class StytchB2B::Organizations
def update(
== Method Options:
The type of this field is +Integer+.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
status_code::
The type of this field is +Organization+ (+object+).
The [Organization object](https://stytch.com/docs/b2b/api/organization-object).
organization::
The type of this field is +String+.
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
request_id::
An object with the following fields:
== Returns:
The type of this field is nilable list of +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
The list's accepted values are: `sms_otp` and `totp`.
An array of allowed MFA authentication methods. This list is enforced when `mfa_methods` is set to `RESTRICTED`.
allowed_mfa_methods::
The type of this field is nilable +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-mfa-methods` action on the `stytch.organization` Resource.
`RESTRICTED` – only methods that comply with `allowed_mfa_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
`ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
The setting that controls which MFA methods can be used by Members of an Organization. The accepted values are:
mfa_methods::
The type of this field is nilable list of +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.implicit-roles` action on the `stytch.organization` Resource.
for more information about role assignment.
associated Role, regardless of their login method. See the [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/role-assignment)
For each domain-Role pair, all Members whose email addresses have the specified email domain will be granted the
Implicit role assignments based off of email domains.
rbac_email_implicit_role_assignments::
The type of this field is nilable +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.mfa-policy` action on the `stytch.organization` Resource.
`OPTIONAL` – The default value. The Organization does not require MFA by default for all Members. Members will be required to complete MFA only if their `mfa_enrolled` status is set to true.
`REQUIRED_FOR_ALL` – All Members within the Organization will be required to complete MFA every time they wish to log in. However, any active Session that existed prior to this setting change will remain valid.
The setting that controls the MFA policy for all Members in the Organization. The accepted values are:
mfa_policy::
The type of this field is nilable list of +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
The list's accepted values are: `sso`, `magic_link`, `password`, `google_oauth`, and `microsoft_oauth`.
An array of allowed authentication methods. This list is enforced when `auth_methods` is set to `RESTRICTED`.
allowed_auth_methods::
The type of this field is nilable +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-auth-methods` action on the `stytch.organization` Resource.
`RESTRICTED` – only methods that comply with `allowed_auth_methods` can be used for authentication. This setting does not apply to Members with `is_breakglass` set to `true`.
`ALL_ALLOWED` – the default setting which allows all authentication methods to be used.
The setting that controls which authentication methods can be used by Members of an Organization. The accepted values are:
auth_methods::
The type of this field is nilable +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.email-invites` action on the `stytch.organization` Resource.
`NOT_ALLOWED` – disable email invites.
`RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be invited via email.
`ALL_ALLOWED` – any new Member can be invited to join via email.
The authentication setting that controls how a new Member can be invited to an organization by email. The accepted values are:
email_invites::
The type of this field is nilable +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.email-jit-provisioning` action on the `stytch.organization` Resource.
`NOT_ALLOWED` – disable JIT provisioning via Email Magic Link and OAuth.
`RESTRICTED` – only new Members with verified emails that comply with `email_allowed_domains` can be provisioned upon authentication via Email Magic Link or OAuth.
The authentication setting that controls how a new Member can be provisioned by authenticating via Email Magic Link or OAuth. The accepted values are:
email_jit_provisioning::
The type of this field is nilable list of +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.allowed-domains` action on the `stytch.organization` Resource.
Common domains such as `gmail.com` are not allowed. See the [common email domains resource](https://stytch.com/docs/b2b/api/common-email-domains) for the full list.
An array of email domains that allow invites or JIT provisioning for new Members. This list is enforced when either `email_invites` or `email_jit_provisioning` is set to `RESTRICTED`.
email_allowed_domains::
The type of this field is nilable list of +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource.
Only these connections will be allowed to JIT provision Members via SSO when `sso_jit_provisioning` is set to `RESTRICTED`.
An array of `connection_id`s that reference [SAML Connection objects](https://stytch.com/docs/b2b/api/saml-connection-object).
sso_jit_provisioning_allowed_connections::
The type of this field is nilable +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.sso-jit-provisioning` action on the `stytch.organization` Resource.
`NOT_ALLOWED` – disable JIT provisioning via SSO.
`RESTRICTED` – only new Members with SSO logins that comply with `sso_jit_provisioning_allowed_connections` can be provisioned upon authentication.
`ALL_ALLOWED` – new Members will be automatically provisioned upon successful authentication via any of the Organization's `sso_active_connections`.
The authentication setting that controls the JIT provisioning of Members when authenticating via SSO. The accepted values are:
sso_jit_provisioning::
The type of this field is nilable +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.settings.default-sso-connection` action on the `stytch.organization` Resource.
The default connection used for SSO when there are multiple active connections.
sso_default_connection_id::
The type of this field is nilable +object+.
update trusted metadata when acting as a Member.
If a session header is passed into the request, this field may **not** be passed into the request. You cannot
An arbitrary JSON object for storing application-specific data or identity-provider-specific data.
trusted_metadata::
The type of this field is nilable +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.logo-url` action on the `stytch.organization` Resource.
The image URL of the Organization logo.
organization_logo_url::
The type of this field is nilable +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.slug` action on the `stytch.organization` Resource.
The unique URL slug of the Organization. The slug only accepts alphanumeric characters and the following reserved characters: `-` `.` `_` `~`. Must be between 2 and 128 characters in length.
organization_slug::
The type of this field is nilable +String+.
If this field is provided and a session header is passed into the request, the Member Session must have permission to perform the `update.info.name` action on the `stytch.organization` Resource.
The name of the Organization. Must be between 1 and 128 characters in length.
organization_name::
The type of this field is +String+.
Globally unique UUID that identifies a specific Organization. The `organization_id` is critical to perform operations on an Organization, so be sure to preserve this value.
organization_id::
== Parameters:
To learn more about our RBAC implementation, see our [RBAC guide](https://stytch.com/docs/b2b/guides/rbac/overview).
proceed as normal.
does not match the `organization_id` passed in the request, a 403 error will be thrown. Otherwise, the request will
If the Member Session does not contain a Role that satisfies the requested permissions, or if the Member's Organization
permission to perform the `update.info.name` action on the `stytch.organization` Resource.
are passed in the request. For example, if the `organization_name` argument is provided, the Member Session must have
Member Session has the necessary permissions. The specific permissions needed depend on which of the optional fields
a header containing a `session_token` or a `session_jwt` for an unexpired Member Session, we will check that the
Our RBAC implementation offers out-of-the-box handling of authorization checks for this endpoint. If you pass in
*See the [Organization authentication settings](https://stytch.com/docs/b2b/api/org-auth-settings) resource to learn more about fields like `email_jit_provisioning`, `email_invites`, `sso_jit_provisioning`, etc., and their behaviors.
Updates an Organization specified by `organization_id`. An Organization must always have at least one auth setting set to either `RESTRICTED` or `ALL_ALLOWED` in order to provision new Members.
def update( organization_id:, organization_name: nil, organization_slug: nil, organization_logo_url: nil, trusted_metadata: nil, sso_default_connection_id: nil, sso_jit_provisioning: nil, sso_jit_provisioning_allowed_connections: nil, email_allowed_domains: nil, email_jit_provisioning: nil, email_invites: nil, auth_methods: nil, allowed_auth_methods: nil, mfa_policy: nil, rbac_email_implicit_role_assignments: nil, mfa_methods: nil, allowed_mfa_methods: nil, method_options: nil ) headers = {} headers = headers.merge(method_options.to_headers) unless method_options.nil? request = {} request[:organization_name] = organization_name unless organization_name.nil? request[:organization_slug] = organization_slug unless organization_slug.nil? request[:organization_logo_url] = organization_logo_url unless organization_logo_url.nil? request[:trusted_metadata] = trusted_metadata unless trusted_metadata.nil? request[:sso_default_connection_id] = sso_default_connection_id unless sso_default_connection_id.nil? request[:sso_jit_provisioning] = sso_jit_provisioning unless sso_jit_provisioning.nil? request[:sso_jit_provisioning_allowed_connections] = sso_jit_provisioning_allowed_connections unless sso_jit_provisioning_allowed_connections.nil? request[:email_allowed_domains] = email_allowed_domains unless email_allowed_domains.nil? request[:email_jit_provisioning] = email_jit_provisioning unless email_jit_provisioning.nil? request[:email_invites] = email_invites unless email_invites.nil? request[:auth_methods] = auth_methods unless auth_methods.nil? request[:allowed_auth_methods] = allowed_auth_methods unless allowed_auth_methods.nil? request[:mfa_policy] = mfa_policy unless mfa_policy.nil? request[:rbac_email_implicit_role_assignments] = rbac_email_implicit_role_assignments unless rbac_email_implicit_role_assignments.nil? request[:mfa_methods] = mfa_methods unless mfa_methods.nil? request[:allowed_mfa_methods] = allowed_mfa_methods unless allowed_mfa_methods.nil? put_request("/v1/b2b/organizations/#{organization_id}", request, headers) end