Class: StytchB2B::Organizations

Inherits:

Object

• Object
• StytchB2B::Organizations

Includes:

Stytch::RequestHelper

Defined in:

lib/stytch/b2b_organizations.rb

Defined Under Namespace

Classes: ConnectedAppsRequestOptions, DeleteRequestOptions, GetConnectedAppRequestOptions, Members, UpdateRequestOptions

Instance Attribute Summary

• #members ⇒ Object readonly

  Returns the value of attribute members.

Instance Method Summary

• #connected_apps(organization_id:, method_options: nil) ⇒ Object

  Retrieves a list of Connected Apps for the Organization that have been installed by Members.

• #create(organization_name:, organization_slug: nil, organization_logo_url: nil, trusted_metadata: nil, organization_external_id: nil, sso_jit_provisioning: nil, email_allowed_domains: nil, email_jit_provisioning: nil, email_invites: nil, auth_methods: nil, allowed_auth_methods: nil, mfa_policy: nil, rbac_email_implicit_role_assignments: nil, mfa_methods: nil, allowed_mfa_methods: nil, oauth_tenant_jit_provisioning: nil, allowed_oauth_tenants: nil, claimed_email_domains: nil, first_party_connected_apps_allowed_type: nil, allowed_first_party_connected_apps: nil, third_party_connected_apps_allowed_type: nil, allowed_third_party_connected_apps: nil) ⇒ Object

  Creates an Organization.

• #delete(organization_id:, method_options: nil) ⇒ Object

  Deletes an Organization specified by ‘organization_id`.

• #get(organization_id:) ⇒ Object

  Returns an Organization specified by ‘organization_id`.

• #get_connected_app(organization_id:, connected_app_id:, method_options: nil) ⇒ Object

  Get Connected App for Organization retrieves information about the specified Connected App as well as a list of the Organization’s Members who have the App installed along with the scopes they requested at completion of their last authorization with the App.

• #initialize(connection) ⇒ Organizations constructor

  A new instance of Organizations.

• #metrics(organization_id:) ⇒ Object
• #search(cursor: nil, limit: nil, query: nil) ⇒ Object

  Warning: This endpoint is not recommended for use in login flows.

• #update(organization_id:, organization_name: nil, organization_slug: nil, organization_logo_url: nil, trusted_metadata: nil, organization_external_id: nil, sso_default_connection_id: nil, sso_jit_provisioning: nil, sso_jit_provisioning_allowed_connections: nil, email_allowed_domains: nil, email_jit_provisioning: nil, email_invites: nil, auth_methods: nil, allowed_auth_methods: nil, mfa_policy: nil, rbac_email_implicit_role_assignments: nil, mfa_methods: nil, allowed_mfa_methods: nil, oauth_tenant_jit_provisioning: nil, allowed_oauth_tenants: nil, claimed_email_domains: nil, first_party_connected_apps_allowed_type: nil, allowed_first_party_connected_apps: nil, third_party_connected_apps_allowed_type: nil, allowed_third_party_connected_apps: nil, method_options: nil) ⇒ Object

  Updates an Organization specified by ‘organization_id`.

Methods included from Stytch::RequestHelper

#delete_request, #get_request, #post_request, #put_request, #request_with_query_params

Constructor Details

#initialize(connection) ⇒ Organizations

Returns a new instance of Organizations.

# File 'lib/stytch/b2b_organizations.rb', line 92

def initialize(connection)
  @connection = connection

  @members = StytchB2B::Organizations::Members.new(@connection)
end

Instance Attribute Details

#members ⇒ Object (readonly)

Returns the value of attribute members.

# File 'lib/stytch/b2b_organizations.rb', line 90

def members
  @members
end

Instance Method Details

#connected_apps(organization_id:, method_options: nil) ⇒ Object

Retrieves a list of Connected Apps for the Organization that have been installed by Members. Installation comprises successful completion of an authorization flow with a Connected App that has not been revoked.

Connected Apps may be uninstalled if an Organization changes its ‘first_party_connected_apps_allowed_type` or `third_party_connected_apps_allowed_type` policies.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

connected_apps

(no documentation yet) The type of this field is list of OrganizationConnectedApp (object).

status_code

(no documentation yet) The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::ConnectedAppsRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 688

def connected_apps(
  organization_id:,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  query_params = {}
  request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/connected_apps", query_params)
  get_request(request, headers)
end

#create(organization_name:, organization_slug: nil, organization_logo_url: nil, trusted_metadata: nil, organization_external_id: nil, sso_jit_provisioning: nil, email_allowed_domains: nil, email_jit_provisioning: nil, email_invites: nil, auth_methods: nil, allowed_auth_methods: nil, mfa_policy: nil, rbac_email_implicit_role_assignments: nil, mfa_methods: nil, allowed_mfa_methods: nil, oauth_tenant_jit_provisioning: nil, allowed_oauth_tenants: nil, claimed_email_domains: nil, first_party_connected_apps_allowed_type: nil, allowed_first_party_connected_apps: nil, third_party_connected_apps_allowed_type: nil, allowed_third_party_connected_apps: nil) ⇒ Object

Creates an Organization. An ‘organization_name` and a unique `organization_slug` are required.

If no Organization authentication setting parameters are passed in, ‘email_invites` will default to `ALL_ALLOWED` so that the Organization has a way to add Members. Otherwise, `email_invites` will default to `NOT_ALLOWED`.

*See the [Organization authentication settings](stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like ‘email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.

Parameters:

organization_name

The name of the Organization. Must be between 1 and 128 characters in length. The type of this field is String.

organization_slug

The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: ‘-` `.` `_` `~`. Must be between 2 and 128 characters in length. Wherever an organization_id is expected in a path or request parameter, you may also use the organization_slug as a convenience. The type of this field is nilable String.

organization_logo_url

The image URL of the Organization logo. The type of this field is nilable String.

trusted_metadata

An arbitrary JSON object for storing application-specific data or identity-provider-specific data. The type of this field is nilable object.

organization_external_id

An identifier that can be used in API calls wherever a organization_id is expected. This is a string consisting of alphanumeric, ‘.`, `_`, `-`, or `|` characters with a maximum length of 128 characters. External IDs must be unique within a project, but may be reused across different projects in the same workspace. The type of this field is nilable String.

sso_jit_provisioning

The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are:

‘ALL_ALLOWED` – the default setting, new Members will be automatically provisioned upon successful authentication via any of the Organization’s ‘sso_active_connections`.

‘RESTRICTED` – only new Members with SSO logins that comply with `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication.

‘NOT_ALLOWED` – disable JIT provisioning via SSO.

The type of this field is nilable String.

email_allowed_domains

An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either ‘email_invites` or `email_jit_provisioning` is set to `RESTRICTED`.

Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list.

The type of this field is nilable list of String.

email_jit_provisioning

The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are:

‘RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth.

‘NOT_ALLOWED` – the default setting, disables JIT provisioning via Email Magic Link and OAuth.

The type of this field is nilable String.

email_invites

The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are:

‘ALL_ALLOWED` – any new Member can be invited to join via email.

‘RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be invited via email.

‘NOT_ALLOWED` – disable email invites.

The type of this field is nilable String.

auth_methods

The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are:

‘ALL_ALLOWED` – the default setting which allows all authentication methods to be used.

‘RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.

The type of this field is nilable String.

allowed_auth_methods

An array of allowed authentication methods. This list is enforced when ‘auth_methods` is set to `RESTRICTED`. The list’s accepted values are: ‘sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.

The type of this field is nilable list of String.

mfa_policy

The setting that controls the MFA policy for all Members in the Organization. The accepted values are:

‘REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid.

‘OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.

The type of this field is nilable String.

rbac_email_implicit_role_assignments

Implicit role assignments based off of email domains. For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the associated Role, regardless of their login method. See the [RBAC guide](stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment. The type of this field is nilable list of EmailImplicitRoleAssignment (object).

mfa_methods

The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:

‘ALL_ALLOWED` – the default setting which allows all authentication methods to be used.

‘RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.

The type of this field is nilable String.

allowed_mfa_methods

An array of allowed MFA authentication methods. This list is enforced when ‘mfa_methods` is set to `RESTRICTED`. The list’s accepted values are: ‘sms_otp` and `totp`.

The type of this field is nilable list of String.

oauth_tenant_jit_provisioning

The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are:

‘RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant.

‘NOT_ALLOWED` – the default setting, disables JIT provisioning by OAuth Tenant.

The type of this field is nilable String.

allowed_oauth_tenants

A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are “slack”, “hubspot”, and “github”. The type of this field is nilable object.

claimed_email_domains

A list of email domains that are claimed by the Organization. The type of this field is nilable list of String.

first_party_connected_apps_allowed_type

The authentication setting that sets the Organization’s policy towards first party Connected Apps. The accepted values are:

‘ALL_ALLOWED` – the default setting, any first party Connected App in the Project is permitted for use by Members.

‘RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.

‘NOT_ALLOWED` – no first party Connected Apps are permitted.

The type of this field is nilable CreateRequestFirstPartyConnectedAppsAllowedType (string enum).

allowed_first_party_connected_apps

An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization’s ‘first_party_connected_apps_allowed_type` is `RESTRICTED`. The type of this field is nilable list of String.

third_party_connected_apps_allowed_type

The authentication setting that sets the Organization’s policy towards third party Connected Apps. The accepted values are:

‘ALL_ALLOWED` – the default setting, any third party Connected App in the Project is permitted for use by Members.

‘RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.

‘NOT_ALLOWED` – no third party Connected Apps are permitted.

The type of this field is nilable CreateRequestThirdPartyConnectedAppsAllowedType (string enum).

allowed_third_party_connected_apps

An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization’s ‘third_party_connected_apps_allowed_type` is `RESTRICTED`. The type of this field is nilable list of String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

# File 'lib/stytch/b2b_organizations.rb', line 246

def create(
  organization_name:,
  organization_slug: nil,
  organization_logo_url: nil,
  trusted_metadata: nil,
  organization_external_id: nil,
  sso_jit_provisioning: nil,
  email_allowed_domains: nil,
  email_jit_provisioning: nil,
  email_invites: nil,
  auth_methods: nil,
  allowed_auth_methods: nil,
  mfa_policy: nil,
  rbac_email_implicit_role_assignments: nil,
  mfa_methods: nil,
  allowed_mfa_methods: nil,
  oauth_tenant_jit_provisioning: nil,
  allowed_oauth_tenants: nil,
  claimed_email_domains: nil,
  first_party_connected_apps_allowed_type: nil,
  allowed_first_party_connected_apps: nil,
  third_party_connected_apps_allowed_type: nil,
  allowed_third_party_connected_apps: nil
)
  headers = {}
  request = {
    organization_name: organization_name
  }
  request[:organization_slug] = organization_slug unless organization_slug.nil?
  request[:organization_logo_url] = organization_logo_url unless organization_logo_url.nil?
  request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
  request[:organization_external_id] = organization_external_id unless organization_external_id.nil?
  request[:sso_jit_provisioning] = sso_jit_provisioning unless sso_jit_provisioning.nil?
  request[:email_allowed_domains] = email_allowed_domains unless email_allowed_domains.nil?
  request[:email_jit_provisioning] = email_jit_provisioning unless email_jit_provisioning.nil?
  request[:email_invites] = email_invites unless email_invites.nil?
  request[:auth_methods] = auth_methods unless auth_methods.nil?
  request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
  request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
  request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
  request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
  request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
  request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
  request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
  request[:claimed_email_domains] = claimed_email_domains unless claimed_email_domains.nil?
  request[:first_party_connected_apps_allowed_type] = first_party_connected_apps_allowed_type unless first_party_connected_apps_allowed_type.nil?
  request[:allowed_first_party_connected_apps] = allowed_first_party_connected_apps unless allowed_first_party_connected_apps.nil?
  request[:third_party_connected_apps_allowed_type] = third_party_connected_apps_allowed_type unless third_party_connected_apps_allowed_type.nil?
  request[:allowed_third_party_connected_apps] = allowed_third_party_connected_apps unless allowed_third_party_connected_apps.nil?

  post_request('/v1/b2b/organizations', request, headers)
end

#delete(organization_id:, method_options: nil) ⇒ Object

Deletes an Organization specified by ‘organization_id`. All Members of the Organization will also be deleted.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. The type of this field is String.

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::DeleteRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 601

def delete(
  organization_id:,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  delete_request("/v1/b2b/organizations/#{organization_id}", headers)
end

#get(organization_id:) ⇒ Object

Returns an Organization specified by ‘organization_id`.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

# File 'lib/stytch/b2b_organizations.rb', line 317

def get(
  organization_id:
)
  headers = {}
  query_params = {}
  request = request_with_query_params("/v1/b2b/organizations/#{organization_id}", query_params)
  get_request(request, headers)
end

#get_connected_app(organization_id:, connected_app_id:, method_options: nil) ⇒ Object

Get Connected App for Organization retrieves information about the specified Connected App as well as a list of the Organization’s Members who have the App installed along with the scopes they requested at completion of their last authorization with the App.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

connected_app_id

The ID of the Connected App. The type of this field is String.

Returns:

An object with the following fields:

connected_app_id

The ID of the Connected App. The type of this field is String.

name

The name of the Connected App. The type of this field is String.

description

A description of the Connected App. The type of this field is String.

client_type

The type of Connected App. Supported values are ‘first_party`, `first_party_public`, `third_party`, and `third_party_public`. The type of this field is String.

active_members

Details about Members who has installed a Connected App. The type of this field is list of OrganizationConnectedAppActiveMember (object).

status_code

(no documentation yet) The type of this field is Integer.

logo_url

(no documentation yet) The type of this field is nilable String.

Method Options:

This method supports an optional StytchB2B::Organizations::GetConnectedAppRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 737

def get_connected_app(
  organization_id:,
  connected_app_id:,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  query_params = {}
  request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/connected_apps/#{connected_app_id}", query_params)
  get_request(request, headers)
end

#metrics(organization_id:) ⇒ Object

# File 'lib/stytch/b2b_organizations.rb', line 654

def metrics(
  organization_id:
)
  headers = {}
  query_params = {}
  request = request_with_query_params("/v1/b2b/organizations/#{organization_id}/metrics", query_params)
  get_request(request, headers)
end

#search(cursor: nil, limit: nil, query: nil) ⇒ Object

Warning: This endpoint is not recommended for use in login flows. Scaling issues may occur, as search performance may vary from ~150 milliseconds to 9 seconds depending on query complexity and rate limits are set to 100 requests/minute.

Search across your Organizations. Returns an array of Organization objects.

Parameters:

cursor

The ‘cursor` field allows you to paginate through your results. Each result array is limited to 1000 results. If your query returns more than 1000 results, you will need to paginate the responses using the `cursor`. If you receive a response that includes a non-null `next_cursor` in the `results_metadata` object, repeat the search call with the `next_cursor` value set to the `cursor` field to retrieve the next page of results. Continue to make search calls until the `next_cursor` in the response is null. The type of this field is nilable String.

limit

The number of search results to return per page. The default limit is 100. A maximum of 1000 results can be returned by a single search request. If the total size of your result set is greater than one page size, you must paginate the response. See the ‘cursor` field. The type of this field is nilable Integer.

query

The optional query object contains the operator, i.e. ‘AND` or `OR`, and the operands that will filter your results. Only an operator is required. If you include no operands, no filtering will be applied. If you include no query object, it will return all Organizations with no filtering applied. The type of this field is nilable SearchQuery (object).

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

organizations

An array of [Organization objects](stytch.com/docs/b2b/api/organization-object). The type of this field is list of Organization (object).

results_metadata

The search ‘results_metadata` object contains metadata relevant to your specific query like `total` and `next_cursor`. The type of this field is ResultsMetadata (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

# File 'lib/stytch/b2b_organizations.rb', line 640

def search(
  cursor: nil,
  limit: nil,
  query: nil
)
  headers = {}
  request = {}
  request[:cursor] = cursor unless cursor.nil?
  request[:limit] = limit unless limit.nil?
  request[:query] = query unless query.nil?

  post_request('/v1/b2b/organizations/search', request, headers)
end

#update(organization_id:, organization_name: nil, organization_slug: nil, organization_logo_url: nil, trusted_metadata: nil, organization_external_id: nil, sso_default_connection_id: nil, sso_jit_provisioning: nil, sso_jit_provisioning_allowed_connections: nil, email_allowed_domains: nil, email_jit_provisioning: nil, email_invites: nil, auth_methods: nil, allowed_auth_methods: nil, mfa_policy: nil, rbac_email_implicit_role_assignments: nil, mfa_methods: nil, allowed_mfa_methods: nil, oauth_tenant_jit_provisioning: nil, allowed_oauth_tenants: nil, claimed_email_domains: nil, first_party_connected_apps_allowed_type: nil, allowed_first_party_connected_apps: nil, third_party_connected_apps_allowed_type: nil, allowed_third_party_connected_apps: nil, method_options: nil) ⇒ Object

Updates an Organization specified by ‘organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members.

*See the [Organization authentication settings](stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like ‘email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.

Parameters:

organization_id

Globally unique UUID that identifies a specific Organization. The ‘organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the organization_slug or organization_external_id here as a convenience. The type of this field is String.

organization_name

The name of the Organization. Must be between 1 and 128 characters in length.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.info.name` action on the `stytch.organization` Resource.

The type of this field is nilable +String+.

organization_slug

The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: ‘-` `.` `_` `~`. Must be between 2 and 128 characters in length. Wherever an organization_id is expected in a path or request parameter, you may also use the organization_slug as a convenience.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.info.slug` action on the `stytch.organization` Resource.

The type of this field is nilable +String+.

organization_logo_url

The image URL of the Organization logo.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.info.logo-url` action on the `stytch.organization` Resource.

The type of this field is nilable +String+.

trusted_metadata

An arbitrary JSON object for storing application-specific data or identity-provider-specific data.

If a session header is passed into the request, this field may **not** be passed into the request. You cannot
update trusted metadata when acting as a Member.

The type of this field is nilable object.

organization_external_id

An identifier that can be used in API calls wherever a organization_id is expected. This is a string consisting of alphanumeric, ‘.`, `_`, `-`, or `|` characters with a maximum length of 128 characters. External IDs must be unique within a project, but may be reused across different projects in the same workspace. The type of this field is nilable String.

sso_default_connection_id

The default connection used for SSO when there are multiple active connections.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.default-sso-connection` action on the `stytch.organization` Resource.

The type of this field is nilable +String+.

sso_jit_provisioning

The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are:

‘ALL_ALLOWED` – the default setting, new Members will be automatically provisioned upon successful authentication via any of the Organization’s ‘sso_active_connections`.

‘RESTRICTED` – only new Members with SSO logins that comply with `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication.

‘NOT_ALLOWED` – disable JIT provisioning via SSO.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource.

The type of this field is nilable +String+.

sso_jit_provisioning_allowed_connections

An array of ‘connection_id`s that reference [SAML Connection objects](stytch.com/docs/b2b/api/saml-connection-object). Only these connections will be allowed to JIT provision Members via SSO when `sso_jit_provisioning` is set to `RESTRICTED`.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource.

The type of this field is nilable list of +String+.

email_allowed_domains

An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either ‘email_invites` or `email_jit_provisioning` is set to `RESTRICTED`.

Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.allowed-domains` action on the `stytch.organization` Resource.

The type of this field is nilable list of +String+.

email_jit_provisioning

The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are:

‘RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth.

‘NOT_ALLOWED` – the default setting, disables JIT provisioning via Email Magic Link and OAuth.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.email-jit-provisioning` action on the `stytch.organization` Resource.

The type of this field is nilable +String+.

email_invites

The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are:

‘ALL_ALLOWED` – any new Member can be invited to join via email.

‘RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be invited via email.

‘NOT_ALLOWED` – disable email invites.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.email-invites` action on the `stytch.organization` Resource.

The type of this field is nilable +String+.

auth_methods

The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are:

‘ALL_ALLOWED` – the default setting which allows all authentication methods to be used.

‘RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.

The type of this field is nilable +String+.

allowed_auth_methods

An array of allowed authentication methods. This list is enforced when ‘auth_methods` is set to `RESTRICTED`. The list’s accepted values are: ‘sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.

The type of this field is nilable list of +String+.

mfa_policy

The setting that controls the MFA policy for all Members in the Organization. The accepted values are:

‘REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid.

‘OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.mfa-policy` action on the `stytch.organization` Resource.

The type of this field is nilable +String+.

rbac_email_implicit_role_assignments

Implicit role assignments based off of email domains. For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the associated Role, regardless of their login method. See the [RBAC guide](stytch.com/docs/b2b/guides/rbac/role-assignment) for more information about role assignment.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.implicit-roles` action on the `stytch.organization` Resource.

The type of this field is nilable list of +EmailImplicitRoleAssignment+.

mfa_methods

The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:

‘ALL_ALLOWED` – the default setting which allows all authentication methods to be used.

‘RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.

The type of this field is nilable +String+.

allowed_mfa_methods

An array of allowed MFA authentication methods. This list is enforced when ‘mfa_methods` is set to `RESTRICTED`. The list’s accepted values are: ‘sms_otp` and `totp`.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.

The type of this field is nilable list of +String+.

oauth_tenant_jit_provisioning

The authentication setting that controls how a new Member can JIT provision into an organization by tenant. The accepted values are:

‘RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant.

‘NOT_ALLOWED` – the default setting, disables JIT provisioning by OAuth Tenant.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.oauth-tenant-jit-provisioning` action on the `stytch.organization` Resource.

The type of this field is nilable +String+.

allowed_oauth_tenants

A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are “slack”, “hubspot”, and “github”.

If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the ‘update.settings.allowed-oauth-tenants` action on the `stytch.organization` Resource.

The type of this field is nilable +object+.

claimed_email_domains

A list of email domains that are claimed by the Organization. The type of this field is nilable list of String.

first_party_connected_apps_allowed_type

The authentication setting that sets the Organization’s policy towards first party Connected Apps. The accepted values are:

‘ALL_ALLOWED` – the default setting, any first party Connected App in the Project is permitted for use by Members.

‘RESTRICTED` – only first party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.

‘NOT_ALLOWED` – no first party Connected Apps are permitted.

The type of this field is nilable UpdateRequestFirstPartyConnectedAppsAllowedType (string enum).

allowed_first_party_connected_apps

An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization’s ‘first_party_connected_apps_allowed_type` is `RESTRICTED`. The type of this field is nilable list of String.

third_party_connected_apps_allowed_type

The authentication setting that sets the Organization’s policy towards third party Connected Apps. The accepted values are:

‘ALL_ALLOWED` – the default setting, any third party Connected App in the Project is permitted for use by Members.

‘RESTRICTED` – only third party Connected Apps with IDs in `allowed_first_party_connected_apps` can be used by Members.

‘NOT_ALLOWED` – no third party Connected Apps are permitted.

The type of this field is nilable UpdateRequestThirdPartyConnectedAppsAllowedType (string enum).

allowed_third_party_connected_apps

An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization’s ‘third_party_connected_apps_allowed_type` is `RESTRICTED`. The type of this field is nilable list of String.

Returns:

An object with the following fields:

request_id

Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue. The type of this field is String.

organization

The [Organization object](stytch.com/docs/b2b/api/organization-object). The type of this field is Organization (object).

status_code

The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors. The type of this field is Integer.

Method Options:

This method supports an optional StytchB2B::Organizations::UpdateRequestOptions object which will modify the headers sent in the HTTP request.

# File 'lib/stytch/b2b_organizations.rb', line 521

def update(
  organization_id:,
  organization_name: nil,
  organization_slug: nil,
  organization_logo_url: nil,
  trusted_metadata: nil,
  organization_external_id: nil,
  sso_default_connection_id: nil,
  sso_jit_provisioning: nil,
  sso_jit_provisioning_allowed_connections: nil,
  email_allowed_domains: nil,
  email_jit_provisioning: nil,
  email_invites: nil,
  auth_methods: nil,
  allowed_auth_methods: nil,
  mfa_policy: nil,
  rbac_email_implicit_role_assignments: nil,
  mfa_methods: nil,
  allowed_mfa_methods: nil,
  oauth_tenant_jit_provisioning: nil,
  allowed_oauth_tenants: nil,
  claimed_email_domains: nil,
  first_party_connected_apps_allowed_type: nil,
  allowed_first_party_connected_apps: nil,
  third_party_connected_apps_allowed_type: nil,
  allowed_third_party_connected_apps: nil,
  method_options: nil
)
  headers = {}
  headers = headers.merge(method_options.to_headers) unless method_options.nil?
  request = {}
  request[:organization_name] = organization_name unless organization_name.nil?
  request[:organization_slug] = organization_slug unless organization_slug.nil?
  request[:organization_logo_url] = organization_logo_url unless organization_logo_url.nil?
  request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil?
  request[:organization_external_id] = organization_external_id unless organization_external_id.nil?
  request[:sso_default_connection_id] = sso_default_connection_id unless sso_default_connection_id.nil?
  request[:sso_jit_provisioning] = sso_jit_provisioning unless sso_jit_provisioning.nil?
  request[:sso_jit_provisioning_allowed_connections] = sso_jit_provisioning_allowed_connections unless sso_jit_provisioning_allowed_connections.nil?
  request[:email_allowed_domains] = email_allowed_domains unless email_allowed_domains.nil?
  request[:email_jit_provisioning] = email_jit_provisioning unless email_jit_provisioning.nil?
  request[:email_invites] = email_invites unless email_invites.nil?
  request[:auth_methods] = auth_methods unless auth_methods.nil?
  request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil?
  request[:mfa_policy] = mfa_policy unless mfa_policy.nil?
  request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil?
  request[:mfa_methods] = mfa_methods unless mfa_methods.nil?
  request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil?
  request[:oauth_tenant_jit_provisioning] = oauth_tenant_jit_provisioning unless oauth_tenant_jit_provisioning.nil?
  request[:allowed_oauth_tenants] = allowed_oauth_tenants unless allowed_oauth_tenants.nil?
  request[:claimed_email_domains] = claimed_email_domains unless claimed_email_domains.nil?
  request[:first_party_connected_apps_allowed_type] = first_party_connected_apps_allowed_type unless first_party_connected_apps_allowed_type.nil?
  request[:allowed_first_party_connected_apps] = allowed_first_party_connected_apps unless allowed_first_party_connected_apps.nil?
  request[:third_party_connected_apps_allowed_type] = third_party_connected_apps_allowed_type unless third_party_connected_apps_allowed_type.nil?
  request[:allowed_third_party_connected_apps] = allowed_third_party_connected_apps unless allowed_third_party_connected_apps.nil?

  put_request("/v1/b2b/organizations/#{organization_id}", request, headers)
end