Skip to main content
Organizations give enterprise customers a parent account that manages multiple teams under a single umbrella. While standalone teams work well for small groups, organizations add centralized policies, SSO enforcement, cross-team billing visibility, and model access controls. Every team within an organization maintains its own API keys, secrets, deployed apps, and billing, but inherits policies set at the organization level. If you are already using teams on fal and need centralized control over team creation, member management, or which models your teams can access, an organization is the next step. Organizations are available on enterprise plans. Contact sales to get started.

Organizations vs Teams

A team is a single group with its own API keys, secrets, apps, and billing. An organization is a parent account that manages multiple teams with shared policies. 
Organization (root)
├── Team A (e.g., Research)
├── Team B (e.g., Production)
└── Team C (e.g., Platform)
Each child team operates independently for day-to-day work. The organization controls policies that apply across all teams, like who can create new teams, whether members need SSO, and which models are allowed.

What Org Admins Can Do

Organization admins have centralized control over the full team lifecycle. They can create and archive teams, view and manage members across all teams (roles, assignments, invites), and configure policies that apply organization-wide. On the billing side, org admins can view invoices across all teams and set spending alerts. For security, they can enforce SSO for all team members and restrict which models teams can access via the API or Playground.

Request Visibility

Organizations can enable restricted request view to limit team members to only seeing their own request payloads and logs. This is configured in the organization admin dashboard under “Restricted request view.” When enabled, the system tracks how each request was authenticated. When a team member views requests in the dashboard, they only see payloads for requests where their identity matches the request’s authentication method.
Playground and API key submissions behave differently under restricted view:
  • Playground submissions are authenticated with your personal login token. You can see your own Playground requests.
  • API key submissions are authenticated with the team’s API key, not your personal identity. You cannot see API-submitted request payloads in the dashboard, even if you submitted them, because the API key identity does not match your personal login.
If your team needs per-user request isolation for API submissions, contact support to discuss options.

SSO Account Visibility

Organizations with SSO can restrict whether users can access their personal fal account alongside their SSO-linked team account. This ensures users only interact through the organization’s managed teams. See Managing Teams for configuration details.

Next Steps

Managing Teams

Team lifecycle, member management, and org-wide policies

Model Access Controls

Restrict which models your teams can use