Hey I’ve been looking to change up my freelance workflow to include netlify. What I would love to do is keep maintaining repositories on my github but connect those to netlify account my clients own. The reason is I like to stay out of the hosting game and don’t want to be collecting payments for a master netlify account every month. I’d also like them to access their contact forms and it seems like they need their own account to do this. Increasing my account to pro isn’t really an option because then I go back to having to figure out billing and payments for them. On heroku I’ve been just creating a team for them and adding customer card info there so it stays isolated. Would love to hear how others manage client workflows for small side hustles like this.
From what I can tell from experimenting it seems like the best way to do this is to create a new account for the client with their email address and authorize my github account and connect it to the proper repository. This would allow for the client to see their form submissions and pay for any increases in functionality on the Netlify side themselves.
While my github is authorized it would only connect to this one repository so it is safe to use in this manner. It appears the only restriction would be to try to connect two different Netlify accounts to the same repository.
Since I haven’t completely traveled down this path, if anyone that see any pitfalls in my plan let me know I would love to just make sure this is safe.
hey @mrispoli24 - just letting you know i moved this into a different category where it fits a bit better
Sure, any repo you can link to your own Netlify site, you can link to any Netlify site. There’s no restriction based on the account owner.
If you need access to the account then you would have to either create a team for the client or just use their starter team and add you as a member.
so, something is not clear to me with the @mrispoli24 approach.
Let’s say I create a team for a client and authorize its site to have access to a specific repo on my Github account, so far so good.
Now, let’s say my client is a funny guy and he goes :
Settings>Builds&Deploy>Build Settings and links it’s site to another repo, which I have granted access to using the Netlify GitHub App.
How to prevent that?
The safest solution I see here is to have a client’s Team on Netlify as well as a client’s GitHub account to connect the repo to.
Am I missing something(as I often do )?
I agree that the safest and also ideal solution is to have the github repo and netlify site both owned by the client. However, in some situations, what @mrispoli24 described is how things need to be, I guess.
In any case, I don’t think you were missing anything.
I’m facing this same problem.
I have a client with their own Netlify account. I want to deploy a site from a repo on my GitHub account, however I don’t want them to have access to deploy any of my other repositories. Can I allow permissions on a per repo basis or is this simply not possible? At the minute it’s looking like I need them to create their own Github account that they don’t know how to use; I have to then sign in on their behalf and manage permissions and such to allow me to work on it using my Github account? Seems wrong so any light shed on this would be much appreciated.
If you have access to the Netlify account, you can log in and grant access to the one GitHub repo you want to grant access to. Our docs explain:
Scoped repository access. You can choose to grant access to all repositories belonging to your GitHub user or organization, or to specific repositories only. There is no need for special organization-level settings as was previously required for OAuth apps.
Let us know if this answers your question or if we can help further!
Thanks for the response, I read that page but didn’t find it clear enough. The scoped access also restricts my personal Netlify account, am I doing something wrong? I want the client to only have access to 1 repository while I can personally access all.
hey @arsmth -
Thanks for your feedback! We are looking at this now and are going to see if we can make this clearer.
In the mean time, as long as you are not sharing github logins, each person will need to authenticate separately, so people should only have access to the sites they are intended to.
Thanks for the link to the documentation. That’s helpful, but unless I’m missing something I’m not sure it addresses the challenge of safely exposing repository access when you have multiple clients and a single Github account/organisation.
I have multiple clients, each with a repository in a single GitHub organisation, and each with their own Netlify accounts. I want to be able to grant access from each client Netlify account to just their repository within the Github organisation. However, whilst the GitHub App allows me specify an allow-list of ‘Only select repositories’ I believe that will still expose the client A’s repo to client B (and vice versa) if they are both to be linked on Netlify?
Is that correct, and if so, is there anyway around this without having to use separate GitHub organisations for each client?
Hopefully that’s clear. Let me know if not.
I think you are a bit confused about our permissions, @tommarshall, so let me try to clarify:
- Netlify only limits access to our admin UI as you have configured in your team members settings page (docs here: https://docs.netlify.com/accounts-and-billing/team-management/manage-team-members/). Team members who are single-site collaborators will have to be invited to the site you’ve already made (and cannot create new sites on your team, requiring access to configure a repo), so either: you link the repo before they get there, or they link the repo after they get there, but either way…
- Github controls access to repositories; we don’t. You have to expose repository access THERE, not at Netlify.
I think this should point to “I will only be able to limit Netlify logins to sites, not repositories” from Netlify’s side" and hopefully you can find a solution within that, but do let me know if not!