This page covers organization-wide admin — users, teams, groups, security (SSO, SCIM, domain policies), API keys, and audit. Per-team options (channels, SLAs, labels) live in Team settings.Documentation Index
Fetch the complete documentation index at: https://docs.serval.com/llms.txt
Use this file to discover all available pages before exploring further.
Organization Settings
Access organization settings by clicking your organization name at the top of the sidebar, then selecting Settings.Only Org Admins can access organization settings.
Users
Manage everyone in your organization:- View all users and their org roles (Member or Admin)
- Invite new users
- Deactivate users
- Change organization roles
Teams
Create and manage teams:- Create new teams with a name and prefix
- View team membership
- Delete teams
Groups
Organize users into groups for easier management:- Create groups
- Add/remove users from groups
- Use groups for assignment rules and access policies
Security: SSO, SCIM, and domains
A guided in-product setup for both SCIM and SSO is found within Organizations → Security.
SSO
- Connect and review SSO for your identity provider (SAML via WorkOS).
- Confirm domain verification and overall SSO configured status from the card.
- Use Require SSO when everyone must sign in through your IdP.
SCIM
SCIM keeps your IdP and Serval in sync for users and groups, via WorkOS Directory Sync. Supported providers include Okta, Microsoft Entra ID (Azure AD), Google Workspace, JumpCloud, OneLogin, Rippling, and other SCIM-capable IdPs. What SCIM controls:- Creates and deactivates Serval user accounts as people are added to or removed from your IdP.
- Imports your IdP’s group list into Org Settings → Groups.
- Sets each user’s organization-level role — Org Admin or Org Member — based on the WorkOS role slug computed for them. The most common pattern is to map a dedicated IdP group (such as
serval-admins) to theadminrole in the WorkOS dashboard for the directory connection. See WorkOS Directory Sync — Roles for the dashboard steps.
Domain allowlist and filtering
- Turn domain filtering on or off for your organization.
- Add allowed domains so only matching email addresses stay in scope when users sync from connected directories and integrations.
Enforce domain filter
After allowed domains are saved, Enforce Domain Filter appears at the bottom of the domain allowlist card.- Click Check Users to run a dry run. Serval lists which users would be deactivated because their email does not match the allowlist.
- Review the dialog. The admin running the check is never included in deactivation.
- Confirm to deactivate all non-matching users in one step.
API Keys
Manage programmatic access to Serval:- Create API keys with specific scopes
- View and revoke existing keys
- See last usage timestamps
AI Provider Keys
Use AI Provider Keys when your organization wants Serval to call supported LLM providers with keys that you own and manage. If no organization key is configured for a provider, Serval uses its platform key. When you add an organization key, Serval uses that key for LLM calls made on behalf of your organization for that provider. Before configuring a key, create an API key in the provider’s console and make sure the provider account has billing, model access, and rate limits that support your expected Serval usage. Serval currently supports organization overrides for OpenAI and Anthropic.Open AI Provider Keys
Go to Organization Settings → AI Provider Keys. Only Org Admins can view or manage organization LLM keys.
Add a provider key
Choose Set override for OpenAI or Anthropic, paste the provider API key, then save. Serval runs a healthcheck before storing the key. If the healthcheck fails, the key is not saved.
Configure a custom endpoint, if needed
Leave API base URL blank to use the provider’s default endpoint. Set it only when traffic should go through a compatible proxy or gateway, such as an OpenAI-compatible gateway. Serval healthchecks the endpoint before saving the override.
Audit Logs
View a record of actions taken in your organization:- Filter by user, action type, or date range
- Export logs for compliance
Support tokens
Enable time-bound access for Serval support engineers to assist with your tenant:- Generate tokens — Users can create time-limited support tokens from the profile menu (Get support).
- Automatic expiration — Tokens expire after the configured duration with no manual cleanup required.
- Full audit trail — All access performed via support tokens is logged for compliance and transparency.
Quick reference
| I want to… | Go to… |
|---|---|
| Invite a new user to Serval | Org Settings → Users → Invite |
| Create a team | Org Settings → Teams → Create Team |
| Set up SSO | Org Settings → Security |
| Create an API key | Org Settings → API Keys |
| Bring your own LLM key | Org Settings → AI Provider Keys |
| Add someone to my team | Team Settings → Team Members |
| Configure Slack channels | Team Settings → Channels |
| Set SLA targets | Team Settings → SLA |
| Create ticket labels | Team Settings → Labels |
Steps that use Team Settings are documented in Team settings.