01-guides.md | 2 +- .../platform/user-management/2000-01-01-manage-your-account.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/_posts/platform/user-management/2000-01-01-collaborators.md b/src/_posts/platform/user-management/2000-01-01-collaborators.md index a52df73a3..cb1ad93f6 100644 --- a/src/_posts/platform/user-management/2000-01-01-collaborators.md +++ b/src/_posts/platform/user-management/2000-01-01-collaborators.md @@ -1,6 +1,6 @@ --- title: Collaborators -modified_at: 2025-02-07 00:00:00 +modified_at: 2025-06-25 00:00:00 tags: app collaborators order: 1 --- diff --git a/src/_posts/platform/user-management/2000-01-01-guides.md b/src/_posts/platform/user-management/2000-01-01-guides.md index 75f59a8a7..8f8c0673e 100644 --- a/src/_posts/platform/user-management/2000-01-01-guides.md +++ b/src/_posts/platform/user-management/2000-01-01-guides.md @@ -1,5 +1,5 @@ --- -title: Role & Access Management: Recommended Practices by Team Structure +title: Recommended Practices by Team Structure modified_at: 2025-06-25 00:00:00 tags: account order: 5 diff --git a/src/_posts/platform/user-management/2000-01-01-manage-your-account.md b/src/_posts/platform/user-management/2000-01-01-manage-your-account.md index 2e82a51e5..3fb7955d2 100644 --- a/src/_posts/platform/user-management/2000-01-01-manage-your-account.md +++ b/src/_posts/platform/user-management/2000-01-01-manage-your-account.md @@ -1,6 +1,6 @@ --- title: Manage your Account -modified_at: 2024-06-20 00:00:00 +modified_at: 2025-06-25 00:00:00 tags: account order: 2 --- From 09fbd21fbf96cdbf9fb6a01eac8cf1b37676ad36 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Wed, 25 Jun 2025 18:06:08 +0200 Subject: [PATCH 06/18] fix links end --- .../user-management/2000-01-01-manage-collaborators.md | 2 +- .../user-management/2000-01-01-manage-your-account.md | 2 +- src/_posts/platform/user-management/2000-01-01-roles.md | 2 +- .../user-management/2000-01-01-user-management.md | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md b/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md index ac3dd5b9e..b81f6d6b7 100644 --- a/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md +++ b/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md @@ -11,7 +11,7 @@ Inviting collaborators enables you to share access to specific applications whil Granting collaborator access should be done with care. While collaborators cannot delete an application, they still hold sufficient privileges to modify configurations, deploy new code, or scale resources. These actions can impact the stability or availability of your services. {% endnote %} -When inviting a new collaborator, it is essential to assign them the appropriate role based on their responsibilities. [Roles]({% post_url platform/user-management/2000-01-01-roles %} define the level of access and actions a user can perform on your applications and databases. +When inviting a new collaborator, it is essential to assign them the appropriate role based on their responsibilities. [Roles]({% post_url platform/user-management/2000-01-01-roles %}) define the level of access and actions a user can perform on your applications and databases. @import https://doc.scalingo.com/platform/app/collaborators#managing-collaborators diff --git a/src/_posts/platform/user-management/2000-01-01-manage-your-account.md b/src/_posts/platform/user-management/2000-01-01-manage-your-account.md index 3fb7955d2..e573267bd 100644 --- a/src/_posts/platform/user-management/2000-01-01-manage-your-account.md +++ b/src/_posts/platform/user-management/2000-01-01-manage-your-account.md @@ -55,7 +55,7 @@ This page lists the API tokens linked to your account. They allow you to authent {% note %} API tokens inherit the exact permissions of your account for each application or database. Currently, it is not possible to restrict the scope or permissions of an individual token. -For improved security, especially in larger organizations, we recommend reviewing our [security best practices guide]({% post_url platform/user-management/2000-01-01-guides %}. +For improved security, especially in larger organizations, we recommend reviewing our [security best practices guide]({% post_url platform/user-management/2000-01-01-guides %}). {% endnote %} Have a look at our [API documentation](https://developers.scalingo.com) to learn how to use them. diff --git a/src/_posts/platform/user-management/2000-01-01-roles.md b/src/_posts/platform/user-management/2000-01-01-roles.md index 5f8614c55..f7552176e 100644 --- a/src/_posts/platform/user-management/2000-01-01-roles.md +++ b/src/_posts/platform/user-management/2000-01-01-roles.md @@ -24,7 +24,7 @@ The following table helps compare roles. **Limited Collaborator** is the safest This table provides a simplified overview of the main permissions associated with each role. For a complete list of access rights please refer to the full permissions matrix. {% note %} -For improved security, especially in larger organizations, we recommend reviewing our [security best practices guide]({% post_url platform/user-management/2000-01-01-guides %}. +For improved security, especially in larger organizations, we recommend reviewing our [security best practices guide]({% post_url platform/user-management/2000-01-01-guides %}). {% endnote %} ## Owner diff --git a/src/_posts/platform/user-management/2000-01-01-user-management.md b/src/_posts/platform/user-management/2000-01-01-user-management.md index 9cffd8957..b593e0956 100644 --- a/src/_posts/platform/user-management/2000-01-01-user-management.md +++ b/src/_posts/platform/user-management/2000-01-01-user-management.md @@ -10,7 +10,7 @@ Scalingo allows you to easily collaborate with others while maintaining full con Each user account is sovereign and independent. It can be used to create and manage applications, provision databases, define a payment method, download invoices, and access detailed consumption reports. This section will help you understand how to: -- Manage your personal user account]({% post_url platform/user-management/2000-01-01-manage-your-account %} -- Manage your collaborators]({% post_url platform/user-management/2000-01-01-manage-collaborators %} -- [Understand the different user roles and their permissions]({% post_url platform/user-management/2000-01-01-roles %} -- [Leverage collaborators efficiently based on your organization’s structure]({% post_url platform/user-management/2000-01-01-guides %} +* [Manage your personal user account]({% post_url platform/user-management/2000-01-01-manage-your-account %}) +* [Manage your collaborators]({% post_url platform/user-management/2000-01-01-manage-collaborators %}) +* [Understand the different user roles and their permissions]({% post_url platform/user-management/2000-01-01-roles %}) +* [Leverage collaborators efficiently based on your organization’s structure]({% post_url platform/user-management/2000-01-01-guides %}) From 0f692e9adfdef9e7b88ff23329f51dee60e18973 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Wed, 25 Jun 2025 18:08:15 +0200 Subject: [PATCH 07/18] Fix page order --- .../2000-01-01-collaborators.md | 67 ++----------------- .../2000-01-01-manage-collaborators.md | 60 ++++++++++++++++- 2 files changed, 66 insertions(+), 61 deletions(-) diff --git a/src/_posts/platform/user-management/2000-01-01-collaborators.md b/src/_posts/platform/user-management/2000-01-01-collaborators.md index cb1ad93f6..3f1e96bda 100644 --- a/src/_posts/platform/user-management/2000-01-01-collaborators.md +++ b/src/_posts/platform/user-management/2000-01-01-collaborators.md @@ -2,9 +2,15 @@ title: Collaborators modified_at: 2025-06-25 00:00:00 tags: app collaborators -order: 1 +order: 7 --- + + + +A SUPPRIMER + + Collaborators is a feature allowing the owner of an app to invite other Scalingo accounts to team up and work jointly on the app. An app can have as many collaborators as needed. An owner of an app can also [transfer the ownership of the app]({% post_url platform/app/2000-01-01-lifecycle-management %}#transfer-ownership-of-an-app) to a collaborator. @@ -33,62 +39,3 @@ Collaborators can't: - Rename the application - Transfer the ownership of the application to another user -## Managing Collaborators - -### Listing all Collaborators - -Using the Dashboard: -- Go to the **Collaborators** tab -- If you already have collaborators, you'll see a consolidated list of all users collaborating on your apps, along with their 2FA status -- You can click on the **Group by Apps** toggle to display a tree view of your apps and their associated collaborators. For now, only applications with collaborators are displayed there - -### Listing Collaborators of an app - -Using the dashboard: -- Go to your application dashboard -- Go to **Settings** tab -- You will automatically be taken to the collaborators menu - -Using the Command Line -```shell -scalingo --app my-app collaborators -``` - -### Adding a Collaborator - -{% note %} -While the main Collaborators page provides a consolidated list, collaborators are managed individually for each application. -{% endnote %} - -Using the Dashboard - -- Go to your application that needs a new collaborator -- Go to the Settings tab -- You will automatically be taken to the Collaborators menu -- Click on the Add button -- Add the required collaborator email -- You will now see the collaborator in light grey in the table. -- The collaborator will receive an email to join the collaboration (and subscribe to Scalingo if required). -- Once done, you will see the collaborator in black. - -Using the Command Line - -```shell -scalingo --app my-app collaborators-add user@example.com -``` - -### Removing a Collaborator - -Using the Dashboard - -- Go to your application that needs a new collaborator -- Go to the Settings tab -- You will automatically be taken to the Collaborators menu -- Click on the trash can corresponding to the collaborator's mail -- Validate in the pop-up - -Using the Command Line - -```shell -scalingo --app my-app collaborators-remove user@example.com -``` diff --git a/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md b/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md index b81f6d6b7..0ba2eeeab 100644 --- a/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md +++ b/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md @@ -13,7 +13,65 @@ Granting collaborator access should be done with care. While collaborators canno When inviting a new collaborator, it is essential to assign them the appropriate role based on their responsibilities. [Roles]({% post_url platform/user-management/2000-01-01-roles %}) define the level of access and actions a user can perform on your applications and databases. -@import https://doc.scalingo.com/platform/app/collaborators#managing-collaborators +## Managing Collaborators + +### Listing all Collaborators + +Using the Dashboard: +- Go to the **Collaborators** tab +- If you already have collaborators, you'll see a consolidated list of all users collaborating on your apps, along with their 2FA status +- You can click on the **Group by Apps** toggle to display a tree view of your apps and their associated collaborators. For now, only applications with collaborators are displayed there + +### Listing Collaborators of an app + +Using the dashboard: +- Go to your application dashboard +- Go to **Settings** tab +- You will automatically be taken to the collaborators menu + +Using the Command Line +```shell +scalingo --app my-app collaborators +``` + +### Adding a Collaborator + +{% note %} +While the main Collaborators page provides a consolidated list, collaborators are managed individually for each application. +{% endnote %} + +Using the Dashboard + +- Go to your application that needs a new collaborator +- Go to the Settings tab +- You will automatically be taken to the Collaborators menu +- Click on the Add button +- Add the required collaborator email +- You will now see the collaborator in light grey in the table. +- The collaborator will receive an email to join the collaboration (and subscribe to Scalingo if required). +- Once done, you will see the collaborator in black. + +Using the Command Line + +```shell +scalingo --app my-app collaborators-add user@example.com +``` + +### Removing a Collaborator + +Using the Dashboard + +- Go to your application that needs a new collaborator +- Go to the Settings tab +- You will automatically be taken to the Collaborators menu +- Click on the trash can corresponding to the collaborator's mail +- Validate in the pop-up + +Using the Command Line + +```shell +scalingo --app my-app collaborators-remove user@example.com +``` When you remove permissions from a user, environment variables and other credentials are not changed. Users can still directly access services if they know the service credentials. To fully revoke access, make sure to rotate all relevant secrets, such as database passwords and API tokens. From 53c3c3014b018f802c85a78f779f3589e581c4ec Mon Sep 17 00:00:00 2001 From: Benjamin Date: Wed, 25 Jun 2025 18:13:43 +0200 Subject: [PATCH 08/18] Remove the old collaborators page --- .../2000-01-01-collaborators.md | 41 ------------------- .../2025-02-07-2FA-status-of-collaborators.md | 4 +- 2 files changed, 2 insertions(+), 43 deletions(-) delete mode 100644 src/_posts/platform/user-management/2000-01-01-collaborators.md diff --git a/src/_posts/platform/user-management/2000-01-01-collaborators.md b/src/_posts/platform/user-management/2000-01-01-collaborators.md deleted file mode 100644 index 3f1e96bda..000000000 --- a/src/_posts/platform/user-management/2000-01-01-collaborators.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Collaborators -modified_at: 2025-06-25 00:00:00 -tags: app collaborators -order: 7 ---- - - - - -A SUPPRIMER - - -Collaborators is a feature allowing the owner of an app to invite other Scalingo accounts to team up and work jointly on the app. An app can have as many collaborators as needed. - -An owner of an app can also [transfer the ownership of the app]({% post_url platform/app/2000-01-01-lifecycle-management %}#transfer-ownership-of-an-app) to a collaborator. - -{% note %} -Delegating rights to collaborators should be done with caution. While collaborators can't delete the application, they still have sufficient rights to potentially disrupt the activities or businesses that depend on it. -{% endnote %} - -## Understanding Collaborators Rights - -Collaborators can: - -- Trigger deployments -- Manage containers (scale up and down, both horizontally and vertically) -- Manage addons (create, delete, change plan) -- View logs -- Access [Review Apps]({% post_url platform/app/2000-01-01-review-apps %}) -- View metrics -- View activity -- Access the DB Dashboard(s) -- Manage other collaborators (invite, remove) - -Collaborators can't: - -- Delete the application -- Rename the application -- Transfer the ownership of the application to another user - diff --git a/src/changelog/dashboard/_posts/2025-02-07-2FA-status-of-collaborators.md b/src/changelog/dashboard/_posts/2025-02-07-2FA-status-of-collaborators.md index 6c91e04e4..500a9a950 100644 --- a/src/changelog/dashboard/_posts/2025-02-07-2FA-status-of-collaborators.md +++ b/src/changelog/dashboard/_posts/2025-02-07-2FA-status-of-collaborators.md @@ -3,7 +3,7 @@ modified_at: 2025-02-07 11:00:00 title: 'Collaborators Page - View and Export 2FA Status' --- -We have added a new feature to the [Collaborators]({% post_url platform/app/2000-01-01-collaborators %}) page, allowing you to see whether your collaborators have enabled **Two-Factor Authentication (2FA)**. +We have added a new feature to the [Collaborators]({% post_url platform/app/platform/user-management/2000-01-01-user-management %}) page, allowing you to see whether your collaborators have enabled **Two-Factor Authentication (2FA)**. ### What’s new? - Each collaborator’s **2FA status** is now displayed on the **Collaborators** page. @@ -11,4 +11,4 @@ We have added a new feature to the [Collaborators]({% post_url platform/app/2000 This new feature helps you assess the security level of your applications and reach out to collaborators who need to improve their security settings. -[See related documentation]({% post_url platform/app/2000-01-01-collaborators %}) +[See related documentation]({% post_url platform/app/platform/user-management/2000-01-01-user-management %}) From 9124afd68527947c0034802db4c896791dad73d0 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 26 Jun 2025 09:45:28 +0200 Subject: [PATCH 09/18] Update tags and index --- src/_posts/platform/user-management/2000-01-01-guides.md | 4 ++-- .../user-management/2000-01-01-manage-collaborators.md | 4 ++-- .../user-management/2000-01-01-manage-your-account.md | 4 ++-- src/_posts/platform/user-management/2000-01-01-roles.md | 4 ++-- .../platform/user-management/2000-01-01-user-management.md | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/_posts/platform/user-management/2000-01-01-guides.md b/src/_posts/platform/user-management/2000-01-01-guides.md index 8f8c0673e..4972aebc0 100644 --- a/src/_posts/platform/user-management/2000-01-01-guides.md +++ b/src/_posts/platform/user-management/2000-01-01-guides.md @@ -1,8 +1,8 @@ --- title: Recommended Practices by Team Structure modified_at: 2025-06-25 00:00:00 -tags: account -order: 5 +tags: user team role collaborator security +index: 5 --- This guide outlines recommended practices for managing roles, collaborators, and security settings on Scalingo, depending on your team’s size and structure. While Scalingo keeps access control simple, using roles strategically will help you balance collaboration with operational security. diff --git a/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md b/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md index 0ba2eeeab..09fa6e9e0 100644 --- a/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md +++ b/src/_posts/platform/user-management/2000-01-01-manage-collaborators.md @@ -1,8 +1,8 @@ --- title: Manage Collaborators modified_at: 2025-06-25 00:00:00 -tags: app collaborators -order: 3 +tags: app collaborator +index: 3 --- Inviting collaborators enables you to share access to specific applications while preserving full control and accountability. This feature is designed to support seamless teamwork from development to production. diff --git a/src/_posts/platform/user-management/2000-01-01-manage-your-account.md b/src/_posts/platform/user-management/2000-01-01-manage-your-account.md index e573267bd..653c0ac62 100644 --- a/src/_posts/platform/user-management/2000-01-01-manage-your-account.md +++ b/src/_posts/platform/user-management/2000-01-01-manage-your-account.md @@ -1,8 +1,8 @@ --- title: Manage your Account modified_at: 2025-06-25 00:00:00 -tags: account -order: 2 +tags: account profile tokens delete +index: 2 --- Your personal Scalingo account enables you to create applications and databases, which are billed based on your resource usage on the associated payment method. diff --git a/src/_posts/platform/user-management/2000-01-01-roles.md b/src/_posts/platform/user-management/2000-01-01-roles.md index f7552176e..101fa13ba 100644 --- a/src/_posts/platform/user-management/2000-01-01-roles.md +++ b/src/_posts/platform/user-management/2000-01-01-roles.md @@ -1,8 +1,8 @@ --- title: Roles modified_at: 2025-06-25 00:00:00 -tags: account -order: 4 +tags: user role permission collaborator +index: 4 --- Scalingo provides three predefined roles to help you adapt permissions to the level of responsibility you want to delegate to your collaborators: diff --git a/src/_posts/platform/user-management/2000-01-01-user-management.md b/src/_posts/platform/user-management/2000-01-01-user-management.md index b593e0956..7ead1a074 100644 --- a/src/_posts/platform/user-management/2000-01-01-user-management.md +++ b/src/_posts/platform/user-management/2000-01-01-user-management.md @@ -1,8 +1,8 @@ --- title: User and Access Management modified_at: 2025-06-25 00:00:00 -tags: account -order: 1 +tags: account user access +index: 1 --- Scalingo allows you to easily collaborate with others while maintaining full control over your applications, databases and environments. From b79e018b7eeeacbe61932d293984b9e848b449cd Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 26 Jun 2025 10:00:52 +0200 Subject: [PATCH 10/18] Shrink table header and change the guide page title --- src/_posts/platform/user-management/2000-01-01-guides.md | 2 +- src/_posts/platform/user-management/2000-01-01-roles.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_posts/platform/user-management/2000-01-01-guides.md b/src/_posts/platform/user-management/2000-01-01-guides.md index 4972aebc0..eeb806a76 100644 --- a/src/_posts/platform/user-management/2000-01-01-guides.md +++ b/src/_posts/platform/user-management/2000-01-01-guides.md @@ -1,5 +1,5 @@ --- -title: Recommended Practices by Team Structure +title: Recommended Role Usage by Team Size modified_at: 2025-06-25 00:00:00 tags: user team role collaborator security index: 5 diff --git a/src/_posts/platform/user-management/2000-01-01-roles.md b/src/_posts/platform/user-management/2000-01-01-roles.md index 101fa13ba..d55425d68 100644 --- a/src/_posts/platform/user-management/2000-01-01-roles.md +++ b/src/_posts/platform/user-management/2000-01-01-roles.md @@ -15,7 +15,7 @@ Scalingo provides three predefined roles to help you adapt permissions to the le The following table helps compare roles. **Limited Collaborator** is the safest default for new users. -| Role | Admin Control (delete/transfer) | App Configuration | Deployment | Add-ons Management | Collaborator Management | Access to Data & Secrets | +| Role | Admin Control | App Configuration | Deployment | Add-ons Management | Collaborator Management | Access Data & Secrets | | :---- | :---- | :---- | :---- | :---- | :---- | :---- | | Owner | ✅ Full | ✅ Full | ✅ Full | ✅ Ful | ✅ Full | ✅ Full | | Collaborator | 🚫 None | ✅ Full | ✅ Full | ✅ Full | ✅ Full | ✅ Full | From 439bf25a4cb333365c339d38bd7760759435e3c0 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 26 Jun 2025 10:09:06 +0200 Subject: [PATCH 11/18] Add the Referral Program page --- .../internals/2000-01-01-referrals.md | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 src/_posts/platform/internals/2000-01-01-referrals.md diff --git a/src/_posts/platform/internals/2000-01-01-referrals.md b/src/_posts/platform/internals/2000-01-01-referrals.md new file mode 100644 index 000000000..da292a27f --- /dev/null +++ b/src/_posts/platform/internals/2000-01-01-referrals.md @@ -0,0 +1,20 @@ +--- +title: Referral Program +modified_at: 2025-06-26 00:00:00 +tags: referral +--- + +Scalingo offers a referral program that allows users to earn credits by inviting others to the platform. + +## How It Works + +* Referral Link: Each user has a unique [referral link](https://dashboard.scalingo.com/account/referrals) available in their dashboard. +* Earnings: When someone signs up using your referral link and becomes a paying customer, you receive 20% of their monthly usage as credits. +* Duration: This benefit lasts for 12 months from the referred user’s account creation date. +* Credit application: Earned credits are automatically applied to your future invoices. + +## Tracking Referrals + +You can monitor your referral statistics, including the number of sign-ups and credits earned, directly from the [referral section](https://dashboard.scalingo.com/account/referrals) in your dashboard. + +For more details, refer to the [original blog post](https://scalingo.com/blog/recommend-scalingo-to-your-friends-and-save-money). From 37cd5047efe42263e5150fddff8f2e87de1ea10c Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 26 Jun 2025 14:18:46 +0200 Subject: [PATCH 12/18] Dedicated section for the user account --- src/_posts/platform/2000-01-01-account.md | 3 +++ .../platform/2000-01-01-user-management.md | 2 +- .../platform/account/2000-01-01-account.md | 18 ++++++++++++++++++ .../2000-01-01-manage-your-account.md | 0 .../2001-01-01-consumption-reports.md} | 1 + .../2002-01-01-billing.md} | 1 + .../2009-01-01-referrals.md} | 1 + .../2000-01-01-user-management.md | 7 ++++--- .../2023-11-02-consumption-reports.markdown | 2 +- 9 files changed, 30 insertions(+), 5 deletions(-) create mode 100644 src/_posts/platform/2000-01-01-account.md create mode 100644 src/_posts/platform/account/2000-01-01-account.md rename src/_posts/platform/{user-management => account}/2000-01-01-manage-your-account.md (100%) rename src/_posts/platform/{internals/2000-01-01-consumption-reports.md => account/2001-01-01-consumption-reports.md} (99%) rename src/_posts/platform/{internals/2000-01-01-billing.md => account/2002-01-01-billing.md} (99%) rename src/_posts/platform/{internals/2000-01-01-referrals.md => account/2009-01-01-referrals.md} (99%) diff --git a/src/_posts/platform/2000-01-01-account.md b/src/_posts/platform/2000-01-01-account.md new file mode 100644 index 000000000..28cbeee7c --- /dev/null +++ b/src/_posts/platform/2000-01-01-account.md @@ -0,0 +1,3 @@ +--- +index: 6 +--- diff --git a/src/_posts/platform/2000-01-01-user-management.md b/src/_posts/platform/2000-01-01-user-management.md index 28cbeee7c..15cb24535 100644 --- a/src/_posts/platform/2000-01-01-user-management.md +++ b/src/_posts/platform/2000-01-01-user-management.md @@ -1,3 +1,3 @@ --- -index: 6 +index: 7 --- diff --git a/src/_posts/platform/account/2000-01-01-account.md b/src/_posts/platform/account/2000-01-01-account.md new file mode 100644 index 000000000..5e30c9fa6 --- /dev/null +++ b/src/_posts/platform/account/2000-01-01-account.md @@ -0,0 +1,18 @@ +--- +title: Scalingo Account +modified_at: 2025-06-25 00:00:00 +tags: account profile tokens delete +index: 1 +--- + +Each user account is sovereign and independent. It can be used to create and manage applications, provision databases, define a payment method, download invoices, and access detailed consumption reports. + +This section will help you: +* [Manage your personal account]({% post_url platform/account/2000-01-01-manage-collaborators %}) +* [Follow your consumption report]({% post_url platform/account/2001-01-01-consumption-reports %}) +* [Create or update your billing profile]({% post_url platform/account/2000-01-01-billing %}) +* [Earn credits with our referral program]({% post_url platform/account/2009-01-01-referrals %}) + +{% note %} +Looking to manage access for your team or external contributors? Go to [Manage your collaborators]({% post_url platform/user-management/2000-01-01-user-management %}). +{% endnote %} diff --git a/src/_posts/platform/user-management/2000-01-01-manage-your-account.md b/src/_posts/platform/account/2000-01-01-manage-your-account.md similarity index 100% rename from src/_posts/platform/user-management/2000-01-01-manage-your-account.md rename to src/_posts/platform/account/2000-01-01-manage-your-account.md diff --git a/src/_posts/platform/internals/2000-01-01-consumption-reports.md b/src/_posts/platform/account/2001-01-01-consumption-reports.md similarity index 99% rename from src/_posts/platform/internals/2000-01-01-consumption-reports.md rename to src/_posts/platform/account/2001-01-01-consumption-reports.md index 62a9f2d8f..7635a0686 100644 --- a/src/_posts/platform/internals/2000-01-01-consumption-reports.md +++ b/src/_posts/platform/account/2001-01-01-consumption-reports.md @@ -2,6 +2,7 @@ title: Consumption Reports modified_at: 2023-11-02 12:00:00 tags: billing consumption report +index: 3 --- ## Your consumption report diff --git a/src/_posts/platform/internals/2000-01-01-billing.md b/src/_posts/platform/account/2002-01-01-billing.md similarity index 99% rename from src/_posts/platform/internals/2000-01-01-billing.md rename to src/_posts/platform/account/2002-01-01-billing.md index 0006d611f..d4f7d30a0 100644 --- a/src/_posts/platform/internals/2000-01-01-billing.md +++ b/src/_posts/platform/account/2002-01-01-billing.md @@ -2,6 +2,7 @@ title: Billing modified_at: 2023-03-21 00:00:00 tags: billing +index: 4 --- ## Fill the Billing Profile diff --git a/src/_posts/platform/internals/2000-01-01-referrals.md b/src/_posts/platform/account/2009-01-01-referrals.md similarity index 99% rename from src/_posts/platform/internals/2000-01-01-referrals.md rename to src/_posts/platform/account/2009-01-01-referrals.md index da292a27f..446a8d3ae 100644 --- a/src/_posts/platform/internals/2000-01-01-referrals.md +++ b/src/_posts/platform/account/2009-01-01-referrals.md @@ -2,6 +2,7 @@ title: Referral Program modified_at: 2025-06-26 00:00:00 tags: referral +index: 99 --- Scalingo offers a referral program that allows users to earn credits by inviting others to the platform. diff --git a/src/_posts/platform/user-management/2000-01-01-user-management.md b/src/_posts/platform/user-management/2000-01-01-user-management.md index 7ead1a074..a80cd6176 100644 --- a/src/_posts/platform/user-management/2000-01-01-user-management.md +++ b/src/_posts/platform/user-management/2000-01-01-user-management.md @@ -7,10 +7,11 @@ index: 1 Scalingo allows you to easily collaborate with others while maintaining full control over your applications, databases and environments. -Each user account is sovereign and independent. It can be used to create and manage applications, provision databases, define a payment method, download invoices, and access detailed consumption reports. - This section will help you understand how to: -* [Manage your personal user account]({% post_url platform/user-management/2000-01-01-manage-your-account %}) * [Manage your collaborators]({% post_url platform/user-management/2000-01-01-manage-collaborators %}) * [Understand the different user roles and their permissions]({% post_url platform/user-management/2000-01-01-roles %}) * [Leverage collaborators efficiently based on your organization’s structure]({% post_url platform/user-management/2000-01-01-guides %}) + +{% note %} +Need to update your personal settings ? Head over to [Manage your personal user account]({% post_url platform/account/2000-01-01-manage-your-account %}). +{% endnote %} diff --git a/src/changelog/dashboard/_posts/2023-11-02-consumption-reports.markdown b/src/changelog/dashboard/_posts/2023-11-02-consumption-reports.markdown index 32b578d49..63b5c5467 100644 --- a/src/changelog/dashboard/_posts/2023-11-02-consumption-reports.markdown +++ b/src/changelog/dashboard/_posts/2023-11-02-consumption-reports.markdown @@ -7,4 +7,4 @@ title: 'Consumption Reports are available in the dashboard!' * Browse consumption reports for the current and previous billing periods * The current month's report is updated daily at midnight. -[See related documentation](https://doc.scalingo.com/platform/internals/consumption-reports) +[See related documentation](https://doc.scalingo.com/platform/account/consumption-reports) From a7a58191a553c23768954cc9896736ff4091f1a5 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 26 Jun 2025 14:24:33 +0200 Subject: [PATCH 13/18] Fix links and page name --- src/_posts/platform/account/2000-01-01-account.md | 4 ++-- .../account/{2002-01-01-billing.md => 2000-01-01-billing.md} | 0 ...nsumption-reports.md => 2000-01-01-consumption-reports.md} | 0 .../{2009-01-01-referrals.md => 2000-01-01-referrals.md} | 0 4 files changed, 2 insertions(+), 2 deletions(-) rename src/_posts/platform/account/{2002-01-01-billing.md => 2000-01-01-billing.md} (100%) rename src/_posts/platform/account/{2001-01-01-consumption-reports.md => 2000-01-01-consumption-reports.md} (100%) rename src/_posts/platform/account/{2009-01-01-referrals.md => 2000-01-01-referrals.md} (100%) diff --git a/src/_posts/platform/account/2000-01-01-account.md b/src/_posts/platform/account/2000-01-01-account.md index 5e30c9fa6..fcab3fec3 100644 --- a/src/_posts/platform/account/2000-01-01-account.md +++ b/src/_posts/platform/account/2000-01-01-account.md @@ -9,9 +9,9 @@ Each user account is sovereign and independent. It can be used to create and man This section will help you: * [Manage your personal account]({% post_url platform/account/2000-01-01-manage-collaborators %}) -* [Follow your consumption report]({% post_url platform/account/2001-01-01-consumption-reports %}) +* [Follow your consumption report]({% post_url platform/account/2000-01-01-consumption-reports %}) * [Create or update your billing profile]({% post_url platform/account/2000-01-01-billing %}) -* [Earn credits with our referral program]({% post_url platform/account/2009-01-01-referrals %}) +* [Earn credits with our referral program]({% post_url platform/account/2000-01-01-referrals %}) {% note %} Looking to manage access for your team or external contributors? Go to [Manage your collaborators]({% post_url platform/user-management/2000-01-01-user-management %}). diff --git a/src/_posts/platform/account/2002-01-01-billing.md b/src/_posts/platform/account/2000-01-01-billing.md similarity index 100% rename from src/_posts/platform/account/2002-01-01-billing.md rename to src/_posts/platform/account/2000-01-01-billing.md diff --git a/src/_posts/platform/account/2001-01-01-consumption-reports.md b/src/_posts/platform/account/2000-01-01-consumption-reports.md similarity index 100% rename from src/_posts/platform/account/2001-01-01-consumption-reports.md rename to src/_posts/platform/account/2000-01-01-consumption-reports.md diff --git a/src/_posts/platform/account/2009-01-01-referrals.md b/src/_posts/platform/account/2000-01-01-referrals.md similarity index 100% rename from src/_posts/platform/account/2009-01-01-referrals.md rename to src/_posts/platform/account/2000-01-01-referrals.md From 49b5754d78f432b3014c33479457f64a02640f72 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 26 Jun 2025 14:31:51 +0200 Subject: [PATCH 14/18] Fix a link and add redirections --- redirections.yml | 15 +++++++++++++++ src/_posts/platform/account/2000-01-01-account.md | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/redirections.yml b/redirections.yml index 2f29146cd..a7b2bb006 100644 --- a/redirections.yml +++ b/redirections.yml @@ -684,6 +684,21 @@ - old: "/databases/postgresql/postgresql-anonymizer" new: "/databases/postgresql/guides/postgresql-anonymizer" + - old: "/platform/internals/billing" + new: "/platform/account/billing" + + - old: "/platform/internals/consumption-reports" + new: "/platform/account/consumption-reports" + + - old: "/platform/account/manage#referrals" + new: "/platform/account/referrals" + + - old: "/platform/account/manage/" + new: "/platform/account/manage-your-account" + + - old: "/platform/account/manage#billing" + new: "/platform/account/manage-your-account#billing" + obsolete: - "/how-to-migrate-from-cloudcontrol/" - "/how-to-migrate-from-shelly-cloud/" diff --git a/src/_posts/platform/account/2000-01-01-account.md b/src/_posts/platform/account/2000-01-01-account.md index fcab3fec3..c970dc390 100644 --- a/src/_posts/platform/account/2000-01-01-account.md +++ b/src/_posts/platform/account/2000-01-01-account.md @@ -8,7 +8,7 @@ index: 1 Each user account is sovereign and independent. It can be used to create and manage applications, provision databases, define a payment method, download invoices, and access detailed consumption reports. This section will help you: -* [Manage your personal account]({% post_url platform/account/2000-01-01-manage-collaborators %}) +* [Manage your personal account]({% post_url platform/account/2000-01-01-account %}) * [Follow your consumption report]({% post_url platform/account/2000-01-01-consumption-reports %}) * [Create or update your billing profile]({% post_url platform/account/2000-01-01-billing %}) * [Earn credits with our referral program]({% post_url platform/account/2000-01-01-referrals %}) From ed31d79db6a63ad263cdb8f4aa7014c5fcbfd292 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 26 Jun 2025 14:41:17 +0200 Subject: [PATCH 15/18] Fix links --- src/_posts/platform/account/2000-01-01-account.md | 4 ++-- .../_posts/2025-02-07-2FA-status-of-collaborators.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/_posts/platform/account/2000-01-01-account.md b/src/_posts/platform/account/2000-01-01-account.md index c970dc390..8742bada0 100644 --- a/src/_posts/platform/account/2000-01-01-account.md +++ b/src/_posts/platform/account/2000-01-01-account.md @@ -8,11 +8,11 @@ index: 1 Each user account is sovereign and independent. It can be used to create and manage applications, provision databases, define a payment method, download invoices, and access detailed consumption reports. This section will help you: -* [Manage your personal account]({% post_url platform/account/2000-01-01-account %}) +* [Manage your personal account]({% post_url platform/account/2000-01-01-manage-your-account %}) * [Follow your consumption report]({% post_url platform/account/2000-01-01-consumption-reports %}) * [Create or update your billing profile]({% post_url platform/account/2000-01-01-billing %}) * [Earn credits with our referral program]({% post_url platform/account/2000-01-01-referrals %}) -{% note %} +{% note %} Looking to manage access for your team or external contributors? Go to [Manage your collaborators]({% post_url platform/user-management/2000-01-01-user-management %}). {% endnote %} diff --git a/src/changelog/dashboard/_posts/2025-02-07-2FA-status-of-collaborators.md b/src/changelog/dashboard/_posts/2025-02-07-2FA-status-of-collaborators.md index 500a9a950..d9b201a58 100644 --- a/src/changelog/dashboard/_posts/2025-02-07-2FA-status-of-collaborators.md +++ b/src/changelog/dashboard/_posts/2025-02-07-2FA-status-of-collaborators.md @@ -3,7 +3,7 @@ modified_at: 2025-02-07 11:00:00 title: 'Collaborators Page - View and Export 2FA Status' --- -We have added a new feature to the [Collaborators]({% post_url platform/app/platform/user-management/2000-01-01-user-management %}) page, allowing you to see whether your collaborators have enabled **Two-Factor Authentication (2FA)**. +We have added a new feature to the [Collaborators]({% post_url /platform/user-management/2000-01-01-user-management %}) page, allowing you to see whether your collaborators have enabled **Two-Factor Authentication (2FA)**. ### What’s new? - Each collaborator’s **2FA status** is now displayed on the **Collaborators** page. @@ -11,4 +11,4 @@ We have added a new feature to the [Collaborators]({% post_url platform/app/plat This new feature helps you assess the security level of your applications and reach out to collaborators who need to improve their security settings. -[See related documentation]({% post_url platform/app/platform/user-management/2000-01-01-user-management %}) +[See related documentation]({% post_url /platform/user-management/2000-01-01-user-management %}) From 5925daba68422acb4428ddedb8a9345ad5804932 Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 26 Jun 2025 14:43:23 +0200 Subject: [PATCH 16/18] update guide content --- src/_posts/platform/user-management/2000-01-01-guides.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/_posts/platform/user-management/2000-01-01-guides.md b/src/_posts/platform/user-management/2000-01-01-guides.md index eeb806a76..aee51d757 100644 --- a/src/_posts/platform/user-management/2000-01-01-guides.md +++ b/src/_posts/platform/user-management/2000-01-01-guides.md @@ -40,7 +40,7 @@ Recommendations: * Apply the same role split as in mid-sized teams: Collaborator for leads, Limited Collaborator for developers. * Use a specific and dedicated Service Account to scope API tokens to a given application and ensure better isolation between apps. -## API Tokens: Per-App Scoped Access +## Per-App Scoped API Tokens Since API tokens inherit all the permissions of the user account they are generated from, we recommend using a dedicated service account when you need application-scoped API access. Add this service account as a Collaborator on the specific application only, and generate API tokens from it. From 4e4a42277f25162df332ab520e662e8b679fbc4a Mon Sep 17 00:00:00 2001 From: Benjamin Date: Thu, 26 Jun 2025 14:55:46 +0200 Subject: [PATCH 17/18] Fix one more link --- .../platform/user-management/2000-01-01-user-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/_posts/platform/user-management/2000-01-01-user-management.md b/src/_posts/platform/user-management/2000-01-01-user-management.md index a80cd6176..e2acb9cbf 100644 --- a/src/_posts/platform/user-management/2000-01-01-user-management.md +++ b/src/_posts/platform/user-management/2000-01-01-user-management.md @@ -13,5 +13,5 @@ This section will help you understand how to: * [Leverage collaborators efficiently based on your organization’s structure]({% post_url platform/user-management/2000-01-01-guides %}) {% note %} -Need to update your personal settings ? Head over to [Manage your personal user account]({% post_url platform/account/2000-01-01-manage-your-account %}). +Need to update your personal settings ? Head over to [Manage your personal user account]({% post_url platform/account/2000-01-01-account %}). {% endnote %} From a891509f41f7d91089b89dd9efa5a3935514ffaf Mon Sep 17 00:00:00 2001 From: Benjamin Date: Fri, 27 Jun 2025 14:40:29 +0200 Subject: [PATCH 18/18] Update the guide so that it is better aligned with the future blog post. --- .../platform/user-management/2000-01-01-guides.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/_posts/platform/user-management/2000-01-01-guides.md b/src/_posts/platform/user-management/2000-01-01-guides.md index aee51d757..2b4d6955f 100644 --- a/src/_posts/platform/user-management/2000-01-01-guides.md +++ b/src/_posts/platform/user-management/2000-01-01-guides.md @@ -7,6 +7,8 @@ index: 5 This guide outlines recommended practices for managing roles, collaborators, and security settings on Scalingo, depending on your team’s size and structure. While Scalingo keeps access control simple, using roles strategically will help you balance collaboration with operational security. +Our access management guidelines follow the principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege). Collaborators should only have the permissions strictly necessary for their responsibilities. + ## Small Teams Structure example: A CTO or lead developer, and a few developers. @@ -51,7 +53,10 @@ This ensures that the token has access exclusively to the intended application, Although 2FA cannot be enforced globally on Scalingo, you can view each collaborator’s 2FA status from the [Collaborators page](https://dashboard.scalingo.com/collaborators) of your Scalingo dashboard. -Recommendations: +## Regular Access Reviews + +Access rights tend to evolve over time, and it’s easy to overlook outdated or excessive permissions. We recommend conducting regular access reviews to ensure that each collaborator still has the appropriate role based on their current responsibilities. This also helps identify inactive accounts or permissions that should be revoked. + +Regular reviews help maintain the principle of least privilege and reduce the risk of unauthorized access. We also encourage checking the 2FA status of your collaborators. -* Perform regular reviews of 2FA status for all collaborators. -* Use our API to automate checks and integrate them into your internal security alerts or audit processes. +You can also use the [Scalingo API](https://developers.scalingo.com/) to automate checks and integrate them into your internal security alerts or audit processes.