Organizations
How organizations provide multi-tenancy and data isolation in Kaiten.
Organizations
Open-Source Only
The Organization concept is relevant for self-hosted deployments only. If you are using the Kaiten SaaS platform, your organization is managed transparently — you don't need to configure or interact with it directly.
An Organization represents a SaaS vendor using Kaiten to manage its product lifecycle. It is the top-level isolation boundary.
Key Properties
| Field | Description |
|---|---|
id | UUID, auto-generated |
external_id | Identifier from your Identity Provider (e.g. Clerk org_xxx) |
name | Display name |
Isolation Model
- All data (customers, instances, licenses, entitlements, flags, events) is scoped to an organization
- Every database query filters by
organization_idfrom the authenticated principal - In self-hosted mode, only one organization may exist
- In SaaS mode, multiple organizations are fully isolated
How Organizations Are Created
Organizations are typically synced from your Identity Provider:
- Clerk: via incoming webhooks (
organization.created,organization.updated,organization.deleted) - Other IdPs: via the REST API or custom integration
Users and Membership
Users belong to organizations via the user_on_organization join table. A user can belong to multiple organizations (SaaS mode).
| User Type | Description |
|---|---|
human | Real user with email, authenticated via IdP JWT |
machine | Service account with slug, authenticated via API token (ksh_*) |
See It in the Console
Service accounts (machine users) are managed under Integrations → Service Accounts. Organization-level settings are managed from the Settings page.