# Team Management

---

## Overview

Manage your team's access to Fly. Add members, assign roles, and control who can do what. The first user to create the account becomes the team Admin.

---

## How It Works

### User Roles

JFrog Fly has two role types:

**Admin** -- Full access to all Fly functionality:

| Permission | Admin |
|------------|-------|
| Push/Pull artifacts | Yes |
| View artifacts and releases | Yes |
| Manage workflows | Yes |
| **Invite users** | Yes |
| **Update user roles** | Yes |
| **Delete users** | Yes |
| **Create/revoke all tokens** | Yes |
| **Manage team settings** | Yes |

**Developer** -- Standard development access:

| Permission | Developer |
|------------|-----------|
| Push/Pull artifacts | Yes |
| View artifacts and releases | Yes |
| Manage workflows | Yes |
| View user list | Read-only |
| Create tokens | Yes |
| Revoke own tokens | Yes (only tokens they created) |
| Invite users | No |
| Update roles | No |
| Delete users | No |
| Revoke others' tokens | No |

### User Status

**Active** -- User has completed sign-up, can access Fly Registry, and appears in searches and @mentions.

**Pending** -- User has been invited but hasn't signed up yet. You can resend the invitation if needed.

---

## In Fly Web

Team management is currently available through Fly Web. You can view all team members, invite new users, assign roles, and remove members.

### Viewing Team Members

Navigate to **Team Management** to see:

| Column | Description |
|--------|-------------|
| **Name** | User's full name |
| **Email** | User's email address |
| **Role** | Admin or Developer |
| **Status** | Active or Pending |
| **Last Login** | Most recent login timestamp |
| **Actions** | Available actions (based on your role) |

### Inviting Users (Admin Only)

1. Click **Invite User**
2. Fill in: **Email Address** (required) and **Role** (Admin or Developer)
3. Click **Send Invitation**
4. User receives an email with a welcome message, team name, and signup link

### Updating User Roles (Admin Only)

1. Navigate to **Team Management**
2. Click on the user
3. Select **Change Role**
4. Choose new role and confirm

The system ensures at least one Admin always exists.

### Removing Users (Admin Only)

1. Navigate to **Team Management**
2. Click on the user
3. Select **Delete User**
4. Confirm deletion

---

## Password & Authentication

Manage your password and two-factor authentication from **Account Settings > Password & Authentication** in Fly Web.

### Password

Update your password at any time. Click **Edit** to change it.

### Two-Factor Authentication (TOTP)

Add an extra layer of security with an authenticator app (Google Authenticator, Authy, 1Password, etc.):

- To enable: click **Add** on the Authenticator App card, then scan the QR code with your authenticator app
- To disable: click **Disable** on the Authenticator App card

Admins can see which team members have MFA enabled in the Team Management table.

---

## Next Steps

- [Tokens →](../tokens/) - Token permissions by role