An easy guide to begin with Logto organizations - for building a multi-tenant app
An organization is a group of users representing teams, business customers, and partner companies that access your applications. It is important for supporting multi-tenant app requirements. In this tutorial, we will guide you through setting up organization features and using the organization to build the identity infrastructure for your SaaS app.
You can watch this quick-start video or simply read the text version for the same information.
Start by setting up organizations
To begin, go to your project tenant and navigate to the organization section. Click on "Set up your organization."
You will be directed to a tutorial page that explains key concepts and how organizations work in Logto.
Understand how it works
An organization represents a group of users and can include teams, business customers, and partner companies. Each user within the organization is considered a "Member." These entities are crucial for managing your multi-tenant requirements.
However, simply grouping users is not enough. The organization itself has an organization-level role-based access control.
In multi-tenant SaaS applications, multiple organizations often share the same access control template, which includes permissions and roles. In Logto, this is referred to as the "organization template."
Now, let's delve deeper into key components of the organization template**:** the organization permission and organization role.
Organization permission refers to the authorization granted to access a resource within the organization context.
Organization role is a grouping of organization permissions that can be assigned to members. Each organization's role contains a set of organization permissions.
You might be wondering how the organization template works with the organization to establish the identity authentication and authorization model of a SaaS product.
Let's use this diagram to understand how everything connects
- John belongs to two organizations, using his email "[email protected]" as the single identifier. He is the admin of organization A and a guest of organization B.
- Sarah belongs to one organization, using her email "[email protected]" as the single identifier. She is the admin of organization B.
- The "Admin" role shares the same organization template across different organizations.
- The "Member" role also shares the same organization template across different organizations.
Now you’ve understand the basic concepts. Let’s follow the instructions to set up organization permissions and roles.
Define organization permissions
Define organization roles
Now you have an organization template ready to use. Every time you create a new organization, it will automatically inherit this access control template. All you need to do is assign the relevant roles to the members accordingly.
Create your first organization
Now, let's create your first organization. The following steps in the bottom card will take you to the guide to adding members, changing roles, and performing other user management tasks.
Manage organizations and organization template
What you just created is an empty organization, and you can add members to it. Go to the organization section and navigate to the member tab. Click on "Add Members" to bulk-select users in your tenant and assign organization roles to them. Alternatively, you can leave it empty if you have yet to decide on their roles.
You can also perform individual editing tasks. Click on the three dots button to remove a member from the organization or change their organization roles.
Organization member list
Edit organization role of a specific member
If you wish to update your organization template, go to the organization template tab. Here, you can add additional permissions and roles or modify existing ones.
Manage organizations through Logto management API
Everything you can do in Console can also be done through Management API. This includes, but not limited to:
- Create, delete, or edit an organization.
- Add users to the organization.
- Remove users from the organization.
- Manage organization template:
- Add, delete, or edit organization roles.
- Add, delete, or edit organization permissions.
- Assign or remove user's organization roles.
For a complete list of capabilities, please refer to our API references.
Other resources
Logto has conducted extensive research and developed a thorough understanding of the best practices for creating multi-tenant apps. Feel free to explore their articles for more information.
Tenancy models for a multi-tenant app
Tenant isolation in multi-tenant application
Tenancy models for a multi-tenant app
🏢 Organizations (Multi-tenancy) | Logto Docs
Start using Logto organizations today to develop your multi-tenant app