Organizations moving forward

2023 was a big year for the Okta Customer Identity Cloud (CIC) Organizations product, which made its debut in April 2021. Adoption and product usage more than doubled. It led to a lot of learning and product investment. I’m excited to share our progress and what’s planned next.

First, a quick recap on Organizations: Organizations provides the technical infrastructure for developers building SaaS applications to build and maintain multi-tenancy and access control in their applications. It does this by assigning Org_IDs to Organizations and then letting users join those organizations as members. Organizations can also be assigned metadata, tied to customers’ Identity providers (IdPs) like Okta Workforce Identity Cloud and Microsoft Azure, and assigned Role Based Access Controls (RBAC).

A well-utilized Organizations implementation lets developers quickly create configurable and custom experiences for their biggest and smallest business customers.

Unlimited scale

A lot of 2023 work focused on scaling the product so any business could use it to manage their customer access. Early in the year, we created the path for customers to increase their organization limits from 100,000 organizations per tenant and organization members per organization to 2 million organizations and organizations members.

Now, Private Cloud customers can create as many organizations as they need. While nothing in computing is truly unlimited, we’ve tested models with billions of users. Provided Organizations is used to model business entities and their users, we’re now confident it will scale to any business-based use case.

As we’ve seen the adoption of the product grow, we’ve heard requests to update other limits. If you’re interested in upgraded entity limits or rate limits for other Organizations features, please let us know on the community forums or through your account representative.

Out-of-the-box features

Our goal is to reduce the time it takes for developers to implement best-in-class Identity tooling, so we added features that made Organizations quicker to implement. The largest out-of-the-box feature in 2023 was the release of the Organization Picker and support for Home Realm Discovery in Organizations.

Now, developers building SaaS applications that can let their users choose which organization they want to log in to after authentication. This is great for more complex business scenarios like consultancies that are helping multiple clients using the same software application, employees who were part of acquisitions and have IdPs in transition, and multi-brand companies that have customers using multiple products or brands.

In addition to the Organization Picker, we made the product easier to implement by adding per-organization MFA selection via Actions plus the ability to call the APIs with Organization Name, rather than ID, and reduce the API calls it takes to build customer dashboards by getting organization members with roles.

Looking Ahead

Features involving Organizations will be a major focus of ours moving forward in 2024. Whether it’s adding direct features to the Organizations product, like being able to hide connections from organization login boxes, or new features that will work on a per-organization basis, there is a lot to look forward to.

The first addition to look out for this year is the ability to hide enterprise connections from Organization login boxes. We recently added this feature to the roadmap based on customer feedback. Now, SaaS companies can add and hide their own IdP to each organization, so their support staff can log in with the context of specific customers using a central IdP.

One of the most exciting new capabilities coming is controlling client credentials per organization, so you can better control access to internal resources. These changes will allow SaaS organizations to quickly implement authorization logic for 3rd party developers to access APIs and build customer-specific automations for their organizations.

Finally, we have some big features coming, like Self Service Single Sign On, that will interact with the Organizations feature set. Self Service Single Sign On is a set of new APIs and workflows that a developer can utilize to expose a workflow to customer IT administrators to set up their IdPs and the main authentication source. This workflow will set up an enterprise connection in Auth0 with all the settings the customer IT administrator sets up, saving developer and customer support hours to onboard new enterprise customers.

Have a suggestion?

We always strive for customer-led roadmap planning. If you have feedback as the Organizations product grows, please reach out through your Okta CIC representative, or through the Auth0 Community. We look forward to working with you to make the best developer Identity tooling possible.