replit-enterprise-rbac
Configure Replit enterprise SSO, role-based access control, and organization management. Use when implementing SSO integration, configuring role-based permissions, or setting up organization-level controls for Replit. Trigger with phrases like "replit SSO", "replit RBAC", "replit enterprise", "replit roles", "replit permissions", "replit SAML".
Install
mkdir -p .claude/skills/replit-enterprise-rbac && curl -L -o skill.zip "https://mcp.directory/api/skills/download/7838" && unzip -o skill.zip -d .claude/skills/replit-enterprise-rbac && rm skill.zipInstalls to .claude/skills/replit-enterprise-rbac
About this skill
Replit Enterprise RBAC
Overview
Manage team access to Replit workspaces, deployments, and AI features. Covers the built-in role system (Admin, Manager, Editor, Viewer), custom groups (Enterprise only), SSO/SAML integration, deployment permissions, and audit logging.
Prerequisites
- Replit Teams or Enterprise plan
- Organization Owner or Admin role
- SSO identity provider (Enterprise only): Okta, Azure AD, Google Workspace
Role Hierarchy
| Role | Create Repls | Deploy | Manage Members | Billing | AI Features |
|---|---|---|---|---|---|
| Owner | Yes | All | Yes | Yes | Yes |
| Admin | Yes | All | Yes | View only | Yes |
| Manager | Yes | Staging | Add/remove | No | Yes |
| Editor | Yes | No | No | No | Yes |
| Viewer | No | No | No | No | No |
Instructions
Step 1: Configure Organization Roles
In Organization Settings > Members:
1. Invite members:
- Click "Invite" > enter email
- Select role: Admin, Manager, Editor, or Viewer
- Member receives email invitation
2. Bulk management (2025+):
- CSV export of all members
- Sort/filter by role, activity, last login
- Bulk role changes
3. Role assignment strategy:
- Owners: 1-2 (billing + full admin)
- Admins: team leads (manage members + deploy)
- Managers: senior devs (deploy to staging)
- Editors: developers (create + code)
- Viewers: stakeholders (read-only access)
Step 2: Custom Groups (Enterprise Only)
Enterprise plan enables custom permission groups:
1. Organization Settings > Groups
2. Create group: e.g., "Backend Team"
3. Assign permissions:
- Access to specific Repls
- Deployment permissions (staging only, or all)
- AI feature access
4. Add members to group
Example groups:
- "Frontend Team": access to UI Repls, deploy to staging
- "DevOps": all Repls, deploy to production, manage secrets
- "Contractors": specific Repls only, no deployment access
- "QA": read all, deploy to staging, no production
Step 3: SSO/SAML Configuration (Enterprise Only)
Organization Settings > Security > SSO:
1. Choose provider:
- Okta
- Azure Active Directory
- Google Workspace
- Any SAML 2.0 compatible IdP
2. Configure SAML:
- ACS URL: provided by Replit
- Entity ID: provided by Replit
- Certificate: from your IdP
- Map IdP groups to Replit roles
3. Enable enforcement:
- "Require SSO": blocks password-based login
- Session timeout: recommended 12 hours
- IdP-initiated logout support
4. Test:
- Try login with SSO before enforcing
- Verify role mapping works correctly
- Test session timeout behavior
Step 4: Deployment Permission Controls
Control who can deploy and where:
Organization Settings > Deployments > Permissions:
Production deployments:
- Restrict to Admin + Owner only
- Require approval workflow (Enterprise)
- Custom domain management: Admin only
Staging deployments:
- Allow Managers and above
- Auto-deploy from staging branch
Development:
- All Editors can run in Workspace
- Dev database access for all team members
Step 5: Audit Logging
# View recent team activity
curl "https://replit.com/api/v1/teams/TEAM_ID/audit-log?limit=50" \
-H "Authorization: Bearer $REPLIT_TOKEN" | \
jq '.events[] | {user, action, resource, timestamp}'
# Common audit events:
# - member.invited
# - member.removed
# - member.role_changed
# - repl.created
# - repl.deleted
# - deployment.created
# - deployment.rolled_back
# - secret.created
# - secret.deleted
Enterprise audit features:
- Exportable audit logs (CSV)
- 90-day retention
- Filter by user, action, resource
- API access for SIEM integration
Step 6: Quarterly Access Review
## Access Review Checklist (run quarterly)
1. Export member list from Organization Settings
2. Review each member:
- [ ] Last active date within 30 days?
- [ ] Role appropriate for current responsibilities?
- [ ] Still on the team/project?
3. Actions:
- Remove members not active in 30+ days
- Downgrade over-privileged members
- Upgrade members needing more access
4. Document changes and rationale
5. Verify SSO group mappings still accurate
Cost impact:
- Each removed seat saves $25-40/month
- Quarterly review prevents seat creep
Step 7: AI Feature Controls
Replit AI features (Agent, Assistant, Ghostwriter):
Organization Settings > AI Features:
- Enable/disable AI for entire organization
- Per-role AI access (Enterprise)
- Usage tracking per member
Controls:
- Agent: can create files, install packages, deploy
- Assistant: code suggestions, chat
- Ghostwriter: inline completions
Recommendation:
- Enable AI for all developers (Editors+)
- Restrict Agent deployment to Managers+
- Monitor AI usage via dashboard
Error Handling
| Issue | Cause | Solution |
|---|---|---|
| Member can't deploy | Insufficient role | Promote to Manager or Admin |
| SSO redirect loop | Wrong ACS URL | Verify callback URL matches Replit config |
| Seat limit exceeded | Plan capacity reached | Remove inactive members or upgrade |
| Custom group not working | Not on Enterprise plan | Groups require Enterprise |
| AI features disabled | Org-level toggle off | Enable in Organization Settings > AI |
Resources
Next Steps
For data migration patterns, see replit-migration-deep-dive.
More by jeremylongshore
View all skills by jeremylongshore →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
fastapi-templates
wshobson
Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.
Related MCP Servers
Browse all servers
SlackPowerful MCP server for Slack with advanced API, message fetching, webhooks, and enterprise features. Robust Slack data
Azure AllSupercharge AI platforms with Azure MCP Server for seamless Azure API Management and resource automation. Public Preview
NetlifyEffortlessly manage Netlify projects with AI using the Netlify MCP Server—automate deployment, sites, and more via natur
Okta MCP ServerOfficial Okta MCP server for managing identity and access management through AI. Automate user provisioning, group manag
Docy (Documentation Access)Docy (Documentation Access) delivers real-time search and navigation of technical documentation without leaving your con
Windows ScreenshotsEasily access and manage Windows Screenshots from WSL2. List and retrieve screenshots with metadata, paths, or base64 co
Stay ahead of the MCP ecosystem
Get weekly updates on new skills and servers.