[PRD] Fine-grained Organizational Settings

[jpelletier1]

This epic is still in development; please suggest any additional settings or defaults you would find valuable! Some requirements may be further decomposed into other GitHub issues, and will be referenced in this list where appropriate.

As an OpenHands Administrator, I need a way to enforce fine-grained organizational settings and defaults across my users.

MVP

Org Settings UX

• Verify there's a Settings page available to Admin and Owner users for configuring Organization-level settings

LLM settings

• Configure the default LLM for the organization that is set for all users
  • Admin configures the provider
  • Admin set the provider key
  • Admin set the model - e.g., sets GPT-5 as the default model for all users
• Enable/disable whether individual users can change their own LLM provider + model
  • If disabled, users will be subject to the Organizational default LLM
  • If enabled, end-users (Members) will be able to select models for only the LLM providers w/ a key configured by Admin
• When an Org is created, there are different pricing plans available - e.g., the "Pro Subscription" is not available since it's an exclusive subscription plan to individuals on OpenHands Cloud
  • "Enterprise Cloud Plan"

Post MVP

Repo access

As an Admin, I want to configure which Git repos are allowed to be accessed by users within that Org. This is so, for example, a user who authenticates with GitHub doesn't use their personal repos within the Org, and doesn't abusively consume tokens under the Org key.

• Verify that the Admin can create an allow-list of approved Git provider orgs (e.g., All-Hands-AI)
• Verify unapproved repos are not visible in the "Launch a conversation" dropdown

Security settings

• For self-hosted installs, define allow/deny lists to network resources: ALL-3031
• Require confirmation for any LLM actions deemed [Low/Medium/High] risk
  • Default: High
• Control who can sign up for (see: APP-278)
  • Invite only: only Admins can invite users to OpenHands Cloud
  • Freely signup: Users within the organization can freely sign up with their existing SSO creds and begin using.
• Ability to modify the security system prompt and have it apply to all users

Tool settings

• Enable/disable default tools:
  • Example use case: Search. Some orgs may not want to allow users to leverage the Tavily Search API
  • For each tool, specify if it's enabled/disabled by default for all users
  • Specify whether an individual user can enable/disable tools on their own

Feature availability

• Public Sharing of Conversations: Enable/disable different ways a user can share a conversation
  • enable/disable public sharing (anyone with a link)
  • enable/disable organizational sharing (just within the org)
• MCP: Enable/disable whether the user can add their own MCP servers
  • If Enabled, also control what default MCP options are available
• Secrets: Define a list of secrets that are available to all users
• API Keys: Enable/disable ability to generate an API key (this may be reserved for service accounts: CLOUD - Support for Service Accounts #195)

Conversation Defaults

• enforce max concurrent convos per user

Budgeting (see: APP-668)

• Default max budget per user
• Ability to override budget for a specific user

Self-hosted Org Settings

• Ability to configure administrator email address
• Max concurrent conversations setting - does this move to UX?
• Option to enable/disable 'Personal Workspaces' in self-hosted

[mamoodi]

Going to close this issue as we are starting fresh with a new process.