zautha
Core Concepts

Organizations

Organizations provide B2B team structures for end-users with role-based access control.

An Organization represents a team, workspace, or company created by the tenant's end-users. This is a B2B feature — it allows users of your application to group themselves into teams with role-based access control.

Think of it as Slack workspaces, GitHub organizations, or Notion teams.

When to Use Organizations

  • B2B SaaS: Your customers are companies, and each company needs their own workspace with team members.
  • Role-based access: Different users within a team need different permission levels (admin, member, viewer).
  • Team billing: You want to bill per-organization rather than per-user.

If you are building a B2C application (social media, consumer app), you likely do not need organizations at all. They are completely optional.

Properties

PropertyTypeDefaultDescription
idUUIDAuto-generatedUnique identifier
tenant_idUUIDRequiredParent tenant
namestring (max 255)RequiredDisplay name (e.g., "Startup Inc")
slugstring (max 63)RequiredURL-safe identifier, unique per tenant
logo_urlstring?nullURL to the organization's logo
settings_jsonJSON{}Custom settings

Memberships

A Membership links a user to an organization with a specific role:

PropertyTypeDefaultDescription
organization_idUUIDRequiredThe organization
user_idUUIDRequiredThe user
rolestring"member"Role: "admin", "member", or custom
permissionsstring[][]Fine-grained permissions (e.g., ["billing:read"])

A user can belong to multiple organizations. Each membership has its own role and permissions.

Invitations

Organizations grow through email invitations. An admin sends an invitation with a role assignment. The invitation contains a hashed token with an expiration date.

PropertyTypeDescription
emailstringInvited user's email
rolestringRole assigned upon acceptance (default: "member")
expires_atdatetimeWhen the invitation expires
accepted_atdatetime?When accepted (null if pending)

JWT Claims

When a user signs in and belongs to an organization, the JWT access token includes organization claims:

{
  "sub": "user_def456",
  "tid": "tenant_ghi012",
  "org_id": "org_jkl345",
  "org_role": "admin"
}

Your application can use these claims to enforce organization-level access control without additional API calls.

API Endpoints

MethodPathDescription
POST/v1/admin/organizationsCreate an organization
GET/v1/admin/organizationsList organizations
GET/v1/admin/organizations/{org_id}Get an organization
PATCH/v1/admin/organizations/{org_id}Update name, settings
DELETE/v1/admin/organizations/{org_id}Delete an organization
GET/v1/admin/organizations/{org_id}/membersList members
POST/v1/admin/organizations/{org_id}/membersAdd a member
PATCH/v1/admin/organizations/{org_id}/members/{user_id}Update role
DELETE/v1/admin/organizations/{org_id}/members/{user_id}Remove member
POST/v1/admin/organizations/{org_id}/invitationsSend an invitation

B2B vs B2C Comparison

B2C AppB2B App
OrganizationsNot neededEssential
ExamplePhoto editing appProject management SaaS
User modelEach user is independentUsers belong to teams
Access controlPer-userPer-organization + role
BillingPer-userPer-organization

Real-World Example

TaskFlow is a project management SaaS for companies:

  • Tenant: "TaskFlow" (plan: pro)
  • Project: "TaskFlow App" (production)

End-users create their own organizations:

OrganizationMembersDescription
Startup IncAlice (admin), Bob (member)A small startup team
Agency XYZDiana (admin), Eve (member)A design agency

Alice manages her team from the TaskFlow dashboard — inviting members, assigning roles, and removing people. TaskFlow's backend checks the org_id and org_role JWT claims to determine access.

Projects

A Project represents a specific application or environment within a tenant.

React SDK

Hooks, components, and HOCs for adding authentication to React applications.

On this page

When to Use OrganizationsPropertiesMembershipsInvitationsJWT ClaimsAPI EndpointsB2B vs B2C ComparisonReal-World Example