Organizations are the primary container for all resources in Freddy. Each organization represents a company, team, or workspace with its own:
- Members and access control
- AI provider integrations
- Resource limits and billing
- Custom configurations
Users can belong to multiple organizations simultaneously, with different roles and permissions in each. Users can switch between organizations without re-authenticating.
Organization
├── OrganizationUser (membership)
│ ├── User
│ ├── Role (permissions)
│ └── UserStatus (state)
├── Department (team structure)
│ └── UserDepartment (assignments)
├── OrganizationDomain (auto-assignment)
├── OrganizationProvider (AI integrations)
└── UserInvitation (pending members)Owner
- Complete control over organization
- Manage billing and payments
- Delete organization
- Manage all users and settings
Admin
- Manage users and members
- Configure organization settings
- Access all resources
- Cannot manage billing
Member
- Read-only access to organization
- Use AI services
- View resources
- Cannot modify settings
Organizations can create custom roles with tailored permission sets beyond the base roles.
InvitationSent → Active → Inactive → DeletedInvitationSent: User invited but hasn't accepted Active: Full access to organization Inactive: Temporarily disabled Deleted: Removed from organization (soft delete)
- Admin invites user: Creates UserInvitation with unique key
- Email sent: User receives invitation link
- User accepts: Completes registration or logs in
- Status updated: UserStatus changes from InvitationSent to Active
- Access granted: User can access organization resources
Invitations expire after 7 days and can only be used once.
Organizations can register email domains (e.g., aitronos.com) for automatic member assignment:
- User registers with matching email domain
- System finds OrganizationDomain record
- User automatically added to organization
- Assigned "Member" role by default
- Status set to "Active"
This enables seamless onboarding for company employees.
Departments provide team-based organization within companies:
- Engineering
- Sales
- Marketing
- Support
- Operations
- Users can belong to multiple departments
- Department-specific roles (member, lead, manager)
- Color coding for visual identification
- Custom departments can be created
Organizations can integrate multiple AI providers:
OpenAI: GPT models Anthropic: Claude models Freddy: Native models
Each provider has separate credentials and configuration, allowing organizations to use multiple providers simultaneously.
Organizations have configurable limits:
API Usage Limit: Maximum API spending (CHF) Total Usage Limit: Overall spending cap (CHF) Storage Allowance: Free storage quota (bytes)
Limits can be customized per organization based on pricing tier.
- Users marked as deleted remain in database
- Audit trail preserved
- Can be restored if needed
- Provider API keys encrypted at rest
- Never exposed in API responses
- Secure key rotation supported
- All membership changes tracked
- Role modifications logged
- Invitation usage recorded
- Create organization with descriptive name
- Configure provider integrations
- Set up email domains for auto-assignment
- Create custom departments if needed
- Invite initial team members
- Use invitations for new members
- Assign appropriate roles
- Organize users into departments
- Monitor invitation expiration
- Review member status regularly
- Follow principle of least privilege
- Use custom roles for specific needs
- Regularly audit member permissions
- Remove inactive members
- Monitor role assignments
All organization management operations are available via REST API:
- Create and manage organizations
- Invite and manage members
- Configure roles and permissions
- Set up provider integrations
- Manage departments and assignments
See individual endpoint documentation for details.