Organisations moving forward

2023 was a big year for the Okta Customer Identity Cloud (CIC) Organisations product, which made its debut in April 2021. Adoption and product usage more than doubled. It led to a lot of learning and product investment. I’m excited to share our progress and what’s planned next.

First, a quick recap on Organisations: Organisations provides the technical infrastructure for developers building SaaS applications to build and maintain multi-tenancy and access control in their applications. It does this by assigning Org_IDs to Organisations and then letting users join those organisations as members. Organisations can also be assigned metadata, tied to customers’ Identity providers (IdPs) like Okta Workforce Identity Cloud and Microsoft Azure, and assigned Role Based Access Controls (RBAC).

A well-utilised Organisations implementation lets developers quickly create configurable and custom experiences for their biggest and smallest business customers.

Unlimited scale

A lot of 2023 work focused on scaling the product so any business could use it to manage their customer access. Early in the year, we created the path for customers to increase their organisation limits from 100,000 organisations per tenant and organisation members per organisation to 2 million organisations and organisations members.

Now, Private Cloud customers can create as many organisations as they need. While nothing in computing is truly unlimited, we’ve tested models with billions of users. Provided Organisations is used to model business entities and their users, we’re now confident it will scale to any business-based use case.

As we’ve seen the adoption of the product grow, we’ve heard requests to update other limits. If you’re interested in upgraded entity limits or rate limits for other Organisations features, please let us know on the community forums or through your account representative.

Out-of-the-box features

Our goal is to reduce the time it takes for developers to implement best-in-class Identity tooling, so we added features that made Organisations quicker to implement. The largest out-of-the-box feature in 2023 was the release of the Organisation Picker and support for Home Realm Discovery in Organisations.

Now, developers building SaaS applications that can let their users choose which organisation they want to log in to after authentication. This is great for more complex business scenarios like consultancies that are helping multiple clients using the same software application, employees who were part of acquisitions and have IdPs in transition, and multi-brand companies that have customers using multiple products or brands.

In addition to the Organisation Picker, we made the product easier to implement by adding per-organisation MFA selection via Actions plus the ability to call the APIs with Organisation Name, rather than ID, and reduce the API calls it takes to build customer dashboards by getting organisation members with roles.

Looking Ahead

Features involving Organisations will be a major focus of ours moving forward in 2024. Whether it’s adding direct features to the Organisations product, like being able to hide connections from organisation login boxes, or new features that will work on a per-organisation basis, there is a lot to look forward to.

The first addition to look out for this year is the ability to hide enterprise connections from Organisation login boxes. We recently added this feature to the roadmap based on customer feedback. Now, SaaS companies can add and hide their own IdP to each organisation, so their support staff can log in with the context of specific customers using a central IdP.

One of the most exciting new capabilities coming is controlling client credentials per organisation, so you can better control access to internal resources. These changes will allow SaaS organisations to quickly implement authorisation logic for 3rd party developers to access APIs and build customer-specific automations for their organisations.

Finally, we have some big features coming, like Self Service Single Sign On, that will interact with the Organisations feature set. Self Service Single Sign On is a set of new APIs and workflows that a developer can utilise to expose a workflow to customer IT administrators to set up their IdPs and the main authentication source. This workflow will set up an enterprise connection in Auth0 with all the settings the customer IT administrator sets up, saving developer and customer support hours to onboard new enterprise customers.

Have a suggestion?

We always strive for customer-led roadmap planning. If you have feedback as the Organisations product grows, please reach out through your Okta CIC representative, or through the Auth0 Community. We look forward to working with you to make the best developer Identity tooling possible.