Skip to Content

Workspace settings

Workspace-wide configuration lives here: name, security posture, defaults for new machines, API keys, integrations, and the deletion flow. Owner role required for edits; Admins see read-only.

General

Editable workspace identity:

  • Name and slug (slug must be globally unique).
  • Description — shown in the workspace switcher.
  • Default timezone — used for schedule rendering and audit timestamps.
  • Default locale — used for cabinet copy and member email.

Security policies

Workspace-wide policies that override personal preferences:

  • Require 2FA for every member. Members without 2FA lose workspace access until they enroll.
  • IP allowlist for cabinet and REST. Optional CIDR list.
  • Cabinet session timeout — auto sign-out after N minutes of inactivity.
  • Default permission mode for new machines — default, strict, or bypass. See Concepts: permissions.

Default machine onboarding

Reduce manual cleanup on every cmdop connect:

  • Auto-tags applied to new machines (e.g. env:prod, team:platform).
  • Default permission rule set seeded into permissions.yaml on first heartbeat.
  • Default machine name pattern${hostname}-${short_id} if you want disambiguation.

Workspace API keys

Workspace API keys are long-lived bearer tokens scoped to one workspace. Useful for CI, headless scripts, and SDK integrations:

  • Issue — name, scopes (machines:read/write, commands:execute, files:read/write, schedules:manage, agent:invoke), optional expiry. The secret is shown exactly once.
  • Revoke — immediate; in-flight requests fail next call.
  • Rotate — issue a new key, deploy it, then revoke the old one.

Workspace API keys are different from personal API tokens — workspace keys belong to the workspace and survive member churn.

Workspace deletion

Deletion is a Soft 24-hour flow:

  1. Owner clicks Delete; the workspace is marked pending-deletion.
  2. Members lose access immediately; existing sessions terminate.
  3. After 24 hours, machines are unregistered and the workspace is purged.
  4. During the 24-hour window, any Owner can cancel.

Billing reconciles on the next cycle (proration credit if applicable).

Deleting a workspace deletes its machines’ registration. Agents will keep running locally but will fail to report in. Move machines to another workspace before deleting if you need them to keep working.

Integrations

Wire workspace events into existing tools:

  • Webhooks — POST events to a URL with HMAC-signed body.
  • Slack — channel notifications for billing, security, and schedule failures.
  • SSO — SAML / OIDC, available on team plans.

Where this data lives

Backed by the Django workspaces app and rendered by apps/my/.../dashboard/settings/.

Last updated on
What is CMDOP