authaz / products / organization-managementHOSTED ยท BRANDABLEAPI + UIโ— CHANGES AUDITED

The settings page
your buyer already pictured.

Members, domains, policies, billing โ€” a full self-serve admin console out of the box. Per-tenant overrides, inherited defaults, audited every step.

Join the waitlist โ†’Read the docs
A
Acme Corporg_01HZX9
โ— 142 membersenterpriseus-east-1
WORKSPACE
โŒ‚General
โš‡Members
โšDomains
โ–ฆRoles
โš’Policies
โšฟSSO
BILLING
$Plan
โŽ™Invoices
MembersInvitesGroupsActivity

Workspace identity

How your organization appears across login, invites, and admin emails.

Acme Corp
https://app.acme.com/acme/

Members ยท 142

Roster pulled from SCIM. Override role assignments inline; everything is audited.

USER
ROLE
SINCE
VM
Val Marsh
val@acme.com
owner
Aug 2024
โ‹ฏ
RW
Rod Walsh
rod@acme.com
admin
Sep 2024
โ‹ฏ
SK
Sam Kerr
sam@acme.com
developer
Nov 2024
โ‹ฏ
LB
Lee Bryant
lee@acme.com
billing-admin
Jan 2026
โ‹ฏ

Policy overrides

Tenant-level overrides on top of platform defaults. Both are versioned and audited.

Require MFA for admin actions
Inherits platform default ยท override active
Auto-join on verified domain
@acme.com ยท @acme-vendor.com
Allow personal accounts
Block social login for this tenant
session lifetime
7d ยท refresh 24h
max sessions / user
5
password rotation
disabled ยท webauthn-only
The shape

Every B2B product needs a settings page. Authaz ships the one you'd build.

Your buyers expect the same shape: members, domains, roles, policies, billing, audit. Authaz gives you all of it โ€” as an embeddable React surface or as raw API.

โ€” 01

Members + roles + invites

Add, remove, role-change, transfer ownership. Bulk import. Time-boxed guests for vendors and auditors.

โ€” 02

Domains + auto-join

Verified domains route new signups to the right org. Multi-region orgs get multiple domains; sandboxes get their own.

โ€” 03

Policies, inherited or overridden

Defaults at the platform level, overrides per tenant. Buyers tighten what they need; you don't loosen what you don't.

Surfaces

The console buyers want. The API you want.

โ€” 01

Domains, with the verification baked in.

TXT-record verification, primary/sandbox marking, region pinning. Auto-join on verified domains so new hires land in the right org without an invite ping-pong.

  • unlimited verified domains
  • sandbox / production marking
  • auto-join policy per domain
acme.com ยท primaryauto-join ยท ssoverified
acme.co.uk ยท region ยท euauto-joinverified
acme-labs.com ยท sandboxmanual invite onlyverified
getacme.iomarketing redirectDNS pending
โ€” 02

Roster that mirrors your IdP.

SCIM-pushed members, invite-onboarded admins, time-boxed guests. Source of truth for each row is captured and auditable.

  • SCIM ยท invite ยท domain auto-join ยท time-box
  • role + team in one row
  • export to CSV ยท webhooks for change events
MEMBERROLETEAMSOURCE
val@acme.comownerplatformsso ยท okta
rod@acme.comadminplatformsso ยท okta
lee@acme.combillingfinanceinvite
kim@acme.comdeveloperplatformscim
audit@deloitteguestexternaltime-box
โ€” 03

Policies the buyer's admin can read.

Session TTL, MFA, SSO enforcement, IP allow-list, audit retention, data residency. Each one labeled inherited or org override, so admins always know what's on.

  • inheritance ยท override ยท pin
  • diffable history of changes
  • simulator for "what would change ifโ€ฆ"
session.ttl12horg override
session.idle30minherited
mfa.requiredyes ยท webauthnorg override
sso.enforceyes ยท acme.com onlyorg override
ip.allowcorp range + vpnorg override
invite.auto-joinverified domains onlyinherited
audit.retention7 yrsorg override
data.regionus-west-2org override
โ€” 04

Billing that doesn't need a second product.

Seats, usage, plan, renewal โ€” surfaced where the buyer is already managing their org. Stripe-backed, with line items that mirror your pricing.

  • seats ยท usage ยท annual / monthly ยท proration
  • invoices ยท receipts ยท purchase orders
  • webhook to your billing system
Enterprise ยท Annual$48,000 / yr
142 / 200 seats71% used
seats ยท base200 ร— $200
locker ยท gb-mo410 gb
sso connections3 included
audit retention7 yrs
next invoice2027-04-12
API

Provision an org with everything turned on.

POST /v1/orgs200 ยท 41ms
await authaz.orgs.create({ name: "Acme Corp", domains: ["acme.com", "acme.co.uk"], policies: { mfa: "webauthn", session: { ttl: "12h" }, region: "us-west-2", }, billing: { plan: "enterprise" }, });
Spec

The fine print, up front.

Surfaces
embedded React console ยท hosted dashboard ยท admin API
Members
invite ยท SCIM ยท auto-join ยท time-boxed guests ยท transfer ownership
Domains
TXT verification ยท multi-region ยท sandbox marking ยท auto-join
Policies
session ยท MFA ยท SSO ยท IP ยท retention ยท region ยท inherit / override
Billing
Stripe-backed ยท seats ยท usage ยท annual / monthly ยท invoices
Audit
every config change ยท diffable ยท streamed to your SIEM
Webhooks
member ยท domain ยท policy ยท billing ยท session events
Pricing model
per active member ยท org chrome included
Pairs with

One platform. Every primitive.

Every Authaz product shares the same primitives โ€” sessions, policies, audit, tenants. Pick what you need today; add the rest when you do.

01 ยท USER MANAGEMENT

User Management

Profile lifecycle, sessions, and account controls in one place.

Read more โ†’
02 ยท MULTI-TENANT ORGANIZATIONS

Multi-tenant Organizations

Model organizations, members, and tenant boundaries cleanly.

Read more โ†’
03 ยท RBAC & PERMISSIONS

RBAC & Permissions

Role-based access controls for customer and admin surfaces.

Read more โ†’
Explore all products โ†’
Get started

Ship the settings page on day one.

Members, domains, policies, billing โ€” the surface every B2B buyer expects, ready before signup.

Join the waitlist โ†’Read the docs