From replit-pack
Configures Replit Teams roles, SSO/SAML, custom groups, and organization access controls for enterprise security and deployment permissions.
npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin replit-packThis skill is limited to using the following tools:
Manage team access to Replit workspaces, deployments, and AI features. Covers the built-in role system (Admin, Manager, Editor, Viewer), custom groups (Enterprise only), SSO/SAML integration, deployment permissions, and audit logging.
Manages Replit Teams: invite/remove members, assign roles, audit inactive seats, promote dev deployments to production. For team admins handling access and org settings.
Configures Vercel Enterprise RBAC with team roles, project access groups, SAML SSO, and audit logging for managing permissions.
Configures Sentry enterprise RBAC, organization hierarchy, team permissions, SSO/SAML2, SCIM provisioning, API tokens, and audit logging for compliance.
Share bugs, ideas, or general feedback.
Manage team access to Replit workspaces, deployments, and AI features. Covers the built-in role system (Admin, Manager, Editor, Viewer), custom groups (Enterprise only), SSO/SAML integration, deployment permissions, and audit logging.
| Role | Create Repls | Deploy | Manage Members | Billing | AI Features |
|---|---|---|---|---|---|
| Owner | Yes | All | Yes | Yes | Yes |
| Admin | Yes | All | Yes | View only | Yes |
| Manager | Yes | Staging | Add/remove | No | Yes |
| Editor | Yes | No | No | No | Yes |
| Viewer | No | No | No | No | No |
In Organization Settings > Members:
1. Invite members:
- Click "Invite" > enter email
- Select role: Admin, Manager, Editor, or Viewer
- Member receives email invitation
2. Bulk management (2025+):
- CSV export of all members
- Sort/filter by role, activity, last login
- Bulk role changes
3. Role assignment strategy:
- Owners: 1-2 (billing + full admin)
- Admins: team leads (manage members + deploy)
- Managers: senior devs (deploy to staging)
- Editors: developers (create + code)
- Viewers: stakeholders (read-only access)
Enterprise plan enables custom permission groups:
1. Organization Settings > Groups
2. Create group: e.g., "Backend Team"
3. Assign permissions:
- Access to specific Repls
- Deployment permissions (staging only, or all)
- AI feature access
4. Add members to group
Example groups:
- "Frontend Team": access to UI Repls, deploy to staging
- "DevOps": all Repls, deploy to production, manage secrets
- "Contractors": specific Repls only, no deployment access
- "QA": read all, deploy to staging, no production
Organization Settings > Security > SSO:
1. Choose provider:
- Okta
- Azure Active Directory
- Google Workspace
- Any SAML 2.0 compatible IdP
2. Configure SAML:
- ACS URL: provided by Replit
- Entity ID: provided by Replit
- Certificate: from your IdP
- Map IdP groups to Replit roles
3. Enable enforcement:
- "Require SSO": blocks password-based login
- Session timeout: recommended 12 hours
- IdP-initiated logout support
4. Test:
- Try login with SSO before enforcing
- Verify role mapping works correctly
- Test session timeout behavior
Control who can deploy and where:
Organization Settings > Deployments > Permissions:
Production deployments:
- Restrict to Admin + Owner only
- Require approval workflow (Enterprise)
- Custom domain management: Admin only
Staging deployments:
- Allow Managers and above
- Auto-deploy from staging branch
Development:
- All Editors can run in Workspace
- Dev database access for all team members
# View recent team activity
curl "https://replit.com/api/v1/teams/TEAM_ID/audit-log?limit=50" \
-H "Authorization: Bearer $REPLIT_TOKEN" | \
jq '.events[] | {user, action, resource, timestamp}'
# Common audit events:
# - member.invited
# - member.removed
# - member.role_changed
# - repl.created
# - repl.deleted
# - deployment.created
# - deployment.rolled_back
# - secret.created
# - secret.deleted
Enterprise audit features:
- Exportable audit logs (CSV)
- 90-day retention
- Filter by user, action, resource
- API access for SIEM integration
## Access Review Checklist (run quarterly)
1. Export member list from Organization Settings
2. Review each member:
- [ ] Last active date within 30 days?
- [ ] Role appropriate for current responsibilities?
- [ ] Still on the team/project?
3. Actions:
- Remove members not active in 30+ days
- Downgrade over-privileged members
- Upgrade members needing more access
4. Document changes and rationale
5. Verify SSO group mappings still accurate
Cost impact:
- Each removed seat saves $25-40/month
- Quarterly review prevents seat creep
Replit AI features (Agent, Assistant, Ghostwriter):
Organization Settings > AI Features:
- Enable/disable AI for entire organization
- Per-role AI access (Enterprise)
- Usage tracking per member
Controls:
- Agent: can create files, install packages, deploy
- Assistant: code suggestions, chat
- Ghostwriter: inline completions
Recommendation:
- Enable AI for all developers (Editors+)
- Restrict Agent deployment to Managers+
- Monitor AI usage via dashboard
| Issue | Cause | Solution |
|---|---|---|
| Member can't deploy | Insufficient role | Promote to Manager or Admin |
| SSO redirect loop | Wrong ACS URL | Verify callback URL matches Replit config |
| Seat limit exceeded | Plan capacity reached | Remove inactive members or upgrade |
| Custom group not working | Not on Enterprise plan | Groups require Enterprise |
| AI features disabled | Org-level toggle off | Enable in Organization Settings > AI |
For data migration patterns, see replit-migration-deep-dive.