Organizations and users

​

Organizations

​

Organization structure

• Organization ID: Unique identifier (e.g., org_1234567890)
• Display name: Human-readable name (e.g., “Acme Corporation”)
• Domains: Email domains owned by the organization (e.g., @acme.com)
• Members: Users belonging to the organization
• SSO connections: Enterprise identity provider configurations
• Metadata: Custom attributes for organization-specific data

​

Creating organizations

const organization = await scalekit.organization.create({
  displayName: 'Acme Corporation',
  externalId: 'acme-corp-123',
  metadata: {
    plan: 'enterprise',
    industry: 'technology'
  }
});

​

Users

​

User structure

• User ID: Unique identifier (e.g., usr_1234567890)
• Email: Primary email address
• Name: Display name
• Profile: Additional attributes (phone, picture, etc.)
• Memberships: Organizations the user belongs to
• Identities: Linked authentication methods

​

User creation

const user = await scalekit.user.create({
  email: '[email protected]',
  givenName: 'John',
  familyName: 'Doe',
  organizationId: 'org_1234567890'
});

​

Multi-tenancy patterns

​

Single organization per user

• Traditional B2B SaaS
• Enterprise applications
• Internal tools

const user = await scalekit.user.get(userId);
const organizationId = user.organizationId;

​

Multiple organizations per user

• Collaboration platforms
• Consulting tools
• Freelancer applications

const memberships = await scalekit.user.listOrganizations(userId);

// User selects organization
const selectedOrg = memberships[0].organizationId;

// Create new session scoped to organization
const authUrl = scalekit.getAuthorizationUrl(redirectUri, {
  organizationId: selectedOrg
});

​

Workspaces

• Project management tools
• Design collaboration platforms
• Development environments

// Organization has multiple workspaces
const workspaces = await scalekit.organization.listWorkspaces(orgId);

// User accesses specific workspace
const workspace = workspaces.find(w => w.id === workspaceId);

​

Domain management

​

Domain verification

• Automatic user assignment
• Domain-based SSO routing
• Email domain restrictions

• DNS TXT record
• Meta tag in website HTML
• File upload to website root

​

Domain-based routing

const email = '[email protected]';
const domain = email.split('@')[1];

// Check if domain has SSO configured
const connections = await scalekit.connections.listConnectionsByDomain({ domain });

if (connections.length > 0) {
  // Redirect to SSO
  const authUrl = scalekit.getAuthorizationUrl(redirectUri, {
    domainHint: domain
  });
  return redirect(authUrl);
} else {
  // Show standard login
  return showPasswordLogin();
}

​

Organization roles and permissions

​

Built-in roles

• Owner: Full administrative access
• Admin: Manage users and settings
• Member: Standard user access
• Guest: Limited access

​

Custom roles

const role = await scalekit.organization.createRole(organizationId, {
  name: 'Editor',
  permissions: [
    'read:documents',
    'write:documents',
    'comment:documents'
  ]
});

// Assign role to user
await scalekit.organization.assignRole(organizationId, userId, role.id);

​

Permission checking

const hasPermission = await scalekit.user.hasPermission(
  userId,
  organizationId,
  'write:documents'
);

if (hasPermission) {
  // Allow document editing
} else {
  // Return 403 Forbidden
}

​

User invitations

const invitation = await scalekit.organization.inviteUser(organizationId, {
  email: '[email protected]',
  role: 'member',
  sendEmail: true
});

​

SCIM provisioning

• Automatic user creation: Users are created when assigned in IdP
• Profile sync: User attributes stay synchronized
• Group-based access: Map IdP groups to organization roles
• Deprovisioning: Users are removed when unassigned in IdP

​

Next steps