From lindy-pack
Configures enterprise RBAC for Lindy AI workspaces: maps org roles to Owner/Editor/Viewer, invites teams, organizes agents in folders, sets sharing, enables SSO/SCIM.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin lindy-packThis skill is limited to using the following tools:
Lindy organizes access around **workspaces** where agents live. Team members
Implements security best practices for Lindy AI agents: API key management with secrets managers, webhook verification in TypeScript/Express, and permission scoping.
Guides Anthropic enterprise setup for workspaces, Console roles, API keys, and Python RBAC implementation enforcing model access and rate limits.
Manages TrueFoundry roles, teams, and collaborators via Bash API scripts. Lists, creates, deletes custom roles and teams; grants/revokes access to workspaces, apps, and resources. Use for permission and team management.
Share bugs, ideas, or general feedback.
Lindy organizes access around workspaces where agents live. Team members are assigned roles that control who can create, modify, run, or observe agents and their execution history. Enterprise features add SSO, SCIM, audit logs, and granular permission controls.
| Role | Create Agents | Edit Agents | Run Agents | View Tasks | Manage Team |
|---|---|---|---|---|---|
| Owner | Yes | Yes | Yes | Yes | Yes |
| Editor | Yes | Yes | Yes | Yes | No |
| Viewer | No | No | No | Yes | No |
| Org Role | Lindy Role | Rationale |
|---|---|---|
| Engineering Lead | Owner | Full workspace control |
| Developer | Editor | Build and modify agents |
| Ops/Support | Editor | Run agents and configure workflows |
| Manager | Viewer | Monitor task execution and metrics |
| Stakeholder | Viewer | Read-only access to results |
Pro plan: Each additional seat costs $19.99/month Enterprise plan: Custom pricing with bulk seat discounts
Use folders to organize agents by team, function, or environment:
Workspace: Acme Corp Production
├── Support/
│ ├── Email Triage Agent
│ ├── FAQ Chatbot
│ └── Escalation Agent
├── Sales/
│ ├── Lead Router
│ ├── Follow-up Agent
│ └── Meeting Scheduler
├── Operations/
│ ├── Daily Report Agent
│ ├── Monitoring Agent
│ └── Data Pipeline Agent
└── Shared/
├── Knowledge Base Agent
└── Notification Agent
Folder permissions: Share folders with specific team members to control visibility. Agents in private folders are only visible to the folder owner.
Each agent can be shared independently:
| Sharing Level | Who Gets It | What They Can Do |
|---|---|---|
| Edit access | Team collaborators | Edit agent, see all tasks |
| User access | Agent consumers | Run agent, trigger workflows |
| Template | Anyone with link | Make a copy (no access to original) |
Control which team members can use shared integration connections:
Create separate API keys per integration purpose:
| API Key | Purpose | Scope | Rotation |
|---|---|---|---|
lnd_prod_app_xxxx | Application webhook triggers | Production only | 90 days |
lnd_prod_ci_xxxx | CI/CD smoke tests | Test agents only | 90 days |
lnd_prod_monitor_xxxx | Monitoring/observability | Read-only | 90 days |
Revoke keys immediately when a team member with access leaves the organization.
SSO (Single Sign-On):
SCIM (User Provisioning):
Audit Logs:
Encryption:
When a team member leaves:
| Issue | Cause | Solution |
|---|---|---|
403 Forbidden on agent create | User has Viewer role | Promote to Editor |
| Agent not visible to teammate | Agent in private folder | Move to shared folder |
API key returns 401 | Key revoked or expired | Generate new key |
| Cannot delete workspace | Not the Owner | Transfer ownership first |
| SSO login fails | SAML misconfigured | Verify IdP metadata and assertions |
| SCIM not syncing | Endpoint URL wrong | Check SCIM endpoint in IdP config |
Proceed to lindy-migration-deep-dive for platform migration strategies.