Skip to main content
This guide covers day-to-day member administration in your Cline Enterprise organization — inviting users, changing roles, removing members, and managing your license seats.

Roles and permissions

Cline Enterprise uses a three-tier role hierarchy:

Owner

Primary account holder. Unrestricted access including billing, security settings, and ownership transfer. Limit to 1–2 individuals.

Admin

Team leads and IT managers. Can manage members and configure providers. Cannot access billing.

Member

Developers and contributors. Can use Cline with shared provider access. Cannot change settings. The correct default for most users.

Permissions matrix

PermissionMemberAdminOwner
General usage
Use Cline
Access shared AI providers
Member management
View members
Invite new members
Edit member roles
Remove members
Remove admins
Configuration
Configure API providers
Manage security settings
Billing and ownership
View billing information
Manage subscription
Transfer ownership
Most users should be Members. Grant Admin only to those who manage users or provider configurations. Reserve Owner for 1–2 account leaders.

Member management

Inviting new team members

  1. Go to your organization dashboard at app.cline.bot.
  2. Click Members in the sidebar.
  3. Click Invite Member.
  4. Enter the user’s email address (must be from your verified domain).
  5. Select the appropriate role: Member, Admin, or Owner.
  6. Click Send Invite.
Invited users receive an email with a join link. Pending invitations appear in your member list with a Pending status and hold one seat from your license.
Need to add many users at once? Contact [email protected] for assistance with bulk CSV invite imports.
If SSO is configured, users can also be provisioned automatically on their first sign-in without a manual invite. See Onboarding.

Access requirements

For users to join your organization, two conditions must be met:
1

Verified identity provider

Your organization must have a verified identity provider (IdP) such as Okta, Microsoft Entra ID (Azure AD), Google Workspace, or AWS IAM Identity Center. Users authenticate through your IdP.
2

Verified domain

Your organization must have a verified domain. Only users with email addresses from verified domains can join. Domain verification is completed through your domain registrar or DNS provider.

Seat management

  • Each active user (Owner, Admin, or Member) consumes one seat.
  • Pending invitations also hold one seat.
  • Removing a member or revoking an invitation immediately frees the seat.
  • Your license determines the maximum number of seats available.
A seat is consumed when:
  • You send an invitation (marked as Pending)
  • An invited user accepts and joins
  • A user gains access through SSO just-in-time provisioning
To free a seat:
  • Remove an active member from the organization
  • Revoke a pending invitation

Security best practices

Principle of least privilege

Assign the minimum role necessary. Most users should be Members. Grant Admin or Owner only when required for job duties.

Limit Owner roles

Keep Owners to 1–2 individuals who manage billing and security. This prevents accidental or unauthorized changes to critical settings.

Regular audits

Review your member list quarterly. Remove inactive users promptly and verify that Admin and Owner roles are still appropriate.

Offboarding process

When offboarding a developer: remove them from Cline, revoke IdP access, and document the change in your audit log.
Owners control billing and can transfer ownership. Choose these individuals carefully and document the selection in your organization’s security policies.

Advanced scenarios

Only the current Owner can transfer ownership:
  1. Navigate to Organization Settings.
  2. Go to the Ownership section.
  3. Select the new Owner from the member list.
  4. Confirm with your authentication.
This action cannot be undone by the previous Owner. The new Owner must initiate a reverse transfer if needed.
When you have multiple Admins:
  • Document each Admin’s area of responsibility.
  • Use audit logs to track configuration changes.
  • Establish escalation paths for Owner-level decisions.
For contractors or temporary staff:
  • Create them as Members.
  • Set calendar reminders to remove them when the engagement ends.
  • Consider using time-limited IdP accounts if your IdP supports it.

Troubleshooting

Common causes:
  • Email domain does not match the verified domain.
  • User’s IdP account has not been created yet.
  • Invitation link has expired.
Fix: Verify domain verification is complete and resend the invitation.
Cause: Only Owners can remove Admins.Fix: Ask an Owner to perform the removal. If you need to remove your organization’s sole Owner, contact [email protected].
When you’ve reached your license limit:
  • Remove inactive members to free seats.
  • Revoke pending invitations that are no longer needed.
  • Upgrade your license to add more seats.

Build docs developers (and LLMs) love

Get started for freeTalk to us