Organizations
Create tenants and manage multi-org membership.
Organizations are tenants in SqlOS. Each organization has its own users (via memberships), optional SSO configuration, and a slug for URL-friendly identification.
Create an organization
Dashboard: Auth Server > Organizations
SDK:
var org = await adminService.CreateOrganizationAsync(new CreateOrganizationRequest
{
Name = "Acme Corp",
Slug = "acme",
PrimaryDomain = "acme.com"
});
Admin API:
curl -X POST http://localhost:5062/sqlos/admin/auth/api/organizations \
-H "Content-Type: application/json" \
-d '{"name": "Acme Corp", "slug": "acme", "primaryDomain": "acme.com"}'
| Field | Required | Description |
|---|---|---|
name | Yes | Display name |
slug | No | URL-friendly identifier, auto-generated if omitted |
primaryDomain | No | Email domain for SSO routing (e.g., acme.com) |
Primary domain
When you set a primary domain, AuthServer uses it for home realm discovery. Users with matching email domains are automatically routed to SSO instead of password login.
Create a membership
Users join organizations through memberships. Each membership has a role.
var membership = await adminService.CreateMembershipAsync(new CreateMembershipRequest
{
OrganizationId = org.Id,
UserId = user.Id,
Role = "admin"
});
Multi-org login
When a user belongs to multiple organizations and logs in without specifying one, AuthServer returns a RequiresOrganizationSelection response with the list of available organizations. Your app presents the list and calls SelectOrganizationAsync to complete login.
var result = await authService.LoginWithPasswordAsync(
new SqlOSPasswordLoginRequest(email, password, clientId),
httpContext, ct);
if (result.RequiresOrganizationSelection)
{
// result.Organizations contains the options
// result.PendingAuthToken is used to complete selection
}
Organization switching
Users can switch organizations without re-authenticating by passing a different organizationId during token refresh.