[PM-11622] use organization domains (#5560)

* DBO changes * Add migration scripts * wip * wip * wip * add EF migrations * run dotnet format * cleanup * revert business logic * wip * add update statement to mssql migration script * fix user service tests * increment license, add UseOrganizationDomains * add migration helpers to seed initial value from UseSso * clean up * cleanup * fix mssql migrations * fix license version and test * fix file names * fix license json * add missing property to license test * rename file * fix migrations * fix migration * add WHERE to helper scripts * separate schema/data migrations * restore comment * Merge conflict * fix migrations * add new property to migration * wip * fix file names * fix file name
7 months ago · 81bff5e5cf
53 changed files with 10139 additions and 72 deletions
--- a/src/Admin/AdminConsole/Controllers/OrganizationsController.cs
+++ b/src/Admin/AdminConsole/Controllers/OrganizationsController.cs
@ -462,6 +462,7 @@ public class OrganizationsController : Controller
				@@ -462,6 +462,7 @@ public class OrganizationsController : Controller
            organization.UsersGetPremium = model.UsersGetPremium;
            organization.UseSecretsManager = model.UseSecretsManager;
            organization.UseRiskInsights = model.UseRiskInsights;
+            organization.UseOrganizationDomains = model.UseOrganizationDomains;
            organization.UseAdminSponsoredFamilies = model.UseAdminSponsoredFamilies;

            //secrets
--- a/src/Admin/AdminConsole/Models/OrganizationEditModel.cs
+++ b/src/Admin/AdminConsole/Models/OrganizationEditModel.cs
@ -102,7 +102,7 @@ public class OrganizationEditModel : OrganizationViewModel
				@@ -102,7 +102,7 @@ public class OrganizationEditModel : OrganizationViewModel
        MaxAutoscaleSmSeats = org.MaxAutoscaleSmSeats;
        SmServiceAccounts = org.SmServiceAccounts;
        MaxAutoscaleSmServiceAccounts = org.MaxAutoscaleSmServiceAccounts;
-
+        UseOrganizationDomains = org.UseOrganizationDomains;
        _plans = plans;
    }

@ -186,6 +186,8 @@ public class OrganizationEditModel : OrganizationViewModel
				@@ -186,6 +186,8 @@ public class OrganizationEditModel : OrganizationViewModel
    public int? SmServiceAccounts { get; set; }
    [Display(Name = "Max Autoscale Machine Accounts")]
    public int? MaxAutoscaleSmServiceAccounts { get; set; }
+    [Display(Name = "Use Organization Domains")]
+    public bool UseOrganizationDomains { get; set; }

    /**
     * Creates a Plan[] object for use in Javascript
@ -215,6 +217,7 @@ public class OrganizationEditModel : OrganizationViewModel
				@@ -215,6 +217,7 @@ public class OrganizationEditModel : OrganizationViewModel
                    Has2fa = p.Has2fa,
                    HasApi = p.HasApi,
                    HasSso = p.HasSso,
+                    HasOrganizationDomains = p.HasOrganizationDomains,
                    HasKeyConnector = p.HasKeyConnector,
                    HasScim = p.HasScim,
                    HasResetPassword = p.HasResetPassword,
@ -315,6 +318,7 @@ public class OrganizationEditModel : OrganizationViewModel
				@@ -315,6 +318,7 @@ public class OrganizationEditModel : OrganizationViewModel
        existingOrganization.MaxAutoscaleSmSeats = MaxAutoscaleSmSeats;
        existingOrganization.SmServiceAccounts = SmServiceAccounts;
        existingOrganization.MaxAutoscaleSmServiceAccounts = MaxAutoscaleSmServiceAccounts;
+        existingOrganization.UseOrganizationDomains = UseOrganizationDomains;
        return existingOrganization;
    }
 }
--- a/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml
+++ b/src/Admin/AdminConsole/Views/Shared/_OrganizationForm.cshtml
@ -124,6 +124,10 @@
				@@ -124,6 +124,10 @@
                    <input type="checkbox" class="form-check-input" asp-for="UseSso" disabled='@(canEditPlan ? null : "disabled")'>
                    <label class="form-check-label" asp-for="UseSso"></label>
                </div>
+                <div class="form-check">
+                    <input type="checkbox" class="form-check-input" asp-for="UseOrganizationDomains" disabled='@(canEditPlan ? null : "disabled")'>
+                    <label class="form-check-label" asp-for="UseOrganizationDomains"></label>
+                </div>
                <div class="form-check">
                    <input type="checkbox" class="form-check-input" asp-for="UseKeyConnector" disabled='@(canEditPlan ? null : "disabled")'>
                    <label class="form-check-label" asp-for="UseKeyConnector"></label>
--- a/src/Admin/AdminConsole/Views/Shared/_OrganizationFormScripts.cshtml
+++ b/src/Admin/AdminConsole/Views/Shared/_OrganizationFormScripts.cshtml
@ -69,6 +69,7 @@
				@@ -69,6 +69,7 @@
        document.getElementById('@(nameof(Model.UseGroups))').checked = plan.hasGroups;
        document.getElementById('@(nameof(Model.UsePolicies))').checked = plan.hasPolicies;
        document.getElementById('@(nameof(Model.UseSso))').checked = plan.hasSso;
+        document.getElementById('@(nameof(Model.UseOrganizationDomains))').checked = hasOrganizationDomains;
        document.getElementById('@(nameof(Model.UseScim))').checked = plan.hasScim;
        document.getElementById('@(nameof(Model.UseDirectory))').checked = plan.hasDirectory;
        document.getElementById('@(nameof(Model.UseEvents))').checked = plan.hasEvents;
--- a/src/Api/AdminConsole/Models/Response/Organizations/OrganizationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/Organizations/OrganizationResponseModel.cs
@ -64,6 +64,7 @@ public class OrganizationResponseModel : ResponseModel
				@@ -64,6 +64,7 @@ public class OrganizationResponseModel : ResponseModel
        LimitItemDeletion = organization.LimitItemDeletion;
        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
        UseRiskInsights = organization.UseRiskInsights;
+        UseOrganizationDomains = organization.UseOrganizationDomains;
        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
    }

@ -111,6 +112,7 @@ public class OrganizationResponseModel : ResponseModel
				@@ -111,6 +112,7 @@ public class OrganizationResponseModel : ResponseModel
    public bool LimitItemDeletion { get; set; }
    public bool AllowAdminAccessToAllCollectionItems { get; set; }
    public bool UseRiskInsights { get; set; }
+    public bool UseOrganizationDomains { get; set; }
    public bool UseAdminSponsoredFamilies { get; set; }
 }

--- a/src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs
@ -73,6 +73,7 @@ public class ProfileOrganizationResponseModel : ResponseModel
				@@ -73,6 +73,7 @@ public class ProfileOrganizationResponseModel : ResponseModel
        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
        UserIsClaimedByOrganization = organizationIdsClaimingUser.Contains(organization.OrganizationId);
        UseRiskInsights = organization.UseRiskInsights;
+        UseOrganizationDomains = organization.UseOrganizationDomains;
        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;

        if (organization.SsoConfig != null)
@ -153,6 +154,7 @@ public class ProfileOrganizationResponseModel : ResponseModel
				@@ -153,6 +154,7 @@ public class ProfileOrganizationResponseModel : ResponseModel
    /// </remarks>
    public bool UserIsClaimedByOrganization { get; set; }
    public bool UseRiskInsights { get; set; }
+    public bool UseOrganizationDomains { get; set; }
    public bool UseAdminSponsoredFamilies { get; set; }
    public bool IsAdminInitiated { get; set; }
 }
--- a/src/Api/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModel.cs
@ -50,6 +50,7 @@ public class ProfileProviderOrganizationResponseModel : ProfileOrganizationRespo
				@@ -50,6 +50,7 @@ public class ProfileProviderOrganizationResponseModel : ProfileOrganizationRespo
        LimitItemDeletion = organization.LimitItemDeletion;
        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
        UseRiskInsights = organization.UseRiskInsights;
+        UseOrganizationDomains = organization.UseOrganizationDomains;
        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
    }
 }
--- a/src/Api/Models/Response/PlanResponseModel.cs
+++ b/src/Api/Models/Response/PlanResponseModel.cs
@ -32,6 +32,7 @@ public class PlanResponseModel : ResponseModel
				@@ -32,6 +32,7 @@ public class PlanResponseModel : ResponseModel
        HasTotp = plan.HasTotp;
        Has2fa = plan.Has2fa;
        HasSso = plan.HasSso;
+        HasOrganizationDomains = plan.HasOrganizationDomains;
        HasResetPassword = plan.HasResetPassword;
        UsersGetPremium = plan.UsersGetPremium;
        UpgradeSortOrder = plan.UpgradeSortOrder;
@ -71,6 +72,7 @@ public class PlanResponseModel : ResponseModel
				@@ -71,6 +72,7 @@ public class PlanResponseModel : ResponseModel
    public bool Has2fa { get; set; }
    public bool HasApi { get; set; }
    public bool HasSso { get; set; }
+    public bool HasOrganizationDomains { get; set; }
    public bool HasResetPassword { get; set; }
    public bool UsersGetPremium { get; set; }

--- a/src/Core/AdminConsole/Entities/Organization.cs
+++ b/src/Core/AdminConsole/Entities/Organization.cs
@ -114,6 +114,11 @@ public class Organization : ITableObject<Guid>, IStorableSubscriber, IRevisable,
				@@ -114,6 +114,11 @@ public class Organization : ITableObject<Guid>, IStorableSubscriber, IRevisable,
    /// </summary>
    public bool UseRiskInsights { get; set; }

+    /// <summary>
+    /// If true, the organization can claim domains, which unlocks additional enterprise features
+    /// </summary>
+    public bool UseOrganizationDomains { get; set; }
+
    /// <summary>
    /// If set to true, admins can initiate organization-issued sponsorships.
    /// </summary>
@ -319,5 +324,6 @@ public class Organization : ITableObject<Guid>, IStorableSubscriber, IRevisable,
				@@ -319,5 +324,6 @@ public class Organization : ITableObject<Guid>, IStorableSubscriber, IRevisable,
        SmSeats = license.SmSeats;
        SmServiceAccounts = license.SmServiceAccounts;
        UseRiskInsights = license.UseRiskInsights;
+        UseOrganizationDomains = license.UseOrganizationDomains;
    }
 }
--- a/src/Core/AdminConsole/Models/Data/Organizations/OrganizationAbility.cs
+++ b/src/Core/AdminConsole/Models/Data/Organizations/OrganizationAbility.cs
@ -26,6 +26,7 @@ public class OrganizationAbility
				@@ -26,6 +26,7 @@ public class OrganizationAbility
        LimitItemDeletion = organization.LimitItemDeletion;
        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
        UseRiskInsights = organization.UseRiskInsights;
+        UseOrganizationDomains = organization.UseOrganizationDomains;
        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
    }

@ -46,5 +47,6 @@ public class OrganizationAbility
				@@ -46,5 +47,6 @@ public class OrganizationAbility
    public bool LimitItemDeletion { get; set; }
    public bool AllowAdminAccessToAllCollectionItems { get; set; }
    public bool UseRiskInsights { get; set; }
+    public bool UseOrganizationDomains { get; set; }
    public bool UseAdminSponsoredFamilies { get; set; }
 }
--- a/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs
+++ b/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs
@ -59,6 +59,7 @@ public class OrganizationUserOrganizationDetails
				@@ -59,6 +59,7 @@ public class OrganizationUserOrganizationDetails
    public bool LimitItemDeletion { get; set; }
    public bool AllowAdminAccessToAllCollectionItems { get; set; }
    public bool UseRiskInsights { get; set; }
+    public bool UseOrganizationDomains { get; set; }
    public bool UseAdminSponsoredFamilies { get; set; }
    public bool? IsAdminInitiated { get; set; }
 }
--- a/src/Core/AdminConsole/Models/Data/Provider/ProviderUserOrganizationDetails.cs
+++ b/src/Core/AdminConsole/Models/Data/Provider/ProviderUserOrganizationDetails.cs
@ -45,6 +45,7 @@ public class ProviderUserOrganizationDetails
				@@ -45,6 +45,7 @@ public class ProviderUserOrganizationDetails
    public bool LimitItemDeletion { get; set; }
    public bool AllowAdminAccessToAllCollectionItems { get; set; }
    public bool UseRiskInsights { get; set; }
+    public bool UseOrganizationDomains { get; set; }
    public bool UseAdminSponsoredFamilies { get; set; }
    public ProviderType ProviderType { get; set; }
 }
--- a/src/Core/AdminConsole/OrganizationFeatures/Organizations/CloudOrganizationSignUpCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Organizations/CloudOrganizationSignUpCommand.cs
@ -104,7 +104,8 @@ public class CloudOrganizationSignUpCommand(
				@@ -104,7 +104,8 @@ public class CloudOrganizationSignUpCommand(
            RevisionDate = DateTime.UtcNow,
            Status = OrganizationStatusType.Created,
            UsePasswordManager = true,
-            UseSecretsManager = signup.UseSecretsManager
+            UseSecretsManager = signup.UseSecretsManager,
+            UseOrganizationDomains = plan.HasOrganizationDomains,
        };

        if (signup.UseSecretsManager)
--- a/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
+++ b/src/Core/AdminConsole/Services/Implementations/OrganizationService.cs
@ -449,6 +449,7 @@ public class OrganizationService : IOrganizationService
				@@ -449,6 +449,7 @@ public class OrganizationService : IOrganizationService
            MaxStorageGb = 1,
            UsePolicies = plan.HasPolicies,
            UseSso = plan.HasSso,
+            UseOrganizationDomains = plan.HasOrganizationDomains,
            UseGroups = plan.HasGroups,
            UseEvents = plan.HasEvents,
            UseDirectory = plan.HasDirectory,
@ -570,6 +571,7 @@ public class OrganizationService : IOrganizationService
				@@ -570,6 +571,7 @@ public class OrganizationService : IOrganizationService
            SmSeats = license.SmSeats,
            SmServiceAccounts = license.SmServiceAccounts,
            UseRiskInsights = license.UseRiskInsights,
+            UseOrganizationDomains = license.UseOrganizationDomains,
        };

        var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false);
--- a/src/Core/Billing/Licenses/LicenseConstants.cs
+++ b/src/Core/Billing/Licenses/LicenseConstants.cs
@ -42,6 +42,7 @@ public static class OrganizationLicenseConstants
				@@ -42,6 +42,7 @@ public static class OrganizationLicenseConstants
    public const string ExpirationWithoutGracePeriod = nameof(ExpirationWithoutGracePeriod);
    public const string Trial = nameof(Trial);
    public const string UseAdminSponsoredFamilies = nameof(UseAdminSponsoredFamilies);
+    public const string UseOrganizationDomains = nameof(UseOrganizationDomains);
 }

 public static class UserLicenseConstants
--- a/src/Core/Billing/Licenses/Services/Implementations/OrganizationLicenseClaimsFactory.cs
+++ b/src/Core/Billing/Licenses/Services/Implementations/OrganizationLicenseClaimsFactory.cs
@ -54,6 +54,7 @@ public class OrganizationLicenseClaimsFactory : ILicenseClaimsFactory<Organizati
				@@ -54,6 +54,7 @@ public class OrganizationLicenseClaimsFactory : ILicenseClaimsFactory<Organizati
            new(nameof(OrganizationLicenseConstants.ExpirationWithoutGracePeriod), expirationWithoutGracePeriod.ToString(CultureInfo.InvariantCulture)),
            new(nameof(OrganizationLicenseConstants.Trial), trial.ToString()),
            new(nameof(OrganizationLicenseConstants.UseAdminSponsoredFamilies), entity.UseAdminSponsoredFamilies.ToString()),
+            new(nameof(OrganizationLicenseConstants.UseOrganizationDomains), entity.UseOrganizationDomains.ToString()),
        };

        if (entity.Name is not null)
--- a/src/Core/Billing/Models/StaticStore/Plan.cs
+++ b/src/Core/Billing/Models/StaticStore/Plan.cs
@ -24,6 +24,7 @@ public abstract record Plan
				@@ -24,6 +24,7 @@ public abstract record Plan
    public bool Has2fa { get; protected init; }
    public bool HasApi { get; protected init; }
    public bool HasSso { get; protected init; }
+    public bool HasOrganizationDomains { get; protected init; }
    public bool HasKeyConnector { get; protected init; }
    public bool HasScim { get; protected init; }
    public bool HasResetPassword { get; protected init; }
--- a/src/Core/Models/Business/OrganizationLicense.cs
+++ b/src/Core/Models/Business/OrganizationLicense.cs
@ -182,6 +182,7 @@ public class OrganizationLicense : ILicense
				@@ -182,6 +182,7 @@ public class OrganizationLicense : ILicense

    public bool Trial { get; set; }
    public LicenseType? LicenseType { get; set; }
+    public bool UseOrganizationDomains { get; set; }
    public bool UseAdminSponsoredFamilies { get; set; }
    public string Hash { get; set; }
    public string Signature { get; set; }
@ -445,6 +446,7 @@ public class OrganizationLicense : ILicense
				@@ -445,6 +446,7 @@ public class OrganizationLicense : ILicense
        var smSeats = claimsPrincipal.GetValue<int?>(nameof(SmSeats));
        var smServiceAccounts = claimsPrincipal.GetValue<int?>(nameof(SmServiceAccounts));
        var useAdminSponsoredFamilies = claimsPrincipal.GetValue<bool>(nameof(UseAdminSponsoredFamilies));
+        var useOrganizationDomains = claimsPrincipal.GetValue<bool>(nameof(UseOrganizationDomains));

        return issued <= DateTime.UtcNow &&
               expires >= DateTime.UtcNow &&
@ -473,7 +475,8 @@ public class OrganizationLicense : ILicense
				@@ -473,7 +475,8 @@ public class OrganizationLicense : ILicense
               usePasswordManager == organization.UsePasswordManager &&
               smSeats == organization.SmSeats &&
               smServiceAccounts == organization.SmServiceAccounts &&
-               useAdminSponsoredFamilies == organization.UseAdminSponsoredFamilies;
+               useAdminSponsoredFamilies == organization.UseAdminSponsoredFamilies &&
+               useOrganizationDomains == organization.UseOrganizationDomains;

    }

--- a/src/Core/OrganizationFeatures/OrganizationSubscriptions/UpgradeOrganizationPlanCommand.cs
+++ b/src/Core/OrganizationFeatures/OrganizationSubscriptions/UpgradeOrganizationPlanCommand.cs
@ -263,6 +263,7 @@ public class UpgradeOrganizationPlanCommand : IUpgradeOrganizationPlanCommand
				@@ -263,6 +263,7 @@ public class UpgradeOrganizationPlanCommand : IUpgradeOrganizationPlanCommand
        organization.Use2fa = newPlan.Has2fa;
        organization.UseApi = newPlan.HasApi;
        organization.UseSso = newPlan.HasSso;
+        organization.UseOrganizationDomains = newPlan.HasOrganizationDomains;
        organization.UseKeyConnector = newPlan.HasKeyConnector;
        organization.UseScim = newPlan.HasScim;
        organization.UseResetPassword = newPlan.HasResetPassword;
--- a/src/Core/Resources/SharedResources.en.resx
+++ b/src/Core/Resources/SharedResources.en.resx
@ -1,17 +1,17 @@
				@@ -1,17 +1,17 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <root>
-  <!-- 
-    Microsoft ResX Schema 
-    
+  <!--
+    Microsoft ResX Schema
+
    Version 2.0
-    
-    The primary goals of this format is to allow a simple XML format 
-    that is mostly human readable. The generation and parsing of the 
-    various data types are done through the TypeConverter classes 
+
+    The primary goals of this format is to allow a simple XML format
+    that is mostly human readable. The generation and parsing of the
+    various data types are done through the TypeConverter classes
    associated with the data types.
-    
+
    Example:
-    
+
    ... ado.net/XML headers & schema ...
    <resheader name="resmimetype">text/microsoft-resx</resheader>
    <resheader name="version">2.0</resheader>
@ -26,36 +26,36 @@
				@@ -26,36 +26,36 @@
        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
        <comment>This is a comment</comment>
    </data>
-                
-    There are any number of "resheader" rows that contain simple 
+
+    There are any number of "resheader" rows that contain simple
    name/value pairs.
-    
-    Each data row contains a name, and value. The row also contains a 
-    type or mimetype. Type corresponds to a .NET class that support 
-    text/value conversion through the TypeConverter architecture. 
-    Classes that don't support this are serialized and stored with the 
+
+    Each data row contains a name, and value. The row also contains a
+    type or mimetype. Type corresponds to a .NET class that support
+    text/value conversion through the TypeConverter architecture.
+    Classes that don't support this are serialized and stored with the
    mimetype set.
-    
-    The mimetype is used for serialized objects, and tells the 
-    ResXResourceReader how to depersist the object. This is currently not 
+
+    The mimetype is used for serialized objects, and tells the
+    ResXResourceReader how to depersist the object. This is currently not
    extensible. For a given mimetype the value must be set accordingly:
-    
-    Note - application/x-microsoft.net.object.binary.base64 is the format 
-    that the ResXResourceWriter will generate, however the reader can 
+
+    Note - application/x-microsoft.net.object.binary.base64 is the format
+    that the ResXResourceWriter will generate, however the reader can
    read any of the formats listed below.
-    
+
    mimetype: application/x-microsoft.net.object.binary.base64
-    value   : The object must be serialized with 
+    value   : The object must be serialized with
            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
            : and then encoded with base64 encoding.
-    
+
    mimetype: application/x-microsoft.net.object.soap.base64
-    value   : The object must be serialized with 
+    value   : The object must be serialized with
            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
            : and then encoded with base64 encoding.

    mimetype: application/x-microsoft.net.object.bytearray.base64
-    value   : The object must be serialized into a byte array 
+    value   : The object must be serialized into a byte array
            : using a System.ComponentModel.TypeConverter
            : and then encoded with base64 encoding.
    -->
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationRepository.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationRepository.cs
@ -107,6 +107,7 @@ public class OrganizationRepository : Repository<Core.AdminConsole.Entities.Orga
				@@ -107,6 +107,7 @@ public class OrganizationRepository : Repository<Core.AdminConsole.Entities.Orga
                LimitItemDeletion = e.LimitItemDeletion,
                AllowAdminAccessToAllCollectionItems = e.AllowAdminAccessToAllCollectionItems,
                UseRiskInsights = e.UseRiskInsights,
+                UseOrganizationDomains = e.UseOrganizationDomains,
                UseAdminSponsoredFamilies = e.UseAdminSponsoredFamilies
            }).ToListAsync();
        }
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserOrganizationDetailsViewQuery.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserOrganizationDetailsViewQuery.cs
@ -71,7 +71,8 @@ public class OrganizationUserOrganizationDetailsViewQuery : IQuery<OrganizationU
				@@ -71,7 +71,8 @@ public class OrganizationUserOrganizationDetailsViewQuery : IQuery<OrganizationU
                        UseRiskInsights = o.UseRiskInsights,
                        UseAdminSponsoredFamilies = o.UseAdminSponsoredFamilies,
                        LimitItemDeletion = o.LimitItemDeletion,
-                        IsAdminInitiated = os.IsAdminInitiated
+                        IsAdminInitiated = os.IsAdminInitiated,
+                        UseOrganizationDomains = o.UseOrganizationDomains
                    };
        return query;
    }
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/ProviderUserOrganizationDetailsViewQuery.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/ProviderUserOrganizationDetailsViewQuery.cs
@ -49,8 +49,9 @@ public class ProviderUserOrganizationDetailsViewQuery : IQuery<ProviderUserOrgan
				@@ -49,8 +49,9 @@ public class ProviderUserOrganizationDetailsViewQuery : IQuery<ProviderUserOrgan
            LimitItemDeletion = x.o.LimitItemDeletion,
            AllowAdminAccessToAllCollectionItems = x.o.AllowAdminAccessToAllCollectionItems,
            UseRiskInsights = x.o.UseRiskInsights,
+            ProviderType = x.p.Type,
+            UseOrganizationDomains = x.o.UseOrganizationDomains,
            UseAdminSponsoredFamilies = x.o.UseAdminSponsoredFamilies,
-            ProviderType = x.p.Type
        });
    }
 }
--- a/Procedures/Organization_Create.sql
+++ b/Procedures/Organization_Create.sql
@ -56,6 +56,7 @@ CREATE PROCEDURE [dbo].[Organization_Create]
				@@ -56,6 +56,7 @@ CREATE PROCEDURE [dbo].[Organization_Create]
    @AllowAdminAccessToAllCollectionItems BIT = 0,
    @UseRiskInsights BIT = 0,
    @LimitItemDeletion BIT = 0,
+    @UseOrganizationDomains BIT = 0,
    @UseAdminSponsoredFamilies BIT = 0
 AS
 BEGIN
@ -120,6 +121,7 @@ BEGIN
				@@ -120,6 +121,7 @@ BEGIN
        [AllowAdminAccessToAllCollectionItems],
        [UseRiskInsights],
        [LimitItemDeletion],
+        [UseOrganizationDomains],
        [UseAdminSponsoredFamilies]
    )
    VALUES
@ -181,6 +183,7 @@ BEGIN
				@@ -181,6 +183,7 @@ BEGIN
        @AllowAdminAccessToAllCollectionItems,
        @UseRiskInsights,
        @LimitItemDeletion,
+        @UseOrganizationDomains,
        @UseAdminSponsoredFamilies
    )
 END
--- a/Procedures/Organization_ReadAbilities.sql
+++ b/Procedures/Organization_ReadAbilities.sql
@ -26,6 +26,7 @@ BEGIN
				@@ -26,6 +26,7 @@ BEGIN
        [AllowAdminAccessToAllCollectionItems],
        [UseRiskInsights],
        [LimitItemDeletion],
+        [UseOrganizationDomains],
        [UseAdminSponsoredFamilies]
    FROM
        [dbo].[Organization]
--- a/Procedures/Organization_Update.sql
+++ b/Procedures/Organization_Update.sql
@ -56,6 +56,7 @@ CREATE PROCEDURE [dbo].[Organization_Update]
				@@ -56,6 +56,7 @@ CREATE PROCEDURE [dbo].[Organization_Update]
    @AllowAdminAccessToAllCollectionItems BIT = 0,
    @UseRiskInsights BIT = 0,
    @LimitItemDeletion BIT = 0,
+    @UseOrganizationDomains BIT = 0,
    @UseAdminSponsoredFamilies BIT = 0
 AS
 BEGIN
@ -120,6 +121,7 @@ BEGIN
				@@ -120,6 +121,7 @@ BEGIN
        [AllowAdminAccessToAllCollectionItems] = @AllowAdminAccessToAllCollectionItems,
        [UseRiskInsights] = @UseRiskInsights,
        [LimitItemDeletion] = @LimitItemDeletion,
+        [UseOrganizationDomains] = @UseOrganizationDomains,
        [UseAdminSponsoredFamilies] = @UseAdminSponsoredFamilies
    WHERE
        [Id] = @Id
--- a/src/Sql/dbo/Tables/Organization.sql
+++ b/src/Sql/dbo/Tables/Organization.sql
@ -56,6 +56,7 @@ CREATE TABLE [dbo].[Organization] (
				@@ -56,6 +56,7 @@ CREATE TABLE [dbo].[Organization] (
    [LimitItemDeletion]             BIT              NOT NULL CONSTRAINT [DF_Organization_LimitItemDeletion] DEFAULT (0),
    [AllowAdminAccessToAllCollectionItems]   BIT              NOT NULL CONSTRAINT [DF_Organization_AllowAdminAccessToAllCollectionItems] DEFAULT (0),
    [UseRiskInsights]               BIT              NOT NULL CONSTRAINT [DF_Organization_UseRiskInsights] DEFAULT (0),
+    [UseOrganizationDomains]        BIT              NOT NULL CONSTRAINT [DF_Organization_UseOrganizationDomains] DEFAULT (0),
    [UseAdminSponsoredFamilies]     BIT              NOT NULL CONSTRAINT [DF_Organization_UseAdminSponsoredFamilies] DEFAULT (0),
    CONSTRAINT [PK_Organization] PRIMARY KEY CLUSTERED ([Id] ASC)
 );
--- a/src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
+++ b/src/Sql/dbo/Views/OrganizationUserOrganizationDetailsView.sql
@ -50,8 +50,9 @@ SELECT
				@@ -50,8 +50,9 @@ SELECT
    O.[LimitCollectionDeletion],
    O.[AllowAdminAccessToAllCollectionItems],
    O.[UseRiskInsights],
-    O.[UseAdminSponsoredFamilies],
    O.[LimitItemDeletion],
+    O.[UseAdminSponsoredFamilies],
+    O.[UseOrganizationDomains],
    OS.[IsAdminInitiated]
 FROM
    [dbo].[OrganizationUser] OU
--- a/src/Sql/dbo/Views/OrganizationView.sql
+++ b/src/Sql/dbo/Views/OrganizationView.sql
@ -1,6 +1,6 @@
				@@ -1,6 +1,6 @@
-CREATE VIEW [dbo].[OrganizationView]
+CREATE VIEW [dbo].[OrganizationView]
 AS
 SELECT
    *
 FROM
-    [dbo].[Organization]
+    [dbo].[Organization]
--- a/src/Sql/dbo/Views/ProviderUserProviderOrganizationDetailsView.sql
+++ b/src/Sql/dbo/Views/ProviderUserProviderOrganizationDetailsView.sql
@ -38,7 +38,8 @@ SELECT
				@@ -38,7 +38,8 @@ SELECT
    O.[UseRiskInsights],
    O.[UseAdminSponsoredFamilies],
    P.[Type] ProviderType,
-    O.[LimitItemDeletion]
+    O.[LimitItemDeletion],
+    O.[UseOrganizationDomains]
 FROM
    [dbo].[ProviderUser] PU
 INNER JOIN
--- a/test/Core.Test/Models/Business/OrganizationLicenseFileFixtures.cs
+++ b/test/Core.Test/Models/Business/OrganizationLicenseFileFixtures.cs
@ -35,7 +35,7 @@ public static class OrganizationLicenseFileFixtures
				@@ -35,7 +35,7 @@ public static class OrganizationLicenseFileFixtures
        if (!LicenseVersions.ContainsKey(licenseVersion))
        {
            throw new Exception(
-                $"Cannot find serialized license version {licenseVersion}. You must add this to OrganizationLicenseFileFixtures when adding a new license version.");
+                    $"Cannot find serialized license version {licenseVersion}. You must add this to OrganizationLicenseFileFixtures when adding a new license version.");
        }

        var json = LicenseVersions.GetValueOrDefault(licenseVersion).Replace("'", "\"");
@ -76,6 +76,7 @@ public static class OrganizationLicenseFileFixtures
				@@ -76,6 +76,7 @@ public static class OrganizationLicenseFileFixtures
            MaxCollections = 2,
            UsePolicies = true,
            UseSso = true,
+            UseOrganizationDomains = true,
            UseKeyConnector = true,
            UseScim = true,
            UseGroups = true,
--- a/test/Core.Test/OrganizationFeatures/OrganizationLicenses/UpdateOrganizationLicenseCommandTests.cs
+++ b/test/Core.Test/OrganizationFeatures/OrganizationLicenses/UpdateOrganizationLicenseCommandTests.cs
@ -86,7 +86,8 @@ public class UpdateOrganizationLicenseCommandTests
				@@ -86,7 +86,8 @@ public class UpdateOrganizationLicenseCommandTests
                        "Id", "MaxStorageGb", "Issued", "Refresh", "Version", "Trial", "LicenseType",
                        "Hash", "Signature", "SignatureBytes", "InstallationId", "Expires",
                        "ExpirationWithoutGracePeriod", "Token", "LimitCollectionCreationDeletion",
-                        "LimitCollectionCreation", "LimitCollectionDeletion", "AllowAdminAccessToAllCollectionItems") &&
+                        "LimitCollectionCreation", "LimitCollectionDeletion", "AllowAdminAccessToAllCollectionItems",
+                        "UseOrganizationDomains", "UseAdminSponsoredFamilies") &&
                         // Same property but different name, use explicit mapping
                         org.ExpirationDate == license.Expires));
        }
--- a/util/Migrator/DbScripts/2025-05-13-00_AddUseOrganizationDomainsToOrganization.sql
+++ b/util/Migrator/DbScripts/2025-05-13-00_AddUseOrganizationDomainsToOrganization.sql
@ -0,0 +1,364 @@
				@@ -0,0 +1,364 @@
+/* adds new column "UseOrganizationDomains" not nullable with default of 0 */
+
+ALTER TABLE [dbo].[Organization] ADD [UseOrganizationDomains] bit NOT NULL CONSTRAINT [DF_Organization_UseOrganizationDomains] default (0)
+GO
+
+/* add column to Organization_Create*/
+
+CREATE OR ALTER PROCEDURE [dbo].[Organization_Create]
+    @Id UNIQUEIDENTIFIER OUTPUT,
+    @Identifier NVARCHAR(50),
+    @Name NVARCHAR(50),
+    @BusinessName NVARCHAR(50),
+    @BusinessAddress1 NVARCHAR(50),
+    @BusinessAddress2 NVARCHAR(50),
+    @BusinessAddress3 NVARCHAR(50),
+    @BusinessCountry VARCHAR(2),
+    @BusinessTaxNumber NVARCHAR(30),
+    @BillingEmail NVARCHAR(256),
+    @Plan NVARCHAR(50),
+    @PlanType TINYINT,
+    @Seats INT,
+    @MaxCollections SMALLINT,
+    @UsePolicies BIT,
+    @UseSso BIT,
+    @UseGroups BIT,
+    @UseDirectory BIT,
+    @UseEvents BIT,
+    @UseTotp BIT,
+    @Use2fa BIT,
+    @UseApi BIT,
+    @UseResetPassword BIT,
+    @SelfHost BIT,
+    @UsersGetPremium BIT,
+    @Storage BIGINT,
+    @MaxStorageGb SMALLINT,
+    @Gateway TINYINT,
+    @GatewayCustomerId VARCHAR(50),
+    @GatewaySubscriptionId VARCHAR(50),
+    @ReferenceData VARCHAR(MAX),
+    @Enabled BIT,
+    @LicenseKey VARCHAR(100),
+    @PublicKey VARCHAR(MAX),
+    @PrivateKey VARCHAR(MAX),
+    @TwoFactorProviders NVARCHAR(MAX),
+    @ExpirationDate DATETIME2(7),
+    @CreationDate DATETIME2(7),
+    @RevisionDate DATETIME2(7),
+    @OwnersNotifiedOfAutoscaling DATETIME2(7),
+    @MaxAutoscaleSeats INT,
+    @UseKeyConnector BIT = 0,
+    @UseScim BIT = 0,
+    @UseCustomPermissions BIT = 0,
+    @UseSecretsManager BIT = 0,
+    @Status TINYINT = 0,
+    @UsePasswordManager BIT = 1,
+    @SmSeats INT = null,
+    @SmServiceAccounts INT = null,
+    @MaxAutoscaleSmSeats INT= null,
+    @MaxAutoscaleSmServiceAccounts INT = null,
+    @SecretsManagerBeta BIT = 0,
+    @LimitCollectionCreation BIT = NULL,
+    @LimitCollectionDeletion BIT = NULL,
+    @AllowAdminAccessToAllCollectionItems BIT = 0,
+    @UseRiskInsights BIT = 0,
+    @LimitItemDeletion BIT = 0,
+    @UseOrganizationDomains BIT = 0,
+    @UseAdminSponsoredFamilies BIT = 0
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    INSERT INTO [dbo].[Organization]
+    (
+        [Id],
+        [Identifier],
+        [Name],
+        [BusinessName],
+        [BusinessAddress1],
+        [BusinessAddress2],
+        [BusinessAddress3],
+        [BusinessCountry],
+        [BusinessTaxNumber],
+        [BillingEmail],
+        [Plan],
+        [PlanType],
+        [Seats],
+        [MaxCollections],
+        [UsePolicies],
+        [UseSso],
+        [UseGroups],
+        [UseDirectory],
+        [UseEvents],
+        [UseTotp],
+        [Use2fa],
+        [UseApi],
+        [UseResetPassword],
+        [SelfHost],
+        [UsersGetPremium],
+        [Storage],
+        [MaxStorageGb],
+        [Gateway],
+        [GatewayCustomerId],
+        [GatewaySubscriptionId],
+        [ReferenceData],
+        [Enabled],
+        [LicenseKey],
+        [PublicKey],
+        [PrivateKey],
+        [TwoFactorProviders],
+        [ExpirationDate],
+        [CreationDate],
+        [RevisionDate],
+        [OwnersNotifiedOfAutoscaling],
+        [MaxAutoscaleSeats],
+        [UseKeyConnector],
+        [UseScim],
+        [UseCustomPermissions],
+        [UseSecretsManager],
+        [Status],
+        [UsePasswordManager],
+        [SmSeats],
+        [SmServiceAccounts],
+        [MaxAutoscaleSmSeats],
+        [MaxAutoscaleSmServiceAccounts],
+        [SecretsManagerBeta],
+        [LimitCollectionCreation],
+        [LimitCollectionDeletion],
+        [AllowAdminAccessToAllCollectionItems],
+        [UseRiskInsights],
+        [LimitItemDeletion],
+        [UseOrganizationDomains],
+        [UseAdminSponsoredFamilies]
+    )
+    VALUES
+    (
+        @Id,
+        @Identifier,
+        @Name,
+        @BusinessName,
+        @BusinessAddress1,
+        @BusinessAddress2,
+        @BusinessAddress3,
+        @BusinessCountry,
+        @BusinessTaxNumber,
+        @BillingEmail,
+        @Plan,
+        @PlanType,
+        @Seats,
+        @MaxCollections,
+        @UsePolicies,
+        @UseSso,
+        @UseGroups,
+        @UseDirectory,
+        @UseEvents,
+        @UseTotp,
+        @Use2fa,
+        @UseApi,
+        @UseResetPassword,
+        @SelfHost,
+        @UsersGetPremium,
+        @Storage,
+        @MaxStorageGb,
+        @Gateway,
+        @GatewayCustomerId,
+        @GatewaySubscriptionId,
+        @ReferenceData,
+        @Enabled,
+        @LicenseKey,
+        @PublicKey,
+        @PrivateKey,
+        @TwoFactorProviders,
+        @ExpirationDate,
+        @CreationDate,
+        @RevisionDate,
+        @OwnersNotifiedOfAutoscaling,
+        @MaxAutoscaleSeats,
+        @UseKeyConnector,
+        @UseScim,
+        @UseCustomPermissions,
+        @UseSecretsManager,
+        @Status,
+        @UsePasswordManager,
+        @SmSeats,
+        @SmServiceAccounts,
+        @MaxAutoscaleSmSeats,
+        @MaxAutoscaleSmServiceAccounts,
+        @SecretsManagerBeta,
+        @LimitCollectionCreation,
+        @LimitCollectionDeletion,
+        @AllowAdminAccessToAllCollectionItems,
+        @UseRiskInsights,
+        @LimitItemDeletion,
+        @UseOrganizationDomains,
+        @UseAdminSponsoredFamilies
+    )
+END
+GO
+
+/* add column to Organization_ReadAbilities*/
+CREATE OR ALTER PROCEDURE [dbo].[Organization_ReadAbilities]
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        [Id],
+        [UseEvents],
+        [Use2fa],
+        CASE
+        WHEN [Use2fa] = 1 AND [TwoFactorProviders] IS NOT NULL AND [TwoFactorProviders] != '{}' THEN
+            1
+        ELSE
+            0
+        END AS [Using2fa],
+        [UsersGetPremium],
+        [UseCustomPermissions],
+        [UseSso],
+        [UseKeyConnector],
+        [UseScim],
+        [UseResetPassword],
+        [UsePolicies],
+        [Enabled],
+        [LimitCollectionCreation],
+        [LimitCollectionDeletion],
+        [AllowAdminAccessToAllCollectionItems],
+        [UseRiskInsights],
+        [LimitItemDeletion],
+        [UseOrganizationDomains],
+        [UseAdminSponsoredFamilies]
+    FROM
+        [dbo].[Organization]
+END
+GO
+
+/* add column to Organization_Update*/
+CREATE OR ALTER PROCEDURE [dbo].[Organization_Update]
+    @Id UNIQUEIDENTIFIER,
+    @Identifier NVARCHAR(50),
+    @Name NVARCHAR(50),
+    @BusinessName NVARCHAR(50),
+    @BusinessAddress1 NVARCHAR(50),
+    @BusinessAddress2 NVARCHAR(50),
+    @BusinessAddress3 NVARCHAR(50),
+    @BusinessCountry VARCHAR(2),
+    @BusinessTaxNumber NVARCHAR(30),
+    @BillingEmail NVARCHAR(256),
+    @Plan NVARCHAR(50),
+    @PlanType TINYINT,
+    @Seats INT,
+    @MaxCollections SMALLINT,
+    @UsePolicies BIT,
+    @UseSso BIT,
+    @UseGroups BIT,
+    @UseDirectory BIT,
+    @UseEvents BIT,
+    @UseTotp BIT,
+    @Use2fa BIT,
+    @UseApi BIT,
+    @UseResetPassword BIT,
+    @SelfHost BIT,
+    @UsersGetPremium BIT,
+    @Storage BIGINT,
+    @MaxStorageGb SMALLINT,
+    @Gateway TINYINT,
+    @GatewayCustomerId VARCHAR(50),
+    @GatewaySubscriptionId VARCHAR(50),
+    @ReferenceData VARCHAR(MAX),
+    @Enabled BIT,
+    @LicenseKey VARCHAR(100),
+    @PublicKey VARCHAR(MAX),
+    @PrivateKey VARCHAR(MAX),
+    @TwoFactorProviders NVARCHAR(MAX),
+    @ExpirationDate DATETIME2(7),
+    @CreationDate DATETIME2(7),
+    @RevisionDate DATETIME2(7),
+    @OwnersNotifiedOfAutoscaling DATETIME2(7),
+    @MaxAutoscaleSeats INT,
+    @UseKeyConnector BIT = 0,
+    @UseScim BIT = 0,
+    @UseCustomPermissions BIT = 0,
+    @UseSecretsManager BIT = 0,
+    @Status TINYINT = 0,
+    @UsePasswordManager BIT = 1,
+    @SmSeats INT = null,
+    @SmServiceAccounts INT = null,
+    @MaxAutoscaleSmSeats INT = null,
+    @MaxAutoscaleSmServiceAccounts INT = null,
+    @SecretsManagerBeta BIT = 0,
+    @LimitCollectionCreation BIT = null,
+    @LimitCollectionDeletion BIT = null,
+    @AllowAdminAccessToAllCollectionItems BIT = 0,
+    @UseRiskInsights BIT = 0,
+    @LimitItemDeletion BIT = 0,
+    @UseOrganizationDomains BIT = 0,
+    @UseAdminSponsoredFamilies BIT = 0
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    UPDATE
+        [dbo].[Organization]
+    SET
+        [Identifier] = @Identifier,
+        [Name] = @Name,
+        [BusinessName] = @BusinessName,
+        [BusinessAddress1] = @BusinessAddress1,
+        [BusinessAddress2] = @BusinessAddress2,
+        [BusinessAddress3] = @BusinessAddress3,
+        [BusinessCountry] = @BusinessCountry,
+        [BusinessTaxNumber] = @BusinessTaxNumber,
+        [BillingEmail] = @BillingEmail,
+        [Plan] = @Plan,
+        [PlanType] = @PlanType,
+        [Seats] = @Seats,
+        [MaxCollections] = @MaxCollections,
+        [UsePolicies] = @UsePolicies,
+        [UseSso] = @UseSso,
+        [UseGroups] = @UseGroups,
+        [UseDirectory] = @UseDirectory,
+        [UseEvents] = @UseEvents,
+        [UseTotp] = @UseTotp,
+        [Use2fa] = @Use2fa,
+        [UseApi] = @UseApi,
+        [UseResetPassword] = @UseResetPassword,
+        [SelfHost] = @SelfHost,
+        [UsersGetPremium] = @UsersGetPremium,
+        [Storage] = @Storage,
+        [MaxStorageGb] = @MaxStorageGb,
+        [Gateway] = @Gateway,
+        [GatewayCustomerId] = @GatewayCustomerId,
+        [GatewaySubscriptionId] = @GatewaySubscriptionId,
+        [ReferenceData] = @ReferenceData,
+        [Enabled] = @Enabled,
+        [LicenseKey] = @LicenseKey,
+        [PublicKey] = @PublicKey,
+        [PrivateKey] = @PrivateKey,
+        [TwoFactorProviders] = @TwoFactorProviders,
+        [ExpirationDate] = @ExpirationDate,
+        [CreationDate] = @CreationDate,
+        [RevisionDate] = @RevisionDate,
+        [OwnersNotifiedOfAutoscaling] = @OwnersNotifiedOfAutoscaling,
+        [MaxAutoscaleSeats] = @MaxAutoscaleSeats,
+        [UseKeyConnector] = @UseKeyConnector,
+        [UseScim] = @UseScim,
+        [UseCustomPermissions] = @UseCustomPermissions,
+        [UseSecretsManager] = @UseSecretsManager,
+        [Status] = @Status,
+        [UsePasswordManager] = @UsePasswordManager,
+        [SmSeats] = @SmSeats,
+        [SmServiceAccounts] = @SmServiceAccounts,
+        [MaxAutoscaleSmSeats] = @MaxAutoscaleSmSeats,
+        [MaxAutoscaleSmServiceAccounts] = @MaxAutoscaleSmServiceAccounts,
+        [SecretsManagerBeta] = @SecretsManagerBeta,
+        [LimitCollectionCreation] = @LimitCollectionCreation,
+        [LimitCollectionDeletion] = @LimitCollectionDeletion,
+        [AllowAdminAccessToAllCollectionItems] = @AllowAdminAccessToAllCollectionItems,
+        [UseRiskInsights] = @UseRiskInsights,
+        [LimitItemDeletion] = @LimitItemDeletion,
+        [UseOrganizationDomains] = @UseOrganizationDomains,
+        [UseAdminSponsoredFamilies] = @UseAdminSponsoredFamilies
+    WHERE
+        [Id] = @Id
+END
+GO
--- a/util/Migrator/DbScripts/2025-05-13-01_AddUseOrganizationDomainsToViews.sql
+++ b/util/Migrator/DbScripts/2025-05-13-01_AddUseOrganizationDomainsToViews.sql
@ -0,0 +1,131 @@
				@@ -0,0 +1,131 @@
+CREATE OR ALTER VIEW [dbo].[OrganizationUserOrganizationDetailsView]
+AS
+SELECT
+    OU.[UserId],
+    OU.[OrganizationId],
+    OU.[Id] OrganizationUserId,
+    O.[Name],
+    O.[Enabled],
+    O.[PlanType],
+    O.[UsePolicies],
+    O.[UseSso],
+    O.[UseKeyConnector],
+    O.[UseScim],
+    O.[UseGroups],
+    O.[UseDirectory],
+    O.[UseEvents],
+    O.[UseTotp],
+    O.[Use2fa],
+    O.[UseApi],
+    O.[UseResetPassword],
+    O.[SelfHost],
+    O.[UsersGetPremium],
+    O.[UseCustomPermissions],
+    O.[UseSecretsManager],
+    O.[Seats],
+    O.[MaxCollections],
+    O.[MaxStorageGb],
+    O.[Identifier],
+    OU.[Key],
+    OU.[ResetPasswordKey],
+    O.[PublicKey],
+    O.[PrivateKey],
+    OU.[Status],
+    OU.[Type],
+    SU.[ExternalId] SsoExternalId,
+    OU.[Permissions],
+    PO.[ProviderId],
+    P.[Name] ProviderName,
+    P.[Type] ProviderType,
+    SS.[Data] SsoConfig,
+    OS.[FriendlyName] FamilySponsorshipFriendlyName,
+    OS.[LastSyncDate] FamilySponsorshipLastSyncDate,
+    OS.[ToDelete] FamilySponsorshipToDelete,
+    OS.[ValidUntil] FamilySponsorshipValidUntil,
+    OU.[AccessSecretsManager],
+    O.[UsePasswordManager],
+    O.[SmSeats],
+    O.[SmServiceAccounts],
+    O.[LimitCollectionCreation],
+    O.[LimitCollectionDeletion],
+    O.[AllowAdminAccessToAllCollectionItems],
+    O.[UseRiskInsights],
+    O.[LimitItemDeletion],
+    O.[UseAdminSponsoredFamilies],
+    O.[UseOrganizationDomains],
+    OS.[IsAdminInitiated]
+FROM
+    [dbo].[OrganizationUser] OU
+LEFT JOIN
+    [dbo].[Organization] O ON O.[Id] = OU.[OrganizationId]
+LEFT JOIN
+    [dbo].[SsoUser] SU ON SU.[UserId] = OU.[UserId] AND SU.[OrganizationId] = OU.[OrganizationId]
+LEFT JOIN
+    [dbo].[ProviderOrganization] PO ON PO.[OrganizationId] = O.[Id]
+LEFT JOIN
+    [dbo].[Provider] P ON P.[Id] = PO.[ProviderId]
+LEFT JOIN
+    [dbo].[SsoConfig] SS ON SS.[OrganizationId] = OU.[OrganizationId]
+LEFT JOIN
+    [dbo].[OrganizationSponsorship] OS ON OS.[SponsoringOrganizationUserID] = OU.[Id]
+GO
+
+CREATE OR ALTER VIEW [dbo].[ProviderUserProviderOrganizationDetailsView]
+AS
+SELECT
+    PU.[UserId],
+    PO.[OrganizationId],
+    O.[Name],
+    O.[Enabled],
+    O.[UsePolicies],
+    O.[UseSso],
+    O.[UseKeyConnector],
+    O.[UseScim],
+    O.[UseGroups],
+    O.[UseDirectory],
+    O.[UseEvents],
+    O.[UseTotp],
+    O.[Use2fa],
+    O.[UseApi],
+    O.[UseResetPassword],
+    O.[SelfHost],
+    O.[UsersGetPremium],
+    O.[UseCustomPermissions],
+    O.[Seats],
+    O.[MaxCollections],
+    O.[MaxStorageGb],
+    O.[Identifier],
+    PO.[Key],
+    O.[PublicKey],
+    O.[PrivateKey],
+    PU.[Status],
+    PU.[Type],
+    PO.[ProviderId],
+    PU.[Id] ProviderUserId,
+    P.[Name] ProviderName,
+    O.[PlanType],
+    O.[LimitCollectionCreation],
+    O.[LimitCollectionDeletion],
+    O.[AllowAdminAccessToAllCollectionItems],
+    O.[UseRiskInsights],
+    O.[UseAdminSponsoredFamilies],
+    P.[Type] ProviderType,
+    O.[LimitItemDeletion],
+    O.[UseOrganizationDomains]
+FROM
+    [dbo].[ProviderUser] PU
+INNER JOIN
+    [dbo].[ProviderOrganization] PO ON PO.[ProviderId] = PU.[ProviderId]
+INNER JOIN
+    [dbo].[Organization] O ON O.[Id] = PO.[OrganizationId]
+INNER JOIN
+    [dbo].[Provider] P ON P.[Id] = PU.[ProviderId]
+GO
+
+CREATE OR ALTER VIEW [dbo].[OrganizationView]
+AS
+SELECT
+    *
+FROM
+    [dbo].[Organization]
+GO
--- a/util/Migrator/DbScripts/2025-05-13-02_AddUseOrganizationDomainsDataMigration.sql
+++ b/util/Migrator/DbScripts/2025-05-13-02_AddUseOrganizationDomainsDataMigration.sql
@ -0,0 +1,9 @@
				@@ -0,0 +1,9 @@
+/* update the new column to have the value used in UseSso to preserve existing orgs ability */
+
+UPDATE
+    [dbo].[Organization]
+SET
+    [UseOrganizationDomains] = [UseSso]
+WHERE
+    [UseSso] = 1
+GO
--- a/util/MySqlMigrations/HelperScripts/2025-05-13_00_AddUseOrganizationDomains.sql
+++ b/util/MySqlMigrations/HelperScripts/2025-05-13_00_AddUseOrganizationDomains.sql
@ -0,0 +1,3 @@
				@@ -0,0 +1,3 @@
+UPDATE Organization
+SET UseOrganizationDomains = UseSso
+WHERE UseSso = 1
--- a/util/MySqlMigrations/Migrations/20250513151140_AddUseOrganizationDomains.Designer.cs
+++ b/util/MySqlMigrations/Migrations/20250513151140_AddUseOrganizationDomains.Designer.cs
--- a/util/MySqlMigrations/Migrations/20250513151140_AddUseOrganizationDomains.cs
+++ b/util/MySqlMigrations/Migrations/20250513151140_AddUseOrganizationDomains.cs
@ -0,0 +1,26 @@
				@@ -0,0 +1,26 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.MySqlMigrations.Migrations;
+
+/// <inheritdoc />
+public partial class AddUseOrganizationDomains : Migration
+{
+    /// <inheritdoc />
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.AddColumn<bool>(
+            name: "UseOrganizationDomains",
+            table: "Organization",
+            type: "tinyint(1)",
+            nullable: false,
+            defaultValue: false);
+    }
+
+    /// <inheritdoc />
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        throw new Exception("Irreversible migration.");
+    }
+}
--- a/util/MySqlMigrations/Migrations/20250513151141_AddUseOrganizationDomainsData.cs
+++ b/util/MySqlMigrations/Migrations/20250513151141_AddUseOrganizationDomainsData.cs
@ -0,0 +1,23 @@
				@@ -0,0 +1,23 @@
+using Bit.Core.Utilities;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.MySqlMigrations.Migrations;
+
+/// <inheritdoc />
+public partial class AddUseOrganizationDomainsData : Migration
+{
+    private const string _addUseOrganizationDomainsMigrationScript = "MySqlMigrations.HelperScripts.2025-05-13_00_AddUseOrganizationDomains.sql";
+    /// <inheritdoc />
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.Sql(CoreHelpers.GetEmbeddedResourceContentsAsync(_addUseOrganizationDomainsMigrationScript));
+    }
+
+    /// <inheritdoc />
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        throw new Exception("Irreversible migration");
+    }
+}
--- a/util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs
+++ b/util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs
@ -185,6 +185,9 @@ namespace Bit.MySqlMigrations.Migrations
				@@ -185,6 +185,9 @@ namespace Bit.MySqlMigrations.Migrations
                    b.Property<bool>("UseKeyConnector")
                        .HasColumnType("tinyint(1)");

+                    b.Property<bool>("UseOrganizationDomains")
+                        .HasColumnType("tinyint(1)");
+
                    b.Property<bool>("UsePasswordManager")
                        .HasColumnType("tinyint(1)");

--- a/util/MySqlMigrations/MySqlMigrations.csproj
+++ b/util/MySqlMigrations/MySqlMigrations.csproj
@ -1,4 +1,4 @@
				@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <UserSecretsId>9f1cd3e0-70f2-4921-8068-b2538fd7c3f7</UserSecretsId>
@ -32,5 +32,6 @@
				@@ -32,5 +32,6 @@
    <EmbeddedResource Include="HelperScripts\2024-04-25_00_EnableOrgsCollectionEnhancements.sql" />
    <EmbeddedResource Include="HelperScripts\2024-08-26_00_FinalFlexibleCollectionsDataMigrations.sql" />
    <EmbeddedResource Include="HelperScripts\2024-09-05_00_SyncDuoVersionFourMetadataToVersionTwo.sql" />
+    <EmbeddedResource Include="HelperScripts\2025-05-13_00_AddUseOrganizationDomains.sql" />
  </ItemGroup>
 </Project>
--- a/util/PostgresMigrations/HelperScripts/2025-05-13_00_AddUseOrganizationDomains.psql
+++ b/util/PostgresMigrations/HelperScripts/2025-05-13_00_AddUseOrganizationDomains.psql
@ -0,0 +1,3 @@
				@@ -0,0 +1,3 @@
+UPDATE "Organization"
+SET "UseOrganizationDomains" = "UseSso"
+WHERE "UseSso" IS true
--- a/util/PostgresMigrations/Migrations/20250513151148_AddUseOrganizationDomains.Designer.cs
+++ b/util/PostgresMigrations/Migrations/20250513151148_AddUseOrganizationDomains.Designer.cs
--- a/util/PostgresMigrations/Migrations/20250513151148_AddUseOrganizationDomains.cs
+++ b/util/PostgresMigrations/Migrations/20250513151148_AddUseOrganizationDomains.cs
@ -0,0 +1,26 @@
				@@ -0,0 +1,26 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.PostgresMigrations.Migrations;
+
+/// <inheritdoc />
+public partial class AddUseOrganizationDomains : Migration
+{
+    /// <inheritdoc />
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.AddColumn<bool>(
+            name: "UseOrganizationDomains",
+            table: "Organization",
+            type: "boolean",
+            nullable: false,
+            defaultValue: false);
+    }
+
+    /// <inheritdoc />
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        throw new Exception("Irreversible migration.");
+    }
+}
--- a/util/PostgresMigrations/Migrations/20250513151149_AddUseOrganizationDomainsData.cs
+++ b/util/PostgresMigrations/Migrations/20250513151149_AddUseOrganizationDomainsData.cs
@ -0,0 +1,25 @@
				@@ -0,0 +1,25 @@
+using Bit.Core.Utilities;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.PostgresMigrations.Migrations;
+
+/// <inheritdoc />
+public partial class AddUseOrganizationDomainsData : Migration
+{
+
+    private const string _addUseOrganizationDomainsMigrationScript = "PostgresMigrations.HelperScripts.2025-05-13_00_AddUseOrganizationDomains.psql";
+
+    /// <inheritdoc />
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.Sql(CoreHelpers.GetEmbeddedResourceContentsAsync(_addUseOrganizationDomainsMigrationScript));
+    }
+
+    /// <inheritdoc />
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        throw new Exception("Irreversible migration.");
+    }
+}
--- a/util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs
+++ b/util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs
@ -187,6 +187,9 @@ namespace Bit.PostgresMigrations.Migrations
				@@ -187,6 +187,9 @@ namespace Bit.PostgresMigrations.Migrations
                    b.Property<bool>("UseKeyConnector")
                        .HasColumnType("boolean");

+                    b.Property<bool>("UseOrganizationDomains")
+                        .HasColumnType("boolean");
+
                    b.Property<bool>("UsePasswordManager")
                        .HasColumnType("boolean");

--- a/util/PostgresMigrations/PostgresMigrations.csproj
+++ b/util/PostgresMigrations/PostgresMigrations.csproj
@ -27,5 +27,6 @@
				@@ -27,5 +27,6 @@
    <EmbeddedResource Include="HelperScripts\2024-04-25_00_EnableOrgsCollectionEnhancements.psql" />
    <EmbeddedResource Include="HelperScripts\2024-08-26_00_FinalFlexibleCollectionsDataMigrations.psql" />
    <EmbeddedResource Include="HelperScripts\2024-09-05_00_SyncDuoVersionFourMetadataToVersionTwo.psql" />
+    <EmbeddedResource Include="HelperScripts\2025-05-13_00_AddUseOrganizationDomains.psql" />
  </ItemGroup>
 </Project>
--- a/util/SqliteMigrations/HelperScripts/2025-05-13_00_AddUseOrganizationDomains.sql
+++ b/util/SqliteMigrations/HelperScripts/2025-05-13_00_AddUseOrganizationDomains.sql
@ -0,0 +1,3 @@
				@@ -0,0 +1,3 @@
+UPDATE [Organization]
+SET [UseOrganizationDomains] = [UseSso]
+WHERE [UseSso] = 1
--- a/util/SqliteMigrations/Migrations/20250513151144_AddUseOrganizationDomains.Designer.cs
+++ b/util/SqliteMigrations/Migrations/20250513151144_AddUseOrganizationDomains.Designer.cs
--- a/util/SqliteMigrations/Migrations/20250513151144_AddUseOrganizationDomains.cs
+++ b/util/SqliteMigrations/Migrations/20250513151144_AddUseOrganizationDomains.cs
@ -0,0 +1,26 @@
				@@ -0,0 +1,26 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.SqliteMigrations.Migrations;
+
+/// <inheritdoc />
+public partial class AddUseOrganizationDomains : Migration
+{
+    /// <inheritdoc />
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.AddColumn<bool>(
+            name: "UseOrganizationDomains",
+            table: "Organization",
+            type: "INTEGER",
+            nullable: false,
+            defaultValue: false);
+    }
+
+    /// <inheritdoc />
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        throw new Exception("Irreversible migration.");
+    }
+}
--- a/util/SqliteMigrations/Migrations/20250513151145_AddUseOrganizationDomainsData.cs
+++ b/util/SqliteMigrations/Migrations/20250513151145_AddUseOrganizationDomainsData.cs
@ -0,0 +1,25 @@
				@@ -0,0 +1,25 @@
+using Bit.Core.Utilities;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.SqliteMigrations.Migrations;
+
+/// <inheritdoc />
+public partial class AddUseOrganizationDomainsData : Migration
+{
+    private const string _addUseOrganizationDomainsMigrationScript = "SqliteMigrations.HelperScripts.2025-05-13_00_AddUseOrganizationDomains.sql";
+
+    /// <inheritdoc />
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.Sql(CoreHelpers.GetEmbeddedResourceContentsAsync(_addUseOrganizationDomainsMigrationScript));
+    }
+
+    /// <inheritdoc />
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+
+        throw new Exception("Irreversible migration.");
+    }
+}
--- a/util/SqliteMigrations/Migrations/DatabaseContextModelSnapshot.cs
+++ b/util/SqliteMigrations/Migrations/DatabaseContextModelSnapshot.cs
@ -180,6 +180,9 @@ namespace Bit.SqliteMigrations.Migrations
				@@ -180,6 +180,9 @@ namespace Bit.SqliteMigrations.Migrations
                    b.Property<bool>("UseKeyConnector")
                        .HasColumnType("INTEGER");

+                    b.Property<bool>("UseOrganizationDomains")
+                        .HasColumnType("INTEGER");
+
                    b.Property<bool>("UsePasswordManager")
                        .HasColumnType("INTEGER");

--- a/util/SqliteMigrations/SqliteMigrations.csproj
+++ b/util/SqliteMigrations/SqliteMigrations.csproj
@ -1,32 +1,33 @@
				@@ -1,32 +1,33 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <ImplicitUsings>enable</ImplicitUsings>
-    <Nullable>enable</Nullable>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <ProjectReference Include="..\..\src\Core\Core.csproj" />
-    <ProjectReference Include="..\..\src\Infrastructure.EntityFramework\Infrastructure.EntityFramework.csproj" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="[8.0.8]">
-      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
-      <PrivateAssets>all</PrivateAssets>
-    </PackageReference>
-  </ItemGroup>
-
-  <ItemGroup>
-    <Compile Include="..\EfShared\MigrationBuilderExtensions.cs" />
-  </ItemGroup>
-
-  <ItemGroup>
-    <EmbeddedResource Include="HelperScripts\2023-12-04_00_Up_GrantIndexes.sql" />
-    <EmbeddedResource Include="HelperScripts\2023-12-04_00_Down_GrantIndexes.sql" />
-    <EmbeddedResource Include="HelperScripts\2024-04-25_00_EnableOrgsCollectionEnhancements.sql" />
-    <EmbeddedResource Include="HelperScripts\2024-08-26_00_FinalFlexibleCollectionsDataMigrations.sql" />
-    <EmbeddedResource Include="HelperScripts\2024-09-05_00_SyncDuoVersionFourMetadataToVersionTwo.sql" />
-  </ItemGroup>
-
-</Project>
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\Core\Core.csproj" />
+    <ProjectReference Include="..\..\src\Infrastructure.EntityFramework\Infrastructure.EntityFramework.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="[8.0.8]">
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+      <PrivateAssets>all</PrivateAssets>
+    </PackageReference>
+  </ItemGroup>
+
+  <ItemGroup>
+    <Compile Include="..\EfShared\MigrationBuilderExtensions.cs" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <EmbeddedResource Include="HelperScripts\2023-12-04_00_Up_GrantIndexes.sql" />
+    <EmbeddedResource Include="HelperScripts\2023-12-04_00_Down_GrantIndexes.sql" />
+    <EmbeddedResource Include="HelperScripts\2024-04-25_00_EnableOrgsCollectionEnhancements.sql" />
+    <EmbeddedResource Include="HelperScripts\2024-08-26_00_FinalFlexibleCollectionsDataMigrations.sql" />
+    <EmbeddedResource Include="HelperScripts\2024-09-05_00_SyncDuoVersionFourMetadataToVersionTwo.sql" />
+    <EmbeddedResource Include="HelperScripts\2025-05-13_00_AddUseOrganizationDomains.sql" />
+  </ItemGroup>
+
+</Project>