Skip to main content
Qwen Cloud home page
Docs
Token Plan

Team management

Add and manage team members, assign and revoke seats, configure SSO login, and monitor Credits usage in the Token Plan Management Console.

Access the Management Console

Go to the Token Plan subscription page and click Assign Seats to enter the Management Console; or navigate directly to the Token Plan Management Console. The console is divided into two sections:
  • Personal: API Keys, Personal Usage.
  • Organization: Organization Usage, Members, Settings.

Roles and permissions

RolePermissions
OwnerAdd members, remove from organization, assign or revoke seats, change roles, view all member and model usage, manage organization settings
AdminSame permissions as Owner. Admins are granted by the Owner and can be removed or downgraded.
MemberUse assigned API Key and Base URL to call models, view personal usage

Add members

  • Manual
  • SSO login
Manually added members cannot log in to the Management Console — they can only use API Keys for model calls.
  1. On the Members page, click Add Member.
  2. Enter the account name, select the organization role (Admin or Member), and click Confirm.
  3. In the member list, click Assign Seat for the member, select a seat type, and click Confirm.
  4. After the seat is assigned, click Generate for the member to create an API Key. The API Key is displayed only once at creation — copy and save it immediately.
  5. Provide the API Key and plan-specific Base URL to the member.

Seat operations

View seat status

On the Organization Usage page, you can view the Team Edition subscription status, expiry date, seat count, and remaining Credits. At the top of the Members page, you can check the number and type of remaining unassigned seats.

Assign a seat

  1. On the Members page, find the target member and click Assign Seat.
  2. Select a seat type and click Confirm.
  3. After the seat is assigned, click Generate for the member to create an API Key. The API Key is displayed only once at creation — copy and save it immediately.
Provide the API Key and plan-specific Base URL to the member, and they can start calling the corresponding models.

Revoke a seat

On the Members page, find the target member and click Revoke Seat. After revocation, the seat returns to unassigned status and can be reassigned to another member.
You must revoke a member's seat before removing them from the organization. Members with active seats cannot be removed.

API Keys and Base URL

On the API Keys page, you can view and manage the plan-specific Base URL and API Keys.
  • Plan-specific Base URL: Each plan provides an OpenAI Compatible and an Anthropic Compatible Base URL.
  • API Keys: After a seat is assigned, you can generate an API Key for model authentication. Each API Key shows its status, seat type, and days remaining, with a Reset option available.

View usage

Personal Usage

On the Personal Usage page, members can view their own Credits consumption.

Organization Usage

On the Organization Usage page, Owners and Admins can view:
  • Subscription info: Team Edition subscription status, expiry date, seat count, and remaining Credits; Shared Credit Pack information.
  • Usage: Supports viewing by Usage Trend, Model Usage, and Member Usage, with filters for plan, model, and time range.

SAML SSO

On the Settings page, the SSO Configuration section lets you integrate with your enterprise identity provider (IDP) via SAML 2.0 for single sign-on. Once configured, members can log in using their corporate credentials and are automatically added to the organization.
1

Get IDP information

From your enterprise identity provider, obtain the following: IDP SSO URL, IDP Certificate, and optionally IDP Entity ID.
2

Configure SSO in the Management Console

On the Settings page, find the SSO Configuration section and click Edit. Enter a custom SP Entity ID and the IDP information obtained above, then click Confirm.
3

Add SP information to your IDP

After saving, the system automatically generates an ACS URL. Enter the SP Entity ID and ACS URL into your enterprise IDP's SSO application configuration.
4

Share the login URL

In the Basic Information section, copy the Member Login URL and share it with your team members. Members can visit this URL and select SSO login to join the organization.
Parameter reference SP information (Qwen Cloud side):
ParameterDescription
SP Entity IDQwen Cloud's unique identifier in the SSO flow. You define this value and must also enter it in your enterprise IDP.
ACS URLThe URL where the IDP sends authentication responses. Automatically generated after saving the SSO configuration. Enter it in your enterprise IDP.
SP CertificateQwen Cloud's signing certificate, automatically generated after saving.
IDP information (enterprise side — obtain from your IDP and enter in Qwen Cloud):
ParameterDescription
IDP Entity IDYour enterprise identity provider's unique identifier (optional).
IDP SSO URLThe login URL of your enterprise IDP. Members are redirected here for authentication.
IDP CertificateYour enterprise IDP's signing certificate, used by Qwen Cloud to verify that responses are authentic.

Organization settings

On the Settings page, you can view and manage basic organization information, including Organization Name (editable), Organization ID, Owner, and Member Login URL.

FAQ

Can an API Key still be used after a seat expires?

After a seat expires, the corresponding API Key cannot call models. Renew the subscription and reassign the seat to restore access.

Can a revoked seat be reassigned to another member?

Yes. After a seat is revoked, it returns to unassigned status and can be immediately reassigned to another member. The original member's API Key will be invalidated at the same time.

Can a member switch to a different seat?

Each member can hold only one seat at a time. To switch, revoke the current seat first, then assign a new one.
Team management - Qwen Cloud