Running on Galaxy Legacy? Visit the legacy docs.
Galaxy

Members Menu

Your team management hub. Invite developers, assign roles, control notifications, and monitor security settings for your organization.

The Members section only appears for organization accounts. Personal accounts don't have this option. New to organizations? Check out the Organizations guide to learn how team collaboration works on Galaxy.

Viewing Your Team

When you open the Members section, you see a table of everyone in your organization. Each row shows one team member with key information.

The table displays:

  • Username: Their Galaxy login name (how you find them when adding)
  • Role: Their role in the organization (Owner, Admin, Developer, or Viewer). The owner shows as fixed text. For everyone else, this is a dropdown you can change if your role allows it.
  • Email Notifications: Toggle for organization activity emails (deployment alerts, database changes, billing updates)
  • 2FA Status: Whether they have 2FA enabled and which method they're using (Authenticator App or Email)

You can't enable 2FA for someone else, but you can check to make sure they've set it up.

Require 2FA Across Your Team

Make sure all team members have 2FA enabled. Essential for protecting your organization's data and applications.


Roles and Permissions

Every member holds one of four roles. The role decides what they can do.

Owner: Full access. The only role that can transfer ownership.

Admin: Invite members, remove members, and change member roles. Full access to apps, databases, and settings.

Developer: Invite and remove members, but can't change roles. Full access to apps, databases, and settings.

Viewer: Read-only access. Can't create apps or databases, deploy, manage settings, edit environment variables, or scale containers.

You'll find this same legend at the bottom of the Members page under "Roles & permissions."

What Viewers Can't Do

Viewers are read-only. On top of the resource limits above, they can't open deployment history or deployment details. Bump someone to Developer when they need to ship or inspect deployments.

Changing a Member's Role

Find the member in the table and use the Role dropdown to pick Admin, Developer, or Viewer. The change takes effect right away.

A few things to know:

  • You can't assign Owner from the dropdown. To hand off ownership, use Transfer Ownership in Organization Settings.
  • The owner's row is fixed. It shows "Owner" as text, not a dropdown.
  • Only owners and admins can change roles. If your role can't, the dropdown is disabled and hovering it tells you why.

Adding Team Members

Want to bring someone new onto your team? They need their own Galaxy account first.

Have Them Create an Account

They must create their own account. Can't do it from the Members section.

Send them to https://my.galaxycloud.app/signup to sign up, create a password, and complete setup.

Get Their Username

Ask them to share their Galaxy username so you can find them when adding.

Invite Them

Click "Add New Member" in the top right of the Members section. Enter their username and click "Add Member".

They join right away as a Viewer (the most limited role) and appear in your Members list. Change their role from the dropdown once they're in.

What Access Do They Get?

New members start as Viewer: read-only access to the organization. They can look around, but can't create apps or databases, deploy, manage settings, edit environment variables, or scale containers.

To give someone more, change their role to Developer or Admin. See Roles and Permissions above for what each role can do.

About billing access: Billing sits outside the role system. Whether members can see billing information depends on your organization settings. The owner can restrict billing access in the Settings Menu. If set to "Only Organization Owner," members won't see payment methods or invoices.


Managing Member Settings

Once someone is part of your organization, you can control a few key settings.

Email Notifications

Each member has a toggle for email notifications.

  • Notifications on: They get emails about events, alerts, deployments, and changes
  • Notifications off: No email notifications, but their role-based access stays the same (useful if they prefer checking the dashboard manually)

Toggle the checkbox in the "Email Notifications" column. Takes effect immediately.

Team member drowning in notifications? Don't remove them. Just toggle off their email notifications. Their access doesn't change.

2FA Status

Look at the 2FA column to see each member's status:

  • 2FA Enabled (App): Using an authenticator app (best option)
  • 2FA Enabled (Email): Using email-based 2FA (still good, less secure)
  • 2FA Disabled: No 2FA set up (security risk)

You can't enable 2FA for someone else. Encourage team members without it to set it up. Point them to the Security Menu guide.

Members Without 2FA Are at Risk

Team member without 2FA? Their account is at greater risk. Encourage them to set it up immediately, especially if they have Developer or Admin access to production systems.


Removing Members

Sometimes you need to remove someone. Maybe they left the company, or you need to reduce access.

Find the member in the table and click "Remove" on their row. Confirm, and they're instantly removed with all access lost.

What happens when you remove someone:

  • Can't access the organization anymore
  • Can't see apps and databases
  • Can't deploy applications or make changes
  • Ongoing deployments they started keep running, but they can't manage them
  • Their personal Galaxy account stays active (they just lose access to your organization)

Removing someone is instant and irreversible. Made a mistake? You'll need to add them back manually, and they'll rejoin as a Viewer.

Removal Is Permanent

Removing a member is permanent. They lose all access immediately. Be certain before you confirm.


Pro Tips

Start people at the right role. New members land as Viewer. Only bump them to Developer or Admin when they actually need to deploy or manage the team.

Require 2FA from day one. When inviting new team members, ask them to enable 2FA before accessing production systems. Make it standard practice.

Monitor 2FA status regularly. Check the Members page occasionally to confirm all team members still have 2FA enabled. Quick security audit.

Use notification toggles wisely. Some want all alerts, others prefer checking manually. Respect preferences.

Keep admin access tight. Only owners and admins can change roles. Hand out Admin sparingly, and use Developer for people who just need to ship.

Offboard properly. When someone leaves, remove them immediately. Don't leave old members with access to sensitive resources.


Common Questions


What's Next?