Need help with other JFrog products?
JFrog Enterprise+
JFrog Artifactory
JFrog Xray
JFrog Mission Control
JFrog Distribution
[JFrog Pipelines]
JFrog Access
JFrog CLI
Good news! Enterprise-scale distribution is now handled through the robust JFrog Platform.
Please contact us with any questions.
Any logged-on Bintray user can create an organization. The user who created the organization is automatically assigned as its owner.
You can create a new organization from your user profile page.
Click Add New Organization and then follow the screens to enter additional details about the organization.
The details of a Bintray organization can be edited by the organization’s owner or a member with the appropriate authorization. Note that when you edit an organization, you are actually modifying its metadata and memberships. Some metadata cannot be changed after the organization has been created. Any member of an organization can add repositories to the organization.
You can change an organization’s metadata in the Edit Organization Profile page. To modify the metadata click on the links on the left to open use relevant forms:
General: Use this form to change the avatar, name, location, website and email of the organization.
Members: Use this form to manage the members of the organization (invite or remove members or change member authorizations).
Teams: Use this form to manage teams in the organization. You can create new teams and set their authorizations, and invite or delete members from existing teams.
Products: Use this form to manage products in the organization.
Repositories: Manage the organization’s repositories.
GPG Signing: Configure an ASCII-armored GPG key pair through which users can authenticate your material with Bintray’s optional GPG signing functionality.
URL Signing: Regenerate your organization’s URL signing key.
Accounts: Configure which external accounts Bintray can access.
SAML Authentication: Configure authentication of users in your organization through your corporate SAML server.
To simplify adding users to your Bintray organization, you may configure SAML based single-sign-on (SSO) so users who want to access your organization’s assets may be authenticated through your corporate SAML server. To configure SAML authentication, select the corresponding tab on the Edit Organization page.
When using SAML authentication, you should keep the following points in mind:
Users who sign in through SAML will be created as scoped users within your organization and can interact with Bintray using their API key.
A user who signs in through SAML may not become the owner of an organization since this is not allowed for scoped users.
Users who sign in through SAML, should not, in addition, be invited to your organization via email (doing so would create an additional scoped user).
There is no need to expose your SAML IdP server externally, as long as the clients’ browsers are able to reach the network of the IdP server (typically internal) and Bintray (externally).
The Identity Provider (IdP) provides the NameID attribute which is consumed by Bintray (the SP) for configuration and usage.
Currently, Bintray does not provide an XML metadata SAML info endpoint for automated configuration.
Currently, a logout endpoint is also not supported.
Bintray supports SAML authentication through a variety of providers. For details on how to configure either Google or Microsoft AD FS as your provider, please refer to the links below:
If you need assistance configuring Bintray for authentication through your SAML server, please contact JFrog Support.
The metadata fields that define an organization are as follows:
Avatar: The avatar assigned to the organization may be uploaded by the user (as an image file) at any time. If no avatar is uploaded, a generic one is automatically assigned.
Name: Entered by a user when a package is created, and cannot be changed.
Location: A text field that indicated where the organization is located (if relevant).
Website: The URL of the organization’s website.
Twitter: The Twitter user account of the organization, if the organization wants to Tweet its releases through Bintray.
In the Members form:
This form does not really include metadata; it is used to manage the members of the organization (invite or remove members or change authorizations of members).
In the Repositories form:
This form does not really include metadata; it is used to manage the repositories of the organization.
In the GPG Signing form:
Private Key and Public Key: The ASCII-armored GPG key pair used for GPG Signing.
When displayed in Bintray, additional information about an organization is displayed (number of repositories, etc.) This is the data stored in the form of Bintray entities and the information about Bintray interactions such as the owner’s name.
The organization metadata is set when the organization is created and may be changed when the organization is edited later.
If you are the owner of an organization or an administrator, you can invite other Bintray users to be members of your organization (they need to accept the invitation for them to become members).
If you are not the owner and not a member of an organization, you can request to join.
Each member of any Bintray organization has personalized authorizations, assigned by the organization’s owner or by a member with administrative rights.
The owner of an organization and members with administrative rights can invite other Bintray users to join.
To get started, In your organization’s profile page, click the Edit button under the organization name to edit the organization's profile, and select the Members form.
Note: if the Edit button is not displayed then you may not have administrator rights for this organization.
There are two ways to invite others to your organization:
This is a way to invite Bintray users to your organization.
Click Invite by Username and start typing the name of the user you want to invite. Select the user from the list displayed.
After you click Invite By Username the Compose Message page is displayed, with the address of the member you selected and the subject already filled in.
As soon as you send the message, the user will receive a message in Bintray (and by email) with buttons that give the option to Approve or Decline the invitation.
This is a way to invite people who do not yet have a Bintray account to your organization. In the process of accepting your invitation, they will have to create a Bintray account and will therefore become Bintray users who will automatically be associated with your organization. Once they have accepted your invitation and have a Bintray account, it is up to you to assign them to the relevant teams to provide them with the relevant access privileges.
Click Invite by Email and in the form displayed, enter the email of the person you want to invite. Bintray sends an email message to email you specified with a link that leads to the form below through which they can create their Bintray account.
Once the new user has completed registration, their Bintray account is created and Bintray logs them in, displaying their Profile page. At this point, the new user is a member of your organization and you can now assign them to a team with the appropriate permissions.
To remove members from an organization click "Delete" to the right of their Username in the Members tab. To do this you need be the owner of the organization, or have administrative rights.
You can join any organization in Bintray as long as you are a Bintray user, and the owner of the organization approves your request. To do so, you first have to send a request to the organization owner by clicking the Join button next to the Username on the organization’s profile page.
The Compose Message page opens with a message for the organization’s owner asking to join. You may add text to the message, and then click Send.
The owner of the organization will receive this message and will either approve or reject it. If your request to join is approved, you will receive a confirmation message in your inbox.
To leave a Bintray organization:
Edit your own User Profile and click the Organizations form on the left.
In the Organizations form click the Leave link next to the organization’s name.
Bintray will pop up a dialog asking you to confirm. To confirm leaving the organization, click the Leave button.
Note that you cannot leave an organization if you are its owner or a member with administrative rights. You must first change your authorizations and become a regular member.
Note also that you can re-join the organization by submitting a request using the normal procedure.
A member of an organization in Bintray can create repositories, packages and versions and upload material to the organization. Only the owner or an administrative member can edit the organizations' details, and change member authorizations. All Bintray users can view and download material from an organization’s repositories even if they are not members of the organization.
There are three authorization levels within an organization:
Owner
Admin
Member
The authorizations are displayed in the following table:
Invite New Member
Owner | Admin | Member | |
Yes | Yes | No | |
Approve Membership Request | Yes | No | No |
Remove Member | Yes | Yes | No |
Change Authorization of Member | Yes | Yes | No |
Transfer Ownership of Organization | Yes | No | No |
Yes | Yes | No | |
Yes | Yes | No | |
Yes | Yes | Yes | |
Yes | Yes | Yes | |
Yes | Yes | Yes |
By default, the person who creates an organization is as also the owner.
By default, any new member joining an organization joins as a regular member (not as an administrator or owner).
Note the following authorization options:
The owner of an organization can change the authorization of another member
The owner of an organization can transfer ownership to another member
A member with administrative permissions can change the authorization of another member
To change the authorization level of organization members:
Edit the Organization Profile page and select the Members form.
If you are the owner of the organization, you can change the authorization of any member from “Member” to “Admin” and vice versa, by clicking the existing authorization level of the relevant member and selecting the new authorization level for that member from the drop-down menu.
After an entry is selected from the drop-down menu, the authorization level is changed without further confirmation.
If you are the owner of the organization, you can assign the authorization level “Owner” to a member, and transfer the ownership of the organization to this member.
Since this cannot be undone, a confirmation is required. If you confirm, the member becomes the new owner of the organization, and you then become an admin member.
If you are a member with administrative permissions, you can change the authorizations of other members (all members except the owner and yourself), from “Member” to “Admin” and vice versa.
Before you leave the page, check that the change in authorization has taken effect; the changes are updated in the system and confirmed automatically.
If you have one of the Bintray Premium accounts you have the option to manage private repositories, and define access control by creating teams and setting permissions. A team can contain any number of users, and can be defined at the account level or for an organization. In order to set up permissions for access to your private repositories:
First create teams on the account level or for an organization.
For each team define the access level. Once defined, all team members have the same access level.
For more fine-grained control, you can provide access to a specific file using Signed URLs, or to specific repository paths using Access Entitlements.
A team can be created by the owner or an admin user of an organization on a Premium plan when editing the organization’s profile.
After giving the team a name, you may configure two additional fields:
Allow team members to create repositories
When enabled, members of this team will be able to create repositories for the organization. By default, these repositories can only be viewed by the team members and the organization owner and administrators, however the organization owner and admins can modify this setting by editing these repositories' permissions as needed. Team members that indeed do create a repository are automatically assigned admin permissions on the repository they create.
Default Business Unit
This setting is optional and only available for organizations on an Enterprise account. It is only enabled if you do allow team members to create repositories. If that is the case, then when creating a team, this setting defines the default Business Unit that any new repository created by a team member will be assigned to. An organization owner or admin can later change a team’s default business unit if necessary. Note that you may assign several teams with the same Default Business Unit setting.
Allowing team members to create repositories and assigning business units are also supported through the Create Team and Update Team
REST API endpoints.
Note that while a user may be included in different teams in general, a user may NOT be included in different teams that allow him or her to create repositories because if a user belongs to two teams that have a different Default Business Unit defined, Bintray would not know to which Business Unit a new repository should be assigned to
Once you have created teams, you can add members to each team from the Edit Team page.
When you set up a new repository anyone Bintray user with Read privileges can access it.
To restrict access to a repository, click on Make Private. Your repository will no longer be visiblefor other members of the Bintray community. Now you can select or create and add your own teams and assign "Read" or "Publish" privileges to them.
Important | Making a repository private has several important implications:
|
Once a repository is converted to Premium, you can configure access control to the repository in the Permissions tab of the Edit Repository page. You can define four levels of access:
None: The team members do not have any access to the repository.
Read: The team members can download artifacts from the repository.
Publish: The team members can both download from and publish artifacts to the repository.
Admin: The team members have administrator permissions for the repository, and in addition to Publishing, can also administer team access to the repository.
You can modify a team’s permissions either from the Edit Team page, or, if you have a Premium account, from the Edit Repository page.
You can only give Publish or Admin privileges to teams that belong to an organization (as opposed to teams that belong to a user).
When a repository is owned by a user (as opposed to an organization), only the owner can administrate it, or publish to it. Teams defined at the user level can only be given Read privileges.
The images below show how to set access privileges for a team belonging to an organization both from the Edit Team page, and from the Edit Repository page.
As the owner or an admin member of a Bintray organization, you may add a key pair to the organization; all published material of this organization is signed with this key pair.
To Generate an ASCII-Armored GPG Key Pair (for a Bintray organization):
Access the Organization page of a Bintray organization you own or to which you have admin permissions.
Click the Edit button under the organization’s name to display the Edit Organization page.
In the GPG Signing form, enter your ASCII-armored Public Key. If you wish, you can also click the Click to Add link next to the Private Key label to add your private key
Click Update to save the keys you entered.