Docs
Browse docs

Organizations

B2B multi-tenancy for your end users. Every organization is a collection of users with roles, invitations, and a shared active-org context baked into the session JWT.

Copy this quickstart guide as a prompt for LLMs to implement Authfyio in your application.

Enable Organizations

Organizations are opt-in per instance. Turn them on from a single place: Dashboard → your app → Organizations → Enable Organizations. Pick a membership mode when you enable:

  • Membership required — every signed-in user must belong to an organization; there are no personal accounts.
  • Membership optional — users can use the app with a personal account and optionally join or create organizations.

Enabling seeds the built-in roles (owner, admin, member) and the system-permission catalog. Until it's enabled, the org endpoints below and the <OrganizationSwitcher /> component stay inert. You can invite members and assign roles straight from that same Organizations tab, or via the API below.

Create an organization

curl -X POST $AF_API/v1/orgs \
  -H 'content-type: application/json' \
  --cookie cookies.txt \
  -d '{"name":"Acme","slug":"acme"}'

Invite a member

curl -X POST $AF_API/v1/orgs/$ORG_ID/invitations \
  -H 'content-type: application/json' \
  --cookie cookies.txt \
  -d '{"email":"new@example.com","role":"member"}'

Authfyio emails the invitee a one-time link. The invite counts against the workspace plan's membersPerOrg cap (Hobby 20, Pro 100, Business / Enterprise unlimited) along with already-accepted members.

Accept an invitation

curl -X POST $AF_API/v1/orgs/invitations/accept \
  -H 'content-type: application/json' \
  --cookie cookies.txt \
  -d '{"token":"<one-time-token>"}'

Switch active organization

curl -X PATCH $AF_API/v1/orgs/current \
  -H 'content-type: application/json' \
  --cookie cookies.txt \
  -d '{"orgId":"<uuid>"}'

The API refreshes the hot session context in Redis so the next__session JWT embeds org and org_role.

React hook

const { isLoaded, organization } = useOrganization();
if (isLoaded && organization) {
  return <p>Active org: {organization.name}</p>;
}

Custom RBAC roles (Pro+)

Beyond the built-in owner / admin / member triple, Pro plans can define custom roles with per-permission granularity. Manage them from the app → settings → org roles. Creating a custom role on Hobby returns 403 customRbacRoles.

← Previous
Users
Next →
Webhooks