Organizations
An organization is the top-level container for a team’s wylon usage. It owns billing, members and projects. Every user belongs to at least one organization; most teams only need one.
Hierarchy
Resources are organized into a three-level tree.
Organization # billing, members, SSO
└─ Project # isolated budget + usage
├─ API keys # scoped auth tokens
└─ Batch jobs # batch jobs and input/output files- Organization — the billing boundary. One plan, one payment method, one invoice.
- Project — a usage boundary within an organization. Use it to separate prod/staging, cost-allocate across teams, or sandbox external contractors.
- Resources — API keys and batch jobs each belong to exactly one project.
Members & roles
Invite teammates by email. Each member has an organization-wide role plus optional project-level overrides.
| Role | Level | Can |
|---|---|---|
| Owner | Organization | Everything, including deleting the organization and transferring ownership. |
| Admin | Organization | Manage members, projects, billing, and all project-level resources. |
| Billing manager | Organization | View invoices, top up balance, manage payment methods. No engineering access. |
| Project admin | Project | Create API keys, submit batch jobs and manage project settings within assigned projects. |
| Project member | Project | Use existing keys, view metrics, read logs for assigned projects. |
| Viewer | Project | Read-only access to dashboards and logs. |
Managing projects
Create a project when you need any of the following to be isolated:
- Separate billing buckets (e.g. “mobile app” vs “internal tools”).
- Independent rate limits and spend caps.
- Restricted membership (only a subset of the org sees the project).
- Distinct sets of API keys — production keys live in
prod, experiments insandbox.
Switching organizations
If you belong to several organizations, use the switcher in the top-left of the dashboard.
For API calls, the key itself identifies the organization — you do not need to pass an
organization header. Advanced multi-tenant apps can override with the X-wylon-Org
header if a user has an admin key that spans organizations.
Single sign-on (SSO)
Enterprise plans support SAML 2.0 and OIDC SSO. Once configured, members sign in through your identity provider (Okta, Azure AD, Google Workspace). Provisioning via SCIM keeps the member list in sync automatically.
Contact sales@wylon.cn to enable SSO on your organization — it’s a free add-on for teams on the Enterprise plan.
Audit log
Every administrative action — key creation, role change, batch submission — is recorded for 365 days. Owners and admins can filter the log by actor, resource type, or time range from Dashboard → Organization → Audit log.
Leaving or deleting
A member can leave an organization from their personal settings. Owners cannot leave without first transferring ownership. Deleting an organization is a two-step confirmation and immediately revokes all keys and cancels in-flight batch jobs.
