Logo
Frontend
Backend 

Organizations

Organizations within PropelAuth are flexible, to make sure that they fit your use case. This guide covers everything you need to know!

Configuration & Settings

The following options are available on the Organization Settings page in your PropelAuth dashboard.

Changing the word "Organization"

If you use a different word for organizations (maybe team, company, tenant, workspace, group, or something domain specific), you can configure this by changing the organization metaname.

changing the org metaname

Users can create their own organizations

If enabled, users have access to the 'Create Org' UI, allowing them to create their own organizations.

Disable this if you want to manually create organizations yourself, on behalf of your users.

All users must be in an organization

This setting will make sure that all users must be in at least one organization before they are allowed to use your product.

The signup/login flows will direct the user to create or join an organization.

Maximum number of orgs per user

This sets the limit on the number of organizations a user can be in at once. Most commonly, we see people setting this to either 1 (meaning each user can only be in one organization) or "as many as they want."

Requiring 2FA for all users within an Org (coming soon)

This setting will require all users within an organization to have 2FA enabled before they can use your product. We proactively email users who are not yet enrolled in 2FA, and allow your customers to set a deadline for when they must enroll.

Creating Orgs

There are three ways to create an organization.

  1. Your end users can create them themselves. Just like the signup and login pages, PropelAuth provides a UI for your end users to create these organizations. Our frontend libraries provide functions for you to redirect your users to the "create org" page and to get which orgs the user is a member of.

A configurable UI your users use to create organizations

  1. You can use the PropelAuth dashboard to create organizations for your users.
  2. You can use our APIs to create organizations programmatically.

Adding Users to Orgs

PropelAuth provides a management UI for your users as well. This enables them to send invitations, manage roles, remove users from the organization, and more.

org management page

A user that received an invitation will be prompted to sign up if they haven't yet. Afterwards, they can accept or decline the invitation.

user invitation

Your users can also allow anyone with a matching email domain to automatically join at the lowest role (e.g. everyone from @acme.com can join the Acme Organization).

We also support SAML which enables your customers to connect their organization membership directly to their identity provider (like Okta, OneLogin, or JumpCloud).

Setting a Maximum User Limit per Org

Let's say you have a pricing model that has three tiers and plans

  • Hobbyist, meaning team size is max 1
  • Startup, meaning team size is max 5
  • Growth, meaning unlimited team size

When an organization selects a plan, you will want to set a limit based on the plan they are paying for

To do this, you will want to update the organization they are a part of programmatically. Using one of our libraries, you would use the update organization endpoint to create a maximum limit of users in the specified organization. For example, if running a Node backend, it would look something like:

 function updateOrgWithNewPricingInfo(plan, orgId) {
	if (plan === "hobby") {
		auth.updateOrg(orgId, { maxUsers: 1 })
	} else if (plan === "startup") {
		auth.updateOrg(orgId, { maxUsers: 5 })
	} else {
		auth.updateOrg(orgId, { maxUsers: 100000 })
	}
}

Connecting Orgs to a Payment System

In order to properly accomplish this kind of pricing limitation, you need a mapping from your organization to a payment system, like Stripe. If you want to do this programmatically, you can use our webhooks and listen to the org.created event.

For more information on our webhooks, be sure to check out our documentation on the subject.

Enable 2FA Requirement for Organizations

Organizations can enhance security by requiring two-factor authentication (2FA) for their members. Enabling this setting has two parts - first by enabling it globally in your PropelAuth dashboard and then enabling it per organization. Turning this setting on globally allows your organizations to enable 2FA requirements themselves by adding a setting to the hosted pages. Or, you can enable it for them via your PropelAuth dashboard.

To enable the 2FA requirement setting globally, navigate to your PropelAuth dashboard and then Organization Settings.

Global Require 2FA Setting

Once enabled globally, this setting can then be enabled per individual org. Only org owners (or the top level role) can enable this by navigating to the Organizations section of their account page and clicking on Settings.

Here, they have the option to enable/disable this setting as well as a required date for when members of their org need to have 2FA enabled by. If they select Immediately, all users who do not yet have 2FA enabled will be required to set up 2FA before they can continue using your product.

If the org owner selects a grace period to allow 2FA setup, all users in their org will receive an email instructing them to enable 2FA by navigating to their account page. If they do not have 2FA setup by the time the grace period has ended, they will not be able to continue using your product until they have it setup.

Account Page 2FA Setting

You can also enable the 2FA requirement setting for individual orgs via the PropelAuth dashboard. Head over to the Organizations page, select the org where you want to require 2FA, and click on Settings. From here you can enable/disable the setting as well as when to enforce it.