Skip to content
Cosine

Team Settings

Use team settings when you want to manage how your broader organization works in Cloud, including access, membership, and shared integrations.

In Cosine Cloud, all work belongs to a team workspace. If you use Cosine on your own, your account still operates as a team of one.

What you manage in Team Settings

Section titled “What you manage in Team Settings”

Depending on your plan and enabled features, team settings can include:

  • Members and invites for adding people to the workspace
  • Roles and permissions that define who can administer the team
  • Team-wide integrations shared across multiple projects
  • Billing and subscription settings where billing is managed at the team level
  • Shared infrastructure settings such as DNS or other team-scoped configuration

Team vs Project settings

Section titled “Team vs Project settings”

Use Team Settings for configuration that should apply across the workspace.

Use Project Settings for configuration that only applies to a single project, such as repository connections, CI check selection, or deployment options.

Section titled “Navigating to Team Settings”
Cosine Cloud workspace showing the user profile in the bottom-left corner
  1. Click on your user profile in the bottom-left corner, then 2. selecting “settings.
Cosine Cloud profile menu with Settings highlighted

Select team settings.

Team MCP v1

Section titled “Team MCP v1”

Team MCP v1 lets admins (or permitted team members) configure remote HTTP/SSE MCP connectors centrally for the workspace. Each user then authorizes the connector with their own OAuth grant.

How it works

  • An admin or permitted team member adds the connector configuration in Team Settings.
  • When a team member uses the connector, Cosine initiates a per-user OAuth flow.
  • Cosine stores and refreshes each user’s OAuth token server-side.
  • Clients and hosted runners receive runtime-only MCP config that points at Cosine’s Team MCP proxy.
  • Tokens are injected only while proxying MCP calls; upstream OAuth tokens are never written to local ~/.cosine/mcp.json or distributed to runner pods.
  • Personal MCPs continue to live in ~/.cosine/mcp.json and are unaffected by Team MCPs. Team MCP runtime entries are not persisted to personal config.
  • Team MCP proxy usage is audit logged with user, connector, status, and latency metadata. Raw tool arguments, responses, and OAuth tokens are not logged by default.

Current scope and limitations

  • Supported transports: HTTP and SSE (remote only).
  • stdio transport is not supported for Team MCPs in v1.
  • Connector management and usage initially follow team access. Connector-level hosted-runner access can be toggled per connector.
  • Connector URLs must be HTTPS and cannot target local, private, link-local, or cloud metadata hosts.
  • Shared service credentials (one token for all team members) are not supported.

These items are pending product decisions and may be added in future releases.