Skip to main content

Documentation Index

Fetch the complete documentation index at: https://getfloo.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Use this guide when you are deciding who can operate Floo and who can open an app you deployed on Floo.

Prerequisites

  • you are authenticated with floo auth login
  • you know whether you are changing org membership or app access
  • for password and accounts, your plan is Pro or above

1. Manage your Floo team

Organization membership controls who can operate apps and billing for your org. 
floo orgs members list
floo orgs members set-role <user-id> admin
floo orgs members set-role <user-id> member
floo orgs members set-role <user-id> viewer
The shipped dashboard Team page also supports invites and pending invite management.

2. Choose an app access mode

access_mode is a config-as-code knob in floo.app.toml. The next git push (or floo deploy) applies it to your app — no dashboard click required. 
[app]
name = "my-app"
access_mode = "accounts"
Available modes:
  • public — open access (default)
  • password — shared password (Pro+)
  • accounts — per-user auth via gateway-managed sign-in (Pro+)
  • sso — enterprise SSO (Enterprise)

Where the value lives

access_mode belongs under [app] in floo.app.toml. That value applies to every environment of the app. 
[app]
name = "my-app"
access_mode = "accounts"
Putting it anywhere else (e.g. inside [services.web]) silently does nothing — [app] is the only placement read on deploy.
Per-environment overrides ([environments.<name>] access_mode = …) are accepted in the schema but not yet applied server-side on push deploys. If you need different access modes per env today, the workaround is floo deploy --access-mode <mode> per env. We’re tracking the safe per-env apply (which needs a deferred-apply column to avoid silently downgrading sibling envs) as a follow-up — see accounts-mode-trust “Known gap” for the design.

3. Work with password-protected apps

If an app uses password mode, retrieve the shared password with: 
floo apps password my-app
The app settings view in the dashboard also shows that password and lets you copy it.

4. Manage named app users

If an app uses accounts, the shipped dashboard exposes two app-level controls:
  • a domain allowlist for self-registration
  • individual user grants and revocations
Those flows live in the app’s Users tab today. The CLI currently does not expose matching per-app grant or domain allowlist commands.

5. See users across the org

The shipped org-level Users page shows people who have logged into your accounts apps, plus:
  • which apps they have used
  • first seen / last active timestamps
  • basic user search

What To Use Where

TaskCLIDashboard
change org member rolesyesyes
invite teammatesnot first-classyes
retrieve shared app passwordyesyes
manage app user grantsnoyes
manage allowlisted domains for signupnoyes
inspect org app usersnoyes

What To Do Next

Access Modes

Review the access-mode model and plan gating.

Budget Controls

Set spend caps and manage billing.