Skip to main content
GitHub is the single source of truth for permissions. You never configure access controls in Pullfrog—it all comes from GitHub.

How it works

All Pullfrog users sign in with GitHub. In the console, users can only see repos and organizations they already have access to. This is structurally enforced by Pullfrog’s backend architecture. Pullfrog does not synchronize data between GitHub and our own servers. The backend is largely stateless. When you sign in, we use a user-scoped token to fetch fresh data directly from the GitHub API and use that data to render the user’s console.

What this means for your org

  • Real-time access When users are added/removed from an org, or their roles are modified, Pullfrog reflects this instantly. No permission drift.
  • Scoped visibility — Org members only see repos they have access to on GitHub.
  • Teams — No need to recreate your GitHub team structure.
  • Admin controls respected — Only org admins can change Pullfrog settings.
  • Accurate billing — No stale seats or phantom users.