Skip to content
Scalekit Docs
Talk to an Engineer Dashboard

Add users to organizations

Ways in which users join or get added to organizations

The journey of a user into your application begins with how they join an organization. A smooth onboarding experience sets the tone for their entire interaction with your product, while administrators need flexible options to manage their organization members.

Scalekit supports a variety of ways for users to join organizations. This guide covers methods ranging from manual additions in the dashboard to fully automated provisioning.

Enable user invitations through your app

Section titled “Enable user invitations through your app”

Scalekit lets you add user invitation features to your app, allowing users to invite others to join their organization.

  1. Begin the invite flow

    Section titled “Begin the invite flow”

    When a user clicks the invite button in your application, retrieve the organization_id from their ID token or the application’s context. Then, call the Scalekit SDK with the invitee’s email address to send the invitation.

    Express.js invitation API
    // POST /api/organizations/:orgId/invite
    app.post('/api/organizations/:orgId/invite', async (req, res) => {
      const { orgId } = req.params
      const { email } = req.body
    

      try {
        // Create user and add to organization with invitation
        const { user } = await scalekit.user.createUserAndMembership(orgId, {
          email,
          sendInvitationEmail: true, // Scalekit sends the invitation email
        })
    

        res.json({
          message: 'Invitation sent successfully',
          userId: user.id,
          email: user.email
        })
      } catch (error) {
        res.status(400).json({ error: error.message })
      }
    })

    This sends a email invitation to invitee to join the organization.

  2. Set up initiate login endpoint

    Section titled “Set up initiate login endpoint”

    After the invitee clicks the invitation link they receive via email, Scalekit will handle verifying their identity in the background through the unique link embedded.

    Once verified, Scalekit automatically tries to log the invitee into your application by redirecting them to your app’s configured initiate login endpoint.

    Let’s go ahead and implement this endpoint.

    routes/auth.js
    // Handle indirect auth entry points
    app.get('/login', (req, res) => {
      const redirectUri = 'http://localhost:3000/auth/callback';
      const options = {
        scopes: ['openid', 'profile', 'email', 'offline_access']
      };
    

      const authorizationUrl = scalekit.getAuthorizationUrl(redirectUri, options);
      res.redirect(authorizationUrl);
    });

    This redirection ensures that the invitee is logged into your application after they accept the invitation. User won’t see a login page along the way since the identity is already verified through the unique link embedded in the invitation email.

The user will get an invitation email from Scalekit to accept the invitation.

Enable Just In Time (JIT) provisioning Coming soon

Section titled “Enable Just In Time (JIT) provisioning ”

Organization administrators, especially at enterprises pefer to have the users using your app verify their identity through their preferred identity provider (such as Okta, Micrsoft Entra ID, etc.). This is particularly useful for enterprises who have a large number of users and want to ensure that only the users who are part of the organization can access the application.

Scalekit will provision the user accounts in your app automatically when they sign in through SSO for the first time and map the user to the same organization.

This requires the organization to have a SSO connection setup.

Enable SCIM provisioning Coming soon

Section titled “Enable SCIM provisioning ”

Enterprises often rely on user directory providers (such as Okta, Microsoft Entra ID, etc.) to handle user management. This enables their organization administrators to control and manage access for organization members efficiently.

Scalekit supports SCIM provisioning, allowing your app to connect with these user directory providers so that user accounts are automatically created or removed in your app when users join or leave the organization. This automation is especially valuable for enterprise customers who want to ensure their licenses or seats are allocated efficiently, with organization admins managing access based on user groups.

Organization admins should set up SCIM connection with their user directory.

Add users through dashboard

Section titled “Add users through dashboard”

For administrative or support purposes, the Scalekit dashboard allows you to add new members directly to a customer’s organization

  1. In the Scalekit dashboard, navigate to Dashboard > Organizations.
  2. Select the organization you want to add a user to.
  3. Go to the Users tab and click Invite User.
  4. Fill out the invitation form:
    • Email Address: The user’s email
    • Role: Assign a role from the dropdown (e.g., Admin, Member, or a custom organization role)
    • Personal Information (Optional): Add the user’s first name, last name, and display name
  5. Click Send Invitation

The user will receive an email with a link to accept the invitation and join your organization. Once they accept, their status will update in the Users tab.