LicenPro
DocumentationPlatformOrganizations

Organizations

Tenant boundary for your team, products, invitations, and audit context. Understand org roles, each dashboard tab, and the member lifecycle from invite through removal.

Every vendor operates inside an organization—a tenant that groups people, assigned products, policies, and audit history. Licenses are issued under products, but the organization defines who can see and manage them.

Onboarding walkthrough: Create your first organization.

Role model (read this first)

LicenPro uses three permission layers. Dashboard docs often mention “admin” in more than one sense—map each action to the correct layer:

  • System JWT roleAdmin (platform operator) or User (registered vendor). Controls sidebar items like system logs, tickets, and subscribers. Does not automatically make someone a product owner.
  • Organization role — your membership in a tenant: Owner, Admin, ProductOwner, Member, Viewer, or ResellerAdmin (backend). Stored as myRole on the org record.
  • Product ownership — listed in product.owners. Required for license CRUD, RSA keys, Users tab, Access Matrix, and most Settings actions—even if your org role is Admin.
UI vs API

Some route guards only verify that you are a signed-in platform user. Authoritative checks run on the API. If a button appears but the server returns 403, your org or product role lacks that permission.

Organization lifecycle

  1. Create — wizard at /dashboard/organizations (Identity: name, website, default entry role; Branding: logo, colors, description).
  2. Configure — settings tab: policies (self-registration, approval), default member role, branding.
  3. Invite — email invitations with role; accept via /auth/accept-invitation?token=… (login required).
  4. Assign products — link products to the org; add product owners and access-matrix rows per release.
  5. Operate — members use org overview analytics; admins manage team and audit.
  6. Transfer or delete — ownership transfer (Owner); org delete (Owner only, destructive).

Organization tabs

Each tab is a child route under the org layout. Tabs for Members, Invitations, Audit Logs, and Settings appear only when myRole is Owner, Admin, ProductOwner, or ResellerAdmin. Overview and Products are visible to all members.

Overview

Default landing tab when you open an organization. Use it to answer “what is happening in this tenant right now?” before you drill into products or licenses.

  • Summary cards — member count, assigned products, license totals, and activation trends scoped to this org.
  • License mix — quick view of perpetual, trial, subscription, floating, and concurrent keys tied to org products.
  • Recent activity — shortcuts to the latest license events and team changes without opening Audit Logs.
  • Context switch — if you belong to multiple orgs, confirm the org name in the header before acting on data.

Typical tasks: weekly health check, executive snapshot before a renewal call, verify a new product assignment landed.

Products

Catalog of software products linked to this organization. Assignment here does not issue licenses—it grants the org (and its members) visibility and access paths to products you already created in your vendor account.

  • Assign product — Owner / Admin opens Assign Product, searches the vendor catalog, and links one or more products. Members then see assigned products on this tab and in their sidebar (subject to access matrix rules on each product).
  • Unassign — removes org linkage; does not delete the product or its licenses platform-wide.
  • Member view — Members and Viewers only see products they are assigned to or granted via per-release access matrix rows—not every product in your account.
  • Next step — after assignment, product owners add users and matrix rows on the product workspace (Products guide).
Click image to open full-resolution preview.

Members

Authoritative team directory for the organization: who belongs, what org role they hold, and when they joined.

  • Invite — email + role: Member, Viewer, ProductOwner, or Admin (only Owner can assign Admin).
  • Change role — Owner, Admin, or ResellerAdmin; Owner-only rules apply when promoting to Admin.
  • Remove — Owner, Admin, ProductOwner, ResellerAdmin; cannot remove the Owner.
  • Role vs product access — org role controls org tabs; product owners and access matrix control per-product license work.

Role quick guide: Member = contribute on assigned products; Viewer = read-only; ProductOwner = manage products/licenses without full org admin; Admin = team + settings except Owner-only actions.

Click image to open full-resolution preview.

Invitations

Operational queue for people who have not yet accepted. Use it when onboarding is stuck or you need to revoke a mistaken invite.

  • Status — Pending, expired, or revoked; filter and search by recipient email.
  • Resend — generates a fresh token email without changing the chosen role.
  • Revoke — invalidates the link immediately; recipient must receive a new invite.
  • Expiry — each row shows when the token expires; expired invites cannot be accepted until resent.
  • Roles in UI — Member, Viewer, Admin on this tab; Members tab also offers ProductOwner when inviting.
Click image to open full-resolution preview.

Audit Logs

Immutable org-scoped trail for compliance and support: who changed team membership, assigned products, or org settings.

  • Columns — timestamp, action (e.g. InvitationSent, LicenseCreated), product, entity type, entity name, IP address.
  • Filters — action type, entity type, date range, and free-text search across user, entity, or product.
  • Export CSV — download the filtered view for SIEM or spreadsheet analysis.
  • Details — eye icon opens structured payload for a single event.
  • Pair with Analytics — audit is point-in-time; Analytics shows trends over time.
Click image to open full-resolution preview.

Settings

Owner-focused configuration split into sub-sections (left nav inside Settings):

  • General — entity name, registry ID, rich-text description, and public website URL shown on the org profile.
  • Branding — logo and colors for org presentation in the dashboard and invitations.
  • PoliciesallowSelfRegistration, requireApprovalForJoining, and defaultMemberRole for new joiners (Member, Viewer, or Admin).
  • Governance — ownership transfer and advanced policy toggles where your deployment exposes them.
  • Danger zone — delete organization (Owner only; irreversible; licenses under org products may cascade per server policy).

Before you save: description and website are customer-facing on the org header; policy changes affect the next invitation or self-registration attempt, not retroactively on existing members.

Click image to open full-resolution preview.

Organization roles matrix

  • Owner — full tenant control: delete org, transfer ownership, assign Admin, all invite/remove/role operations.
  • Admin — invite, change roles (not to Owner; cannot assign Admin—that is Owner-only), remove members; cannot delete org.
  • ProductOwner — invite and remove members; manage assigned products/licenses; no org delete or Admin promotion.
  • Member — view org overview and assigned products; use licenses per product access matrix; no member management tabs in UI.
  • Viewer — read-only org access; product visibility via access matrix only.
  • ResellerAdmin — backend role treated like Admin for many org operations (partial UI surfacing).

Invitation workflow (step-by-step)

  1. Admin opens Members or InvitationsInvite.
  2. Enter email, pick role, optional message → send.
  3. Recipient receives email with token link.
  4. Recipient signs in (or registers) → /auth/accept-invitation?token=….
  5. On success, user is added to org with chosen role → redirect to /dashboard/organization/:orgId.
  6. Operator can resend or cancel pending rows from Invitations.

REST automation

Routes under /api/Organization/… mirror dashboard flows: CRUD, members, invitations, policies. Use operator JWT or scoped account API keys (API keys guide).

Organizations API · Auth & users · Products · System overview