> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Update Organization
> Update Organization details using the Stytch Next.js SDK
export const getBySlug_0 = undefined;
export const action_0 = "update";
export const resource_0 = "stytch.organization";
export const organization = "Represents an instance or tenant in your application, typically mapping to each of your top-level customers.";
export const member = "Represents an individual end user's account within a given Organization, uniquely identified within that Organization by their email address.";
The `organization.update` method wraps the [update organization](/api-reference/b2b/api/organizations/update-organization) API endpoint. This will update the logged-in Member'sOrganization.
**RBAC Enforced Method**
This method requires a valid Session for a member with permission to perform the **{action_0} Action** on the **{resource_0} Resource**.
Before using this method, enable **Member actions & organization modifications** in the [Frontend SDK page](https://stytch.com/dashboard/sdk-configuration). To learn more, see our [RBAC guide](/multi-tenant-auth/enterprise-ready/rbac/create-rbac-policy).
## Parameters
The name of the Organization. Must be between 1 and 128 characters in length. If this field is provided, the logged-in
Member must have permission to perform the `update.info.name` action on the `stytch.organization` Resource.
The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved
characters: `- . _ ~`. Must be between 2 and 128 characters in length. Wherever an organization\_id is expected in a
path or request parameter, you may also use the organization\_slug as a convenience. If this field is provided, the
logged-in Member must have permission to perform the `update.info.slug` action on the `stytch.organization` Resource.
The image URL of the Organization logo.
If this field is provided, the logged-in Member must have permission to perform the `update.info.logo-url` action on the `stytch.organization` Resource.
The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are:
* `RESTRICTED` – only new Members with verified emails that comply with email\_allowed\_domains can be provisioned upon authentication via Email Magic Link or OAuth
* `NOT_ALLOWED` – the default setting, disables JIT provisioning via Email Magic Link and OAuth
If this field is provided, the logged-in Member must have permission to perform the `update.settings.email-jit-provisioning` action on the `stytch.organization` Resource.
The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are:
* `ALL_ALLOWED` – any new Member can be invited to join via email
* `RESTRICTED` – only new Members with verified emails that comply with email\_allowed\_domains can be invited via email
* `NOT_ALLOWED` – disable email invites
If this field is provided, the logged-in Member must have permission to perform the `update.settings.email-invites` action on the `stytch.organization` Resource.
An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`. Common domains such as gmail.com are not allowed. See the [list of common email domains](/multi-tenant-auth/enterprise-ready/org-management/jit-provision-members#by-email-domain) for the full list.
If this field is provided, the logged-in Member must have permission to perform the `update.settings.allowed-domains` action on the `stytch.organization` Resource.
The default connection used for SSO when there are multiple active connections.
If this field is provided, the logged-in Member must have permission to perform the `update.settings.default-sso-connection` action on the `stytch.organization` Resource.
The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are:
* `ALL_ALLOWED` – the default setting, new Members will be automatically provisioned upon successful authentication via any of the Organization's sso\_active\_connections
* `RESTRICTED` – only new Members with SSO logins that comply with sso\_jit\_provisioning\_allowed\_connections can be provisioned upon authentication
* `NOT_ALLOWED` – disable JIT provisioning via SSO
If this field is provided, the logged-in Member must have permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource.
An array of `connection_id`s that reference [SAML Connection objects](/api-reference/b2b/api/sso/saml-connection-object). Only these connections will be allowed to JIT provision Members via SSO when sso\_jit\_provisioning is set to RESTRICTED.
If this field is provided, the logged-in Member must have permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource.
The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are:
* `ALL_ALLOWED` – the default setting which allows all authentication methods to be used
* `RESTRICTED` – only methods that comply with allowed\_auth\_methods can be used for authentication. This setting does not apply to Members with is\_breakglass set to true
If this field is provided, the logged-in Member must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
An array of allowed authentication methods. This list is enforced when auth\_methods is set to RESTRICTED. The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
If this field is provided, the logged-in Member must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:
* `ALL_ALLOWED` – the default setting which allows all authentication methods to be used
* `RESTRICTED` – only methods that comply with allowed\_mfa\_methods can be used for authentication. This setting does not apply to Members with is\_breakglass set to true
If this field is provided, the logged-in Member must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
An array of allowed MFA authentication methods. This list is enforced when mfa\_methods is set to RESTRICTED. The list's accepted values are: `sms_otp` and `totp`.
If this field is provided, the logged-in Member must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
* `REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid
* `OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their mfa\_enrolled status is set to true
If this field is provided, the logged-in Member must have permission to perform the `update.settings.mfa-policy` action on the `stytch.organization` Resource.
Implicit role assignments based off of email domains. For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the associated Role, regardless of their login method. See the [RBAC guide](/multi-tenant-auth/enterprise-ready/rbac/assigning-roles-to-members) for more information about role assignment.
If this field is provided, the logged-in Member must have permission to perform the `update.settings.implicit-roles` action on the `stytch.organization` Resource.
Email domain that grants the specified Role.
The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable.
Reserved role\_ids that are predefined by Stytch include:
* `stytch_member`
* `stytch_admin`
Check out the [guide on Stytch default Roles](/multi-tenant-auth/enterprise-ready/rbac/create-rbac-policy#default-roles-and-resources) for a more detailed explanation.
The authentication setting that controls how a new Member can JIT provision into an Organization by tenant. The accepted values are:
* `RESTRICTED` – only new Members with tenants in allowed\_oauth\_tenants can JIT provision via tenant
* `NOT_ALLOWED` – the default setting, disables JIT provisioning by OAuth Tenant
If this field is provided, the logged-in Member must have permission to perform the `update.settings.oauth-tenant-jit-provisioning` action on the `stytch.organization` Resource.
A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack", "hubspot", and "github".
If this field is provided, the logged-in Member must have permission to perform the `update.settings.allowed-oauth-tenants` action on the `stytch.organization` Resource.
## Response
The updated Organization.
Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value. You may also use the `organization_slug` or `organization_external_id` here as a convenience.
The name of the Organization. Must be between 1 and 128 characters in length.
The image URL of the Organization logo.
The unique URL slug of the Organization.
The slug only accepts alphanumeric characters and the following reserved characters: `- . _ ~`. Must be between 2 and 128 characters in length.
Wherever an `organization_id` is expected in a path or request parameter, you may also use the `organization_slug` as a convenience.
{!getBySlug_0 && (
A unique identifier for the Organization.
)}
{!getBySlug_0 && (
The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are:
ALL_ALLOWED – the default setting, new Members will be automatically provisioned upon successful authentication via any of the Organization's sso_active_connections
RESTRICTED – only new Members with SSO logins that comply with sso_jit_provisioning_allowed_connections can be provisioned upon authentication
NOT_ALLOWED – disable JIT provisioning via SSO
)}
{!getBySlug_0 && (
An array of connection_ids that reference SAML Connection objects. Only these
connections will be allowed to JIT provision Members via SSO when sso_jit_provisioning is set to RESTRICTED.
)}
An array of active [SAML Connection references](/api-reference/b2b/api/sso/saml-connection-object) or [OIDC Connection references](/api-reference/b2b/api/sso/oidc-connection-object).
Globally unique UUID that identifies a specific SSO `connection_id` for a Member.
A human-readable display name for the connection.
{!getBySlug_0 && (
An active SCIM Connection references.
The ID of the SCIM connection.
A human-readable display name for the connection.
)}
An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`
Common domains such as gmail.com are not allowed. See the [full list of disallowed common email domains](/multi-tenant-auth/enterprise-ready/org-management/jit-provision-members#by-email-domain).
The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are:
* `RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth
* `NOT_ALLOWED` – the default setting, disables JIT provisioning via Email Magic Link and OAuth
{!getBySlug_0 && (
The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are:
ALL_ALLOWED – any new Member can be invited to join via email
RESTRICTED – only new Members with verified emails that comply with email_allowed_domains can be invited via email
NOT_ALLOWED – disable email invites
)}
The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are:
* `ALL_ALLOWED` – the default setting which allows all authentication methods to be used
* `RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to true
An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`. The list's accepted values are: `sso`, `magic_link`, `email_otp`, `password`, `google_oauth`, `microsoft_oauth`, `slack_oauth`, `github_oauth`, and `hubspot_oauth`.
{!getBySlug_0 && (
The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:
ALL_ALLOWED – the default setting which allows all authentication methods to be used
RESTRICTED – only methods that comply with allowed_mfa_methods can be used for authentication. This setting does not apply to Members with is_breakglass set to true
)}
{!getBySlug_0 && (
An array of allowed MFA authentication methods. This list is enforced when mfa_methods is set to RESTRICTED. The
list's accepted values are: sms_otp and totp.
)}
{!getBySlug_0 && (
An arbitrary JSON object for storing application-specific data or identity-provider-specific data.
)}
The default connection used for SSO when there are multiple active connections.
{!getBySlug_0 && (
Implicit role assignments based off of email domains. For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the associated Role, regardless of their login method. See the RBAC guide for more information about role assignment.
Email domain that grants the specified Role.
The unique identifier of the RBAC Role, provided by the developer and intended to be human-readable.
Reserved role_ids that are predefined by Stytch include:
stytch_member
stytch_admin
Check out the guide on Stytch default Roles for a more detailed explanation.
)}
The authentication setting that controls how a new Member can JIT provision into an Organization by tenant. The accepted values are:
* `RESTRICTED` – only new Members with tenants in `allowed_oauth_tenants` can JIT provision via tenant
* `NOT_ALLOWED` – the default setting, disables JIT provisioning by OAuth Tenant
A map of allowed OAuth tenants. If this field is not passed in, the Organization will not allow JIT provisioning by OAuth Tenant. Allowed keys are "slack", "hubspot", and "github".
{!getBySlug_0 && (
The authentication setting that sets the Organization's policy towards first party Connected Apps. The accepted values are:
ALL_ALLOWED – the default setting, any first party Connected App in the Project is permitted for use by Members
RESTRICTED – only first party Connected Apps with IDs in allowed_first_party_connected_apps can be used by Members
NOT_ALLOWED – no first party Connected Apps are permitted
)}
{!getBySlug_0 && (
An array of first party Connected App IDs that are allowed for the Organization. Only used when the Organization's first_party_connected_apps_allowed_type is RESTRICTED.
)}
{!getBySlug_0 && (
The authentication setting that sets the Organization's policy towards third party Connected Apps. The accepted values are:
ALL_ALLOWED – the default setting, any third party Connected App in the Project is permitted for use by Members
RESTRICTED – only third party Connected Apps with IDs in allowed_third_party_connected_apps can be used by Members
NOT_ALLOWED – no third party Connected Apps are permitted
)}
{!getBySlug_0 && (
An array of third party Connected App IDs that are allowed for the Organization. Only used when the Organization's third_party_connected_apps_allowed_type is RESTRICTED.
)}
{!getBySlug_0 && (
The timestamp of the Organization's creation. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.
)}
{!getBySlug_0 && (
The timestamp of when the Organization was last updated. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. 2021-12-29T12:33:09Z.
)}
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we
may ask for this value to help identify a specific API call when helping you debug an issue.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values
equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
```jsx theme={null}
import { useStytchB2BClient } from '@stytch/nextjs/b2b';
export const UpdateOrganizationName = () => {
const stytch = useStytchB2BClient();
const updateOrganizationName = () => {
stytch.organization.update({
organization_name: 'Updated Organization Name',
});
};
return ;
};
```
```json theme={null}
{
"status_code": 200,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"organization": {
"email_allowed_domains": [],
"email_invites": "ALL_ALLOWED",
"email_jit_provisioning": "ALL_ALLOWED",
"mfa_policy": "OPTIONAL",
"organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
"organization_logo_url": "",
"organization_name": "Example Org Inc.",
"organization_slug": "example-org",
"organization_external_id": "example-org-external-id",
"sso_default_connection_id": null,
"sso_jit_provisioning": "ALL_ALLOWED",
"sso_jit_provisioning_allowed_connections": [],
"sso_active_connections": [],
"scim_active_connection": null,
"trusted_metadata": {},
"auth_methods": "ALL_ALLOWED",
"allowed_auth_methods": [],
"oauth_tenant_jit_provisioning": "NOT_ALLOWED",
"allowed_oauth_tenants": {},
"first_party_connected_apps_allowed_type": "ALL_ALLOWED",
"allowed_first_party_connected_apps": [],
"third_party_connected_apps_allowed_type": "ALL_ALLOWED",
"allowed_third_party_connected_apps": []
}
}
```