Organizations & Teams

Clonit Cloud groups everything your team does into an organization. Targets, snapshots, storage profiles, API keys, and connected agents all live inside an org, and everyone you work with joins that same org. Your role in the org decides what you can see and change.

This page covers the people side of Clonit Cloud — organizations, members, and roles — and the agent registry, the list of machines connected to your org. You manage all of it from the Cloud section of the agent web UI (clonit serve).

Note

Clonit Cloud is optional. Everything in this page applies only once you have signed in with clonit login and connected an agent to a cloud. The standalone agent works fully without any of it.

Organizations

An organization is your team’s private space in Clonit Cloud. All data is org-scoped: a target, snapshot, or storage profile created in your org is visible only to members of that org, and nothing crosses org boundaries.

Each org has:

• A name — the human-friendly display name for your team.
• A slug — a short, URL-friendly identifier (for example, acme-data).
• A plan — your subscription tier (free, pro, or enterprise).
• A member list — everyone who belongs to the org, each with a role.

You sign in to a specific org when you authenticate. From there, every cloud operation you run — pushing a snapshot, syncing a target, listing shared snapshots — happens inside that org and is scoped to it automatically.

Note

Who can join your org, and how people are invited, is handled by your identity provider through the central auth service — not by Clonit. Clonit never stores passwords and runs no sign-in flow of its own; it hands you off to the auth service and receives a signed-in session back. See Sign In & Login for how that works.

Members

The members view lists everyone in your organization. For each member you can see:

Field	What it shows
Name	The member’s display name
Email	The member’s email address
Role	Their role in the org — owner, admin, member, or viewer
Joined	When they joined the organization

A member’s role is what determines their capabilities. If your org uses SSO, group memberships from your identity provider are reflected here automatically, so the member list stays in sync with your directory.

Roles

Clonit Cloud has four roles. They are ordered from most to least privileged:

owner › admin › member › viewer

Each role includes everything the role below it can do, plus more. The table below summarizes what each role can do.

Capability	Viewer	Member	Admin	Owner
View org data (targets, snapshots, storage profiles, members, agents)	✓	✓	✓	✓
Create and modify targets		✓	✓	✓
Push, pull, and manage snapshots		✓	✓	✓
Create and manage storage profiles		✓	✓	✓
Update org settings (name, etc.)			✓	✓
Change other members’ roles			✓	✓
Create and delete API keys			✓	✓
Assign or revoke the owner role				✓

Owner

Owners have full control of the organization. In addition to everything an admin can do, only an owner can assign or revoke the owner role for other members. Every org has at least one owner.

Admin

Admins manage the org day to day. They can update org settings, change other members’ roles (up to admin), and create or delete API keys. Admins can do everything members and viewers can do — what they cannot do is grant or remove the owner role.

Member

Members are the working role for most of your team. They can create and modify targets, push and pull snapshots, and create and manage storage profiles — the everyday data operations. They cannot change org settings, manage other members’ roles, or manage API keys.

Note

Connected agents authenticate with an API key and act with member-level access. That is why an agent can push, pull, and sync targets and snapshots on your behalf, but cannot change org settings or manage members.

Viewer

Viewers have read-only access to everything in the org. They can see targets, snapshots, storage profiles, members, and agents, but cannot create, modify, or delete anything. Use this role for stakeholders who need visibility without the ability to change data.

Tip

Pick the least-privileged role that lets someone do their job. Give read-only stakeholders viewer, give people who run snapshot workflows member, and reserve admin and owner for the few people who manage the org itself, its keys, and its membership.

The agent registry

An agent is a machine running the Clonit CLI that has been connected to your organization. The agent registry is the list of every such machine, so your whole team can see which environments are wired into the cloud — your laptop, a teammate’s machine, a CI runner, a staging box, and so on.

Registering an agent

You connect a machine to the cloud by registering it once. With cloud.url and a cloud API key configured, run:

clonit cloud register

By default the agent is named after the machine’s hostname. Give it a clearer name with --name, which is handy for shared or unattended machines:

clonit cloud register --name ci-runner-01

Registration assigns the agent a stable identity in the cloud and records it under your org’s agent_id in the config. To re-register an already-registered agent — for example after re-imaging a machine — use --force:

clonit cloud register --force

See the clonit cloud command reference for the full flag list, and Connect Your Agent for the complete setup walkthrough.

What the registry shows

Once registered, each agent appears in the Cloud section of the web UI with:

Field	What it shows
Name	The agent’s name (hostname by default, or your --name)
Version	The version of the Clonit CLI running on that machine
Hostname	The machine the agent is running on
Last seen	When the agent last contacted the cloud

The last seen timestamp is the quickest way to tell which agents are active and which have gone quiet.

Checking an agent’s status from the CLI

To confirm an individual agent is connected and see its registration state from the machine itself, run:

clonit cloud status

Removing an agent

You can remove an agent from the registry in the web UI — for example when you decommission a machine or retire a CI runner.

Caution

You cannot delete the agent you are currently using from its own web UI. Remove retired or duplicate agents from another connected agent, or after switching the current machine to a different registration.

To stop an agent from acting against the cloud entirely, also revoke the API key it authenticates with. Removing the agent from the registry clears its listing; revoking its key cuts off its access.

How roles, agents, and keys fit together

• People sign in with clonit login and act with their org role (owner, admin, member, or viewer).
• Machines (agents) connect with an API key and act with member-level access, which is enough to run snapshot and target workflows.
• Admins and owners manage the org itself — its settings, its members’ roles, and its API keys.

That separation lets you give a person read-only visibility while still letting an automated CI agent push snapshots, or let a member run day-to-day workflows without handing them control over the org’s keys and membership.

See Also

• Sign In & Login — Sign in to Clonit Cloud with clonit login
• Connect Your Agent — Connect a machine and register an agent
• API Keys — Create and manage the keys agents authenticate with
• Sharing Snapshots — Share snapshots with your org
• clonit cloud — Command reference for register, status, sync, and more
• clonit serve — Start the web UI where the Cloud section lives