Skip to main content

Manage organization

note

This section covers how developers manage their organizations via Logto Console or Logto Management API, not how organization admins self-serve managing their members within your app. However, you can leverage Logto Management API for both cases. Check this section to learn more about the latter use case.

Manage via Logto Console

Basic settings

You can configure the basic attributes of the organization like name, description, logo, etc.

Require MFA for organization members

You can require all members of an organization to enable MFA. This is a security measure to ensure that all members have an extra layer of protection when accessing the organization's resources.

To enable this feature, go to the organization details page and turn on the "Multi-factor authentication (MFA)" toggle switch.

note

You'll need to enable at least one MFA method in order to make this feature work properly.

Once enabled, members without MFA configured will not be able to exchange organization access tokens until they set up MFA.

Please note that:

  • This feature only checks if the user has MFA configured. It does not force users to use MFA when exchanging access tokens.
  • This feature does not limit what MFA methods users can use.

Just-in-Time provisioning

Just-in-Time provisioning automatically adds users to an organization when they first sign in to the app. In Logto, this is supported for Enterprise SSO and email domain-based provisioning. When users meet specific criteria, like signing in through a specific IdP or using an email with a certain domain, they are automatically added to the organization.

You can also set default organization roles for members when they first join the organization.

For more details on Just-in-Time provisioning and how to set it up, refer to this section.

Manage organization members

Users can hold one or more roles. When adding members to an organization, you have the option to assign roles to multiple users at once. If you leave this assignment blank, the added users will not receive any roles.

In the Console > User management > User details page , you can see which organizations the user belongs to and what organization roles they have.

Manage organization M2M applications

Machine-to-machine applications can also be added to organizations. You can assign roles to machine-to-machine applications like you assign roles to users.

In the Console > Applications > Application details page, you can see which organizations the application associates with and what organization roles it has.

Manage via Logto Management API

Everything you can do in Logto Console can also be done through Management API. This includes, but is not limited to:

  1. Create, delete, or edit an organization.
  2. Manage organization template: create, delete, or edit organization permissions and roles.
  3. Add members to, or remove members from an organization.
  4. Assign or remove the user's organization roles.
  5. Add machine-to-machine applications to, or remove machine-to-machine applications from an organization.
  6. Assign or remove machine-to-machine application's organization roles.

You can also check out this section for using Management API to enable more organization-level experience and management. Learn more

For a complete list of capabilities, please refer to our API references.