Skip to main content
Floo has an app-level access mode that controls who can open your app.

Access Modes

The public CLI configuration surface currently exposes:
  • public for open access
  • password for a shared app password
  • floo_accounts for named user access
[app]
name = "my-app"
access_mode = "password"

Plan Gating

Shipped backend validation currently enforces:
  • public on all plans
  • password on Pro and above
  • floo_accounts on Pro and above
If you request a gated mode on an unsupported plan, the deploy/app update fails with a plan feature error.

Password-Protected Apps

When a password-mode app is deployed, Floo can generate or store a shared password for that app. Use: 
floo apps password my-app
The dashboard app settings page also exposes the password for password-protected apps.

Floo Accounts Apps

floo_accounts is the access mode for named user access. In the shipped dashboard:
  • the app Users tab manages individual grants
  • the app Users tab also manages a domain allowlist
  • the org-level Users page shows people who have logged into floo_accounts apps
Those user-management flows are dashboard-first today. The CLI currently covers org membership, not per-app end-user access grants.

Environment Overrides

The current CLI deploy path reads access mode in this order:
  1. [environments.dev].access_mode
  2. [app].access_mode
  3. floo.service.toml [app].access_mode
Example: 
[app]
name = "my-app"
access_mode = "password"

[environments.dev]
access_mode = "public"

Choosing the Right Mode

ModeBest forMain surface
publicmarketing sites, open APIs, internal previewsconfig + deploy
passwordprivate demos, client previews, temporary stagingconfig + floo apps password
floo_accountsapps with named end users and allowlisted signupconfig + dashboard Users flows

Team and Access

See the CLI and dashboard workflows for team membership and app access.

CLI vs Dashboard

See which access workflows live in which surface today.