Note: Team management is a paid feature, available as part of the Team upgrade package. Single sign-on is also a paid feature, available as part of the Business upgrade package. Refer to Terraform Cloud pricing for details.
The Teams API is used to create, edit, and destroy teams as well as manage a team's organization-level permissions. The Team Membership API is used to add or remove users from a team. Use the Team Access API to associate a team with privileges on an individual workspace.
Any member of an organization can view visible teams and any secret teams they are a member of. Only organization owners can modify teams or view the full set of secret teams. The organization token and the owners team token can act as an owner on these endpoints. (More about permissions.)
Note: Users must be invited to join organizations before they can be added to teams. See the Organization Memberships API documentation for more information. Invited users who have not yet accepted will not appear in Teams API responses.
This endpoint supports pagination with standard URL query parameters. Remember to percent-encode [ as %5B and ] as %5D if your tooling doesn't automatically encode URLs.
Parameter
Description
filter[names]
Optional: If specified, restricts results to a team with a matching name. If multiple comma separated values are specified, teams matching any of the names are returned.
page[number]
Optional. If omitted, the endpoint will return the first page.
page[size]
Optional. If omitted, the endpoint will return 20 runs per page.
The sso-team-id attribute is only returned in Terraform Enterprise 202204-1 and later, or if this team's organization is in the Terraform Cloud Business tier.
The name of the organization to create the team in. The organization must already exist in the system, and the user must have permissions to create new teams.
This POST endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path
Type
Default
Description
data.type
string
Must be "teams".
data.attributes.name
string
The name of the team, which can only include letters, numbers, -, and _. This will be used as an identifier and must be unique in the organization.
data.attributes.sso-team-id
string
(nothing)
The unique identifier of the team from the SAML MemberOf attribute. Only available in Terraform Enterprise 202204-1 and later, or if the team belongs to an organization in the paid Terraform Cloud Business tier.
data.attributes.organization-access
object
(nothing)
Settings for the team's organization access. This object can include manage-policies, manage-policy-overrides, manage-run-tasks, manage-workspaces, manage-vcs-settings, manage-providers, and manage-modules properties with boolean values. All properties default to false.
data.attributes.visibility(beta)
string
"secret"
The team's visibility. Must be "secret" or "organization" (visible).
The sso-team-id attribute is only returned in Terraform Enterprise 202204-1 and later, or if this team's organization is in the Terraform Cloud Business tier.
The sso-team-id attribute is only returned in Terraform Enterprise 202204-1 and later, or if this team's organization is in the Terraform Cloud Business tier.
This PATCH endpoint requires a JSON object with the following properties as a request payload.
Properties without a default value are required.
Key path
Type
Default
Description
data.type
string
Must be "teams".
data.attributes.name
string
(previous value)
The name of the team, which can only include letters, numbers, -, and _. This will be used as an identifier and must be unique in the organization.
data.attributes.sso-team-id
string
(previous value)
The unique identifier of the team from the SAML MemberOf attribute. Only available in Terraform Enterprise 202204-1 and later, or if the team belongs to an organization in the paid Terraform Cloud Business tier.
data.attributes.organization-access
object
(previous value)
Settings for the team's organization access. This object can include manage-policies, manage-policy-overrides, manage-run-tasks, manage-workspaces, manage-vcs-settings, manage-providers, and manage-modules properties with boolean values. All properties default to false.
data.attributes.visibility(beta)
string
(previous value)
The team's visibility. Must be "secret" or "organization" (visible).
The sso-team-id attribute is only returned in Terraform Enterprise 202204-1 and later, or if this team's organization is in the Terraform Cloud Business tier.
The GET endpoints above can optionally return related resources, if requested with the include query parameter. The following resource types are available:
users (string) - Returns the full user record for every member of a team.
organization-memberships (string) - Returns the full organization membership record for every member of a team.