Manage an organisation

Organisations on Northflank allow you to manage multiple teams. You can provision and manage users by syncing your user directory, add your own single sign-on (SSO) identity provider, and configure security for your organisation.

You can create an organisation in the Northflank application from your user dashboard's organisations page.

You can also schedule a call to discuss on-boarding your organisation to Northflank, and selecting the right plan for your needs.

Restrict teams and members

In your organisation settings you can:

• prevent members of your organisation from joining teams on Northflank that do not belong to your organisation
• prevent users that are not members of your organisation from being added to organisation teams
• restrict organisation invites to email addresses at your linked domains (if you have configured single sign-on)

Multifactor Authentication

You can enable require MFA from your organisation's security page to enforce multifactor authentication for your organisation members. Organisation members will be prompted to set up an authenticator application for their Northflank account before they can access Northflank, and they will need to enter their one-time passcode on every log in attempt.

You can also set a maximum login session duration in hours, which will automatically log organisation members out and require them to re-authenticate after the time period.

Clear member login sessions

You can clear member login sessions from your organisation's security page to immediately log out all user accounts from your organisation.

You can manage user roles on an organisational level to ensure compliance with your security policies, restrict users to specific teams, and grant organisational permissions.

You can add your payment method and tax ID for an organisation to manage billing for all teams in the organisation.

As well monitoring spend by project and resource type, you can also monitor spend by team.

Invoices for each team's usage can be downloaded from the team billing page.

You can link your existing authentication with Northflank to allow your users to sign in using SSO.

Northflank uses WorkOS SSO to integrate Northflank with your identity provider using SAML and OpenID Connect (OIDC).

Navigate to your account's settings page to enable single sign-on, in the link your organisation section.

After linking your identity provider you can also select how users can be invited to teams in your organisation:

• Select SSO only to disable manual invites. This will prevent users in the organisation from inviting users by email address. Users will only be able to sign up via your SSO.
• Enable require approval for any SSO sign-ups. When a user creates an account using SSO they will be added to a queue until their request is confirmed or rejected. This conflicts with automatically provisioning users with directory sync, and cannot/should not be enabled at the same time.

You can sync your user directory with Northflank to update users on Northflank based on their directory groups.

You can enable Automatically provision organisation members to automatically provision organisation users on Northflank. You can restrict automatic provisioning to selected directory groups, so only users for teams using Northflank are automatically created.

Roles can be synced with directory groups to enable you to assign and remove roles from users by updating their directory groups.

Northflank uses WorkOS Directory Sync to integrate Northflank with your directory. You must have enabled single sign-on to use directory sync.