Organizations and B2B Single Sign-On
Organizations are a way to group users within one project. An organization always belongs to one Ory project. Within a project, an identity can belong to an organization or remain without an organization. Organizations contain multiple OIDC SSO connections. All members of an organization must use one of the organization's OIDC SSO connections to log in.
An organization can have multiple domains. Registrations for email addresses with a domain that belongs to an organization must go through one of the organization's OIDC SSO connections.
Manage organizations
Organizations can be managed using the Ory Console.
To create, update, or delete organizations via the Ory Console, navigate to Authentication > Organizations.
Create SSO connections for an organization
After creating an organization, continue by adding one or more SSO OIDC connections.
Next, go to your registration page. Entering an email that ends with the organization's domain, such as @my.example.com from the
example above, shows a Sign in with SSO button instead of the password field. Clicking it will take you to sign in with the
SSO connection. The SSO connection is not visible for email addresses that are not managed by the organization.
Organizations are only available in Ory Network and are not supported in self-hosted Ory Kratos. If you have any questions, or if you would like more information about transitioning to Ory Network, please don't hesitate to reach out.