Use this endpoint to exchange a Member's existing session for another session in a different Organization. This can be used to accept an invite, but not to create a new member via domain matching.
To create a new member via email domain JIT Provisioning, use the Exchange Intermediate Session flow instead.
If the user has already satisfied the authentication requirements of the Organization they are trying to switch into, this API will return member_authenticated: true and a session_token and session_jwt.
If the user has not satisfied the primary or secondary authentication requirements of the Organization they are attempting to switch into, this API will return member_authenticated: false and an intermediate_session_token.
If primary_required is set, prompt the user to fulfill the Organization's auth requirements using the options returned in primary_required.allowed_auth_methods.
If primary_required is null and mfa_required is set, check mfa_required.member_options to determine if the Member has SMS OTP or TOTP set up for MFA and prompt accordingly. If the Member has SMS OTP, check mfa_required.secondary_auth_initiated to see if the OTP has already been sent.
Include the intermediate_session_token returned above when calling the authenticate() method that the user needed to perform. Once the user has completed the authentication requirements they were missing, they will be granted a full session_token and session_jwt to indicate they have successfully logged into the Organization.
The intermediate_session_token can also be used with the Exchange Intermediate Session endpoint or the Create Organization via Discovery endpoint to join a different Organization or create a new one. The session_duration_minutes and session_custom_claims parameters will be ignored.