Organizations Module

Complete API reference for sso.organizations module - organization management, members, end-users, audit logs, webhooks, and enterprise features.

Updated Apr 12, 2026 Edit this page

Organizations Module

The organizations module (sso.organizations) manages multi-tenant organizations, their members, end-users, billing credentials, audit logs, and webhooks.

Core Organization Methods

sso.organizations.create()

Signature:

create(payload: CreateOrganizationPayload): Promise<CreateOrganizationResponse>

Description: Create a new organization (requires authentication). The authenticated user becomes the organization owner. Returns JWT tokens with organization context, eliminating the need to re-authenticate.

Example:

const result = await sso.organizations.create({
  slug: 'acme-corp',
  name: 'Acme Corporation'
});
authStore.setTokens(result.access_token, result.refresh_token);

sso.organizations.list()

Signature:

list(params?: ListOrganizationsParams): Promise<OrganizationResponse[]>

Description: List all organizations the authenticated user is a member of. Supports filtering by status and pagination.

sso.organizations.get()

Signature:

get(orgSlug: string): Promise<OrganizationResponse>

Description: Get detailed information for a specific organization.

sso.organizations.select()

Signature:

select(orgSlug: string): Promise<SelectOrganizationResponse>

Description: Switch to a different organization context. Issues new JWT tokens with the organization claim. The SDK automatically updates the session with the new tokens.

sso.organizations.update()

Signature:

update(orgSlug: string, payload: UpdateOrganizationPayload): Promise<OrganizationResponse>

Description: Update organization details (name, settings). Requires ‘owner’ or ‘admin’ role.

sso.organizations.delete()

Signature:

delete(orgSlug: string): Promise<void>

Description: Delete an organization and all associated data permanently. Requires ‘owner’ role.

Member Management

Managed via sso.organizations.members.

sso.organizations.members.list()

Signature:

members.list(orgSlug: string): Promise<MemberListResponse>

Description: List all members of an organization with their roles.

sso.organizations.members.add()

Signature:

members.add(orgSlug: string, payload: CreateInvitationPayload): Promise<Invitation>

Description: Convenience method that creates an invitation and immediately accepts it. Useful for administrative operations.

sso.organizations.members.updateRole()

Signature:

members.updateRole(orgSlug: string, userId: string, payload: UpdateMemberRolePayload): Promise<OrganizationMember>

Description: Update a member’s role (e.g., ‘member’, ‘admin’, ‘owner’). Requires ‘owner’ role.

sso.organizations.members.remove()

Signature:

members.remove(orgSlug: string, userId: string): Promise<void>

Description: Remove a member from the organization.

sso.organizations.members.transferOwnership()

Signature:

members.transferOwnership(orgSlug: string, payload: TransferOwnershipPayload): Promise<void>

Description: Transfer organization ownership to another member. Requires current ‘owner’ role.

End-User Management

Managed via sso.organizations.endUsers. These are the customers/users of the services within the organization.

sso.organizations.endUsers.list()

Signature:

endUsers.list(orgSlug: string, params?: ListEndUsersParams): Promise<EndUserListResponse>

Description: List all end-users across all services or filtered by a specific service.

sso.organizations.endUsers.get()

Signature:

endUsers.get(orgSlug: string, userId: string): Promise<EndUserDetailResponse>

Description: Get detailed information about a specific end-user, including identities and session counts.

sso.organizations.endUsers.revokeSessions()

Signature:

endUsers.revokeSessions(orgSlug: string, userId: string): Promise<RevokeSessionsResponse>

Description: Force-logout an end-user by revoking all their active sessions.

Audit Logs

Managed via sso.organizations.auditLogs.

sso.organizations.auditLogs.get()

Signature:

auditLogs.get(orgSlug: string, params?: AuditLogQueryParams): Promise<AuditLogResponse>

Description: Retrieve administrative audit trails for the organization.

Webhooks

Managed via sso.organizations.webhooks.

sso.organizations.webhooks.create() | list() | get() | update() | delete()

Standard CRUD operations for managing webhook endpoints.

sso.organizations.webhooks.test()

Signature:

webhooks.test(orgSlug: string, webhookId: string): Promise<{ success: boolean; job_id: string; delivery_id: string }>

Description: Trigger a test event (ping) to the webhook endpoint.

SCIM (Directory Sync)

Managed via sso.organizations.scim.

sso.organizations.scim.createToken()

Signature:

scim.createToken(orgSlug: string, payload: CreateScimTokenRequest): Promise<ScimTokenResponse>

Description: Generate a new SCIM bearer token for directory synchronization (Okta, Azure AD, etc.).

sso.organizations.scim.listTokens() | revokeToken() | deleteToken()

Manage existing SCIM tokens.

Enterprise SSO (Upstream Providers)

Managed via sso.organizations.upstreamProviders.

sso.organizations.upstreamProviders.list() | get() | create() | update() | delete()

Manage SAML and OIDC enterprise identity providers for the organization.

BYOO (OAuth Credentials)

Managed via sso.organizations.oauthCredentials.

sso.organizations.oauthCredentials.set()

Signature:

oauthCredentials.set(orgSlug: string, provider: OAuthProvider, payload: SetOAuthCredentialsPayload): Promise<OAuthCredentials>

Description: Configure organization-specific OAuth application credentials (Client ID/Secret) for white-labeled login.

SMTP Configuration

sso.organizations.setSmtp() | getSmtp() | deleteSmtp()

Manage organization-specific SMTP settings for transactional emails.

Custom Domains & Branding

sso.organizations.setCustomDomain() | verifyCustomDomain() | getDomainConfiguration()

Manage custom domains (e.g., auth.acme.com) for white-labeled authentication.

sso.organizations.updateBranding() | getBranding()

Manage organization logo and primary colors for authentication pages.

Risk & Security

Managed via sso.organizations.riskSettings and sso.organizations.security.

sso.organizations.riskSettings.get() | update() | reset()

Configure risk engine thresholds and enforcement modes (Challenge MFA, Block).

sso.organizations.security.getRiskEvents()

Signature:

security.getRiskEvents(orgSlug: string, params?: RiskEventsQuery): Promise<RiskEventResponse[]>

Description: Retrieve a list of suspicious activity events flagged by the risk engine.

SIEM Integrations

Managed via sso.organizations.siem.

sso.organizations.siem.create() | list() | get() | update() | delete() | test()

Configure SIEM endpoints and test connectivity for providers like Datadog or Splunk.

Billing Credentials (BYOP)

Managed via sso.organizations.billingCredentials.

sso.organizations.billingCredentials.set() | get() | delete()

Configure organization’s own billing provider keys (Stripe/Polar) to charge their end-users directly.

Role Management

Managed via sso.organizations.roles.

sso.organizations.roles.list() | get() | create() | update() | delete()

Manage custom RBAC/ReBAC roles within the organization.