DEV Community

Cover image for Managing Client Projects as an Agency: Teams, Roles & Multi-Org in Deploynix
Deploynix
Deploynix

Posted on • Originally published at deploynix.io

Managing Client Projects as an Agency: Teams, Roles & Multi-Org in Deploynix

#deploynix #agency #teams #organizations

Running a web development agency means juggling multiple client projects across different servers, environments, and deployment workflows — all while ensuring that the right people have access to the right things and nobody accidentally deploys to the wrong production server.

Deploynix was built with this exact challenge in mind. Its organization and team management features give agencies the tools to run multiple client projects cleanly separated, with role-based access control that matches how real agencies operate. In this guide, we will walk through how to structure your Deploynix setup for agency work: creating organizations, managing roles, assigning servers to team members, and building workflows that scale as your agency grows.

The Organization Model

Everything in Deploynix is organized around the concept of organizations. An organization is the top-level container that holds servers, sites, team members, cloud provider connections, and billing information.

For agencies, the most natural approach is to create one organization per client. This gives you:

  • Complete isolation. Each client's servers, sites, and deployments are entirely separate. A developer working on Client A's project never sees Client B's infrastructure.
  • Independent billing. If you bill clients separately for hosting, each organization can have its own subscription plan.
  • Clean access control. When a client relationship ends, you remove their organization. No stale access lingering in a shared account.
  • Client ownership transfer. If a client wants to take over management of their own infrastructure, you can transfer the organization to their account.

Alternative: Single Organization with Server-Level Access

For smaller agencies or agencies that prefer centralized management, a single organization with careful server-level access controls can work. In this model, you use one organization for all clients and control which team members can see which servers.

This approach is simpler to manage but offers less isolation. We recommend the multi-organization approach for agencies with more than a few clients.

Role-Based Access Control

Deploynix provides five organization-level roles, each designed for a specific level of responsibility.

Owner

The Owner role has unrestricted access to everything in the organization. Owners can manage billing, delete servers, invite and remove members, and change organization settings. Each organization has exactly one Owner, but ownership can be transferred to another member at any time.

Agency usage: The agency principal or CTO should be an Owner. For client-owned organizations, the client's primary technical contact is typically the Owner, with your agency team added in other roles.

Admin

Admins have nearly the same permissions as Owners, with the exception of billing management and organization deletion. Admins can create and manage servers, sites, deployments, databases, and team members.

Agency usage: Your senior developers and technical leads should be Admins. They can manage infrastructure, deploy code, and handle day-to-day server operations without needing to touch billing.

Manager

Managers have broad operational access. They can create, update, and delete servers and sites, trigger deployments and rollbacks, manage databases and certificates, and create teams. They cannot manage organization members or access billing.

Agency usage: Project managers and technical leads who need full operational control over client infrastructure but should not be managing team membership or billing.

Developer

Developers can view servers and databases, and have full control over sites — including creating, updating, deleting sites, triggering deployments and rollbacks, and managing environment variables. They cannot create or manage servers, manage databases, or manage team members.

Agency usage: Developers who need to manage sites and deploy code but should not be provisioning servers or modifying database infrastructure.

Viewer

Viewers have read-only access. They can view servers, sites, databases, and certificates but cannot make any changes, trigger deployments, or access sensitive credentials.

Agency usage: Clients, stakeholders, or auditors who need visibility into the infrastructure without the ability to modify anything.

Setting Up Your Agency Structure

Let us walk through setting up a typical agency structure on Deploynix.

Step 1: Create Client Organizations

For each active client, create a new organization in Deploynix. Use a clear naming convention:

  • "Acme Corp — Production"
  • "TechStart — All Environments"
  • "LocalBrew — Web Platform"

Choose names that your team will immediately recognize. When you are switching between organizations in the dashboard, clarity matters.

Step 2: Connect Cloud Providers

For each client organization, connect the appropriate cloud provider. There are two common approaches:

Agency-owned infrastructure: Your agency owns the cloud provider accounts and bills clients for hosting. Connect your agency's cloud provider API tokens to each client organization. This gives you complete control and simplifies billing.

Client-owned infrastructure: The client owns their cloud provider account and gives you an API token. Connect their token to their organization. This gives clients more control and makes handoff easier if the relationship ends.

Both approaches work well. The right choice depends on your agency's business model and your client's preferences.

Step 3: Invite Team Members

For each organization, invite the team members who work on that client's projects.

Navigate to the organization's team settings and invite by email address. Assign roles based on responsibility:

  • Your lead developer for this client: Admin
  • Other developers on the project: Developer
  • The project manager: Manager
  • The client's technical contact (if they want access): Admin or Manager

Team members can belong to multiple organizations with different roles in each. A developer might be an Admin in one client organization (where they lead the project) and a Developer in another (where they contribute occasionally).

Step 4: Provision and Organize Servers

Within each client organization, provision the servers needed for their project. A typical setup might include:

For a standard client project:

  • One App Server for production
  • One App Server for staging (optional but recommended)

For a larger client with high-traffic needs:

  • Two or more Web Servers behind a Load Balancer
  • One Database Server (dedicated MySQL or PostgreSQL)
  • One Worker Server (for queued jobs)
  • One staging App Server

Name servers clearly: "production-web-1," "staging-app," "production-db." When you are managing dozens of servers across multiple clients, naming conventions save time and prevent mistakes.

Workflow Patterns for Agencies

The Standard Client Workflow

Here is a workflow that works well for most agency-client relationships:

  1. Development happens locally and on feature branches. Developers push to GitHub/GitLab/Bitbucket.
  2. Code review happens through pull requests. The lead developer reviews and approves changes.
  3. Staging deployment is triggered automatically when code is merged to the develop or staging branch. Deploynix's push-to-deploy feature handles this.
  4. Client review happens on the staging server. The project manager shares the staging URL with the client for approval.
  5. Production deployment is triggered manually by the lead developer or project manager after client approval. This can be a direct deployment or a scheduled deployment set for a specific time.

This workflow ensures that code is reviewed before it reaches staging, clients approve changes before production, and there is a clear audit trail of who deployed what and when.

Managing Multiple Environments

For clients with multiple environments (development, staging, production), create separate sites on the same server (for smaller projects) or separate servers (for larger projects).

Same server, different sites: Create two sites on one App Server — one for staging (connected to the staging branch) and one for production (connected to the main branch). This is cost-effective and works well for most projects.

Separate servers: Provision a dedicated staging server and a dedicated production server. This provides complete isolation and matches production conditions more closely, which is important for catching environment-specific issues.

Handling Hotfixes

When a production issue needs an immediate fix:

  1. The developer creates a hotfix branch from main
  2. The fix is made and pushed
  3. A pull request is opened directly to main
  4. After quick review, it is merged
  5. The lead developer triggers a production deployment immediately
  6. The hotfix branch is also merged back into develop or staging

Deploynix's fast deployments (typically under 2 minutes) and instant rollback capability make hotfixes low-risk. If the fix introduces a new problem, roll back to the previous release in seconds.

Client Handoff

Eventually, some client relationships end. The client takes their project in-house, or moves to a different agency. Deploynix makes handoff clean.

If the Client Wants to Self-Manage

  1. Invite the client's new technical lead as an Owner of their organization
  2. Help them set up their own API tokens for cloud providers and Git
  3. Walk them through the Deploynix dashboard and deployment workflow
  4. Remove your agency team members from the organization
  5. The client now has full control with zero interruption to their running applications

If the Client Moves to Another Agency

  1. Invite the new agency's team members with appropriate roles
  2. Conduct a knowledge transfer session covering server configuration, deployment workflows, and any custom setup
  3. Remove your agency team members
  4. The new agency has everything they need without any server migration

If You Own the Infrastructure

If your agency owns the cloud provider accounts, you will need to coordinate the transfer of the actual VPS instances to the client's cloud provider account, or provision new servers under their account and migrate. Deploynix's multi-server support makes this process manageable.

Security Best Practices for Agencies

Principle of Least Privilege

Give every team member the minimum role they need to do their job. A developer who only needs to trigger deployments should not be an Admin with access to database credentials and server configuration.

Use the API for Automation

Instead of giving CI/CD systems access to a team member's account, create dedicated API tokens with specific scopes. This way, if a CI token is compromised, the blast radius is limited to the scopes you granted (e.g., deployment only).

Regularly Audit Access

When team members leave your agency or rotate off a client project, remove their access promptly. Set a quarterly reminder to review the member list for each organization and remove anyone who no longer needs access.

Separate Credentials

Never share API tokens, database passwords, or SSH keys between clients or environments. Deploynix generates unique credentials for each server and site, which helps enforce this naturally.

Scaling Your Agency on Deploynix

Managing 5-10 Clients

At this scale, the multi-organization approach works perfectly. You switch between organizations in the Deploynix dashboard, and each client's infrastructure is clearly separated. One or two agency owners manage all organizations, with project-specific developers added as needed.

Managing 10-50 Clients

As your client portfolio grows, establish clear processes:

  • Standardize your server naming conventions
  • Create a template for client onboarding (which servers to provision, which environment variables to set, which deployment hooks to configure)
  • Use the Deploynix API to automate repetitive setup tasks
  • Designate team leads who are responsible for specific client groups

Managing 50+ Clients

At this scale, the Deploynix API becomes essential for managing infrastructure programmatically. Build internal tools that use the API to provision servers, create sites, and manage deployments across your entire client portfolio. Combine this with monitoring and alerting to proactively catch issues before clients report them.

Cost Management

Deploynix's subscription tiers are per-organization. For agencies, this means:

Free tier: One server, three sites per organization. Perfect for small client projects or staging environments.

Starter tier: More servers and sites. Good for growing client projects.

Professional tier: Expanded limits and features like load balancing. For high-traffic client projects.

Enterprise tier: Unlimited everything. For agencies that manage large-scale client infrastructure.

Bill clients for hosting costs (cloud provider fees) plus a management markup, or include hosting in your retainer. Deploynix's per-organization billing makes it easy to track costs per client.

Conclusion

Agency life is complex enough without infrastructure management adding to the chaos. Deploynix's organization model, role-based access control, and multi-server support give agencies the structure they need to manage client projects cleanly and securely.

Create separate organizations for each client, assign roles that match your team structure, establish clear deployment workflows, and use the API to automate repetitive tasks. When client relationships change, handoff is clean because everything is organized from the start.

Start organizing your agency's infrastructure at deploynix.io. Your first organization is free.

Top comments (0)