Manage organization
This section covers how developers manage their organizations via Logto Console or Logto Management API, not how organization admins self-serve managing their members within your app. To learn more about how to develop your orgnaization experience, please check this guide.
Manage via Logto Console
Create an organization
Navigate to Console > Organizations and click the "Create organization" button.
Basic settings
You can configure the basic attributes of the organization like name, description, logo, etc.
Require MFA for organization members
You can require all members of an organization to enable MFA. This is a security measure to ensure that all members have an extra layer of protection when accessing the organization's resources.
To enable this feature, go to the organization details page and turn on the "Multi-factor authentication (MFA)" toggle switch.
You'll need to enable at least one MFA method in order to make this feature work properly.
Once enabled, members without MFA configured will not be able to exchange organization access tokens until they set up MFA.
Please note that:
- This feature only checks if the user has MFA configured. It does not force users to use MFA when exchanging access tokens.
- This feature does not limit what MFA methods users can use.
Just-in-Time provisioning
Just-in-Time provisioning automatically adds users to an organization when they first sign in to the app. In Logto, this is supported for Enterprise SSO and email domain-based provisioning. When users meet specific criteria, like signing in through a specific enterprise IdP or using an email with a certain domain, they are automatically added to the organization.
You can also set default organization roles for members when they first join the organization.
For more details on Just-in-Time provisioning and how to set it up, refer to this section.
Manage organization members
Users can hold one or more roles. When adding members to an organization, you have the option to assign roles to multiple users at once. If you leave this assignment blank, the added users will not receive any roles.
In the Console > User management > User details page , you can see which organizations the user belongs to and what organization roles they have.
Manage organization M2M applications
Machine-to-machine applications can also be added to organizations. You can assign roles to machine-to-machine applications like you assign roles to users.
In the Console > Applications > Application details page, you can see which organizations the application associates with and what organization roles it has.
Manage via Logto Management API
Everything you can do in Logto Console can also be done through Management API. This includes, but is not limited to:
- Create, delete, or edit an organization.
- Manage organization template: create, delete, or edit organization permissions and roles.
- Add members to, or remove members from an organization.
- Assign or remove the user's organization roles.
- Add machine-to-machine applications to, or remove machine-to-machine applications from an organization.
- Assign or remove machine-to-machine application's organization roles.
You can also check out this section for using Management API to enable more organization-level experience and management. Learn more
For a complete list of capabilities, please refer to our API references.