Multi-Tenant Structure: Organizations

In Catalio, an Organization represents the fundamental boundary for data isolation, access control, and multi-tenant security. Every organization operates in complete isolation from others—users, requirements, personas, and all other business data belong exclusively to a single organization with absolute privacy guarantees.

Think of an organization as your enterprise workspace: a secure, private environment where your teams collaborate on requirements, manage personas, define use cases, and build comprehensive product specifications without any risk of data leakage across organizational boundaries.

What is an Organization?

An organization in Catalio serves three critical purposes:

Tenant Boundary: Every resource (requirements, personas, use cases, test cases, conversations) is scoped to exactly one organization. This ensures complete data isolation—no cross-organizational data access is possible.
Security Perimeter: Authorization policies enforce that users can only access data within their own organization. Multi-tenant security is built into the foundation, not layered on top.
Administrative Domain: Organization-level settings control features like AI accessibility and integration with external authentication providers.

Real-World Examples

Enterprise Customer: TechCorp Inc.

Multiple product teams (Platform, Mobile, Analytics)
50+ employees across engineering, product, and QA
Strict data isolation from competitors and partners
Custom AI settings to control which requirements are AI-accessible

SaaS Startup: CloudFlow Systems

Single product focus with fast iteration cycles
12-person team across product, engineering, and customer success
AI features fully enabled for rapid requirement discovery
All team members collaborate in shared workspace

Partner Organization: Integration Labs

Separate workspace for integration development
Access restricted to integration team members
Independent requirement lifecycle from main product
Can be deactivated when project completes, preserving data for audit

Multi-Tenant Data Isolation

Catalio’s multi-tenant architecture ensures complete privacy and security between organizations. Every piece of data belongs to exactly one organization, and the system automatically enforces strict boundaries so you only see and access your organization’s data.

How Data Isolation Protects You

When you work in Catalio:

Automatic Filtering: The system automatically shows only your organization’s data—you never see other organizations’ information
Secure by Design: Data isolation is built into the foundation, not added as an afterthought
Intelligent Boundaries: When you create new requirements, personas, or other resources, they automatically belong to your organization
No Accidental Sharing: It’s impossible to accidentally view or modify another organization’s data

What This Means for Your Business

Complete Privacy: Your requirements, personas, and conversations are invisible to other organizations
Regulatory Compliance: Built-in data isolation helps meet privacy and compliance requirements
Audit Trail: Every resource tracks which organization owns it, enabling compliance reporting
Scalability: Add more users and data without worrying about performance or security degradation

Multi-Tenant Resources

The following resources are scoped to organizations:

Users: Belong to exactly one organization (cannot switch organizations)
Requirements: All requirements owned by organization
Personas: User roles defined per-organization
Use Cases: Scenario definitions scoped to organization
Test Cases: Test specifications per-organization
Test Results: Execution history scoped to organization
Components: Architecture elements per-organization
Processes: Business workflows scoped to organization
Conversations: Chat history isolated per-organization
Messages: Chat messages within organization context
API Keys: Authentication tokens scoped to organization

Example: Automatic Organization Filtering

When you view your requirements list, Catalio automatically shows only your organization’s requirements. You don’t need to filter or specify your organization—the system handles this automatically and securely. This same automatic filtering applies to all data types, ensuring you always work within your organization’s secure workspace.

Organization Attributes

Organizations have rich metadata that describes their identity, configuration, and operational status.

Core Identity

Name (required) The organization’s display name. Must be unique across all organizations.

Example: “TechCorp Inc.”, “Catalio Demo”, “Integration Labs”
Used in navigation, headers, and user interface
Required for organization creation

Description A concise explanation of the organization’s purpose and scope.

Example: “Enterprise product development team for TechCorp platform”
Helps users understand organizational context
Optional but recommended for clarity

Provider Organization ID The unique identifier from your authentication provider (e.g., Auth0).

Syncs organization membership from external auth systems
Enables SSO and identity federation
Automatically managed during authentication flows
Must be unique if provided

Operational Metadata

Website The organization’s primary website URL.

Example: “https://techcorp.com”
Must be a valid URL format (http:// or https://)
Used for organization profile and external links
Optional

Industry The primary business sector or industry.

Examples: “Software Development”, “Healthcare”, “Financial Services”
Free-form text field for flexibility
Helps categorize organizations in reporting
Optional

Size The organization’s size category based on employee count or scale.

Startup: Early-stage company, typically <10 employees
Small: 10-50 employees
Medium: 50-250 employees
Large: 250-1,000 employees
Enterprise: 1,000+ employees

Understanding organization size helps tailor features and capacity planning.

Headquarters Location The primary business location or headquarters.

Example: “San Francisco, CA” or “Remote-First”
Free-form text for flexibility
Used for organizational profile
Optional

Status Lifecycle

Organizations move through a well-defined lifecycle that controls access and operational state.

Active

The default operational state for organizations. Active organizations:

Users can authenticate and access the platform
All features are available based on subscription tier
Resources can be created, updated, and deleted normally
AI features respect organization-level settings

When to Use: Normal operational state for all working organizations.

Inactive

Temporarily disabled organizations. Inactive organizations:

Users cannot authenticate or access the platform
Data is preserved but read-only
No operations are allowed (create, update, delete)
Billing may be paused depending on subscription terms

When to Use:

Temporary project suspension
Pending contract renewal
Seasonal organizations (only active during specific periods)
Testing environments during off-cycles

How to Reactivate: Change status back to Active through admin interface or API.

Suspended

Administratively locked organizations. Suspended organizations:

Users cannot authenticate or access the platform
Data is preserved for audit and compliance
No operations allowed
Billing remains active (data preservation)
Requires administrator intervention to reactivate

When to Use:

Compliance violations or security concerns
Payment issues or subscription expiration
Legal holds or regulatory requirements
Contract disputes

How to Reactivate: Suspended organizations require administrator approval. Contact support or resolve the underlying issue, then request status change to Active.

Status Transition Actions

Catalio provides explicit actions for status management:

Activate: Set organization to active state
Deactivate: Set organization to inactive state
Suspend: Set organization to suspended state

All status changes are tracked in the audit trail with timestamps and the user who performed the change.

AI Accessibility Controls

Catalio’s AI-powered features (semantic search, quality assessment, sentiment analysis, auto-categorization) can be controlled at both the organization and individual resource level.

Organization-Level AI Setting

AI Accessible (default: true)

This organization-wide toggle controls the default AI accessibility for all resources created within the organization.

Enabled (true): New requirements, personas, and other resources are AI-accessible by default
Disabled (false): New resources are NOT AI-accessible by default

Important: This is a default setting. Individual resources can override this setting.

How AI Accessibility Works

When AI accessibility is enabled for a resource:

Vector Embeddings: Generated for semantic search
Quality Assessment: AI analyzes completeness and clarity
Sentiment Analysis: AI detects stakeholder attitude
Auto-Categorization: AI suggests priority, complexity, and tags
Summary Generation: AI creates concise summaries

When AI accessibility is disabled for a resource:

No AI Processing: Resource content is never sent to AI services
No Vector Search: Resource excluded from semantic search results
Manual Management: All metadata must be set manually
Privacy Guarantee: Sensitive data remains confidential

Use Cases for AI Accessibility

Enable AI (Recommended for Most Organizations)

Faster requirement discovery through semantic search
Automated quality feedback on requirements
Time-saving auto-categorization suggestions
Better requirement organization with AI tags

Disable AI (For Sensitive Environments)

Healthcare organizations with HIPAA requirements
Financial services with strict data privacy rules
Government contractors with classified information
Proprietary product specifications under NDA

Changing AI Settings

Organization-Level: Update the ai_accessible attribute when creating or updating the organization.

Resource-Level: Each requirement, persona, and other resource has its own ai_accessible toggle that overrides the organization default.

Best Practice: Set organization default based on your primary use case, then override for specific resources that require different handling.

Auth Provider Synchronization

Catalio integrates with your identity provider (such as Auth0) to automatically synchronize organization information and user access. This means:

Automatic Setup: When users from your organization first log in, Catalio automatically creates or updates your organization workspace
Single Sign-On (SSO): Users authenticate through your existing corporate identity system
Consistent Access: Organization membership in your identity provider determines access to Catalio
Seamless Updates: Changes to organization details in your identity provider sync to Catalio automatically

This integration ensures your team can access Catalio using your existing corporate credentials without manual setup or duplicate account management.

Identity Requirements

Organizations must have unique identifiers:

Name: Must be unique across all Catalio organizations (prevents confusion)
Provider Organization ID: Must be unique if synced from your identity provider (enables authentication)

These constraints ensure each organization has a distinct identity and prevent conflicts during authentication.

Organization Settings and Metadata

Organizations can store additional context in AI-focused metadata fields.

AI Summary

A concise summary (max 200 characters) describing the organization for AI context.

Example: “Enterprise SaaS company building collaboration tools for distributed teams. Focus on scalability, security, and user experience.”

Use Cases:

AI agent context windows
Quick organizational overview in dashboards
Integration with external tools requiring brief descriptions

AI Tags

Semantic tags categorizing the organization across multiple dimensions.

Example Categories and Tags:

Industry: software, saas, collaboration, healthcare, fintech
Focus Areas: scalability, security, user experience, compliance
Technologies: mobile, web, cloud, api, database

Use Cases:

Advanced filtering and search across organizations
AI-powered feature recommendations
Organizational analytics and reporting
Integration with business intelligence tools

These fields are optional and enhance AI features when enabled.

Best Practices for Organization Setup

Initial Setup

Choose a Clear Name: Use your company name or project name for clarity
Add Description: Explain the organization’s purpose and scope
Configure AI Settings: Enable AI for most cases, disable for sensitive data
Sync with Auth Provider: Ensure provider_org_id is set for SSO integration
Set Metadata: Add website, industry, and location for complete profile

Multi-Organization Strategies

Single Organization (Recommended for Most)

One organization per company or product
All teams work within shared workspace
Simplifies user management and collaboration
Use personas to distinguish user roles

Multiple Organizations (For Complex Enterprises)

Separate organizations for different products or business units
Complete data isolation between units
Each organization has independent users and settings
Useful for partners, contractors, or subsidiaries
Consider using separate organizations for testing/training environments to keep them isolated from production data

Security Best Practices

Review User Access: Regularly audit users in your organization
Use Status Controls: Deactivate or suspend organizations when not in use
Configure AI Carefully: Disable AI for sensitive requirements at resource level
Monitor Auth Sync: Verify provider_org_id matches auth provider configuration
Audit Trail: Review organization changes in audit logs regularly

Performance Considerations

Organizations are designed for scale:

Users: No hard limit—supports thousands of users per organization
Requirements: Optimized for tens of thousands of requirements
Queries: Organization filtering is indexed for fast performance
Data Volume: Catalio maintains performance even with large datasets across multiple resource types

Next Steps

Now that you understand organizations, explore how to:

Manage Users - Add team members and configure roles
Define Requirements - Create your first requirement within your organization
Set Up Auth - Configure SSO and auth provider integration

Pro Tip: Start with a single organization and default AI settings enabled. As you learn the platform, you can create additional organizations for demos or separate projects. Avoid over-fragmenting your data—use personas and components to organize within a single organization.

Support

Questions about organizations and multi-tenancy? We’re here to help:

Documentation: Continue reading about Users and Requirements
In-App Help: Look for the 🤖 AI assistant throughout the platform
Email: support@catalio.com
Community: Share best practices with other Catalio users