> For the complete documentation index, see llms.txt.
Skip to main content

Check out Port for yourself ➜ 

Multiple organization membership

Multiple organization membership within Port means that users can belong to more than one organization simultaneously, for example, prod and dev. This enables:

  • Cross-organization access: Users can work across multiple organizations without needing separate accounts.
  • Seamless switching: Switch between organizations using the UI.

Create an organization

As a user with account admin permissions on a paid account, you can create new organizations directly from the UI:

  1. Go to your Port application.
  2. Click on the logo in the top left corner of the page.
  3. Click on the + Create Organization button.
  4. Follow the steps to create a new organization.

Manage account admins

Account admins can promote or demote other users' account roles using the Change a user's account role API route.

Account admin permission

You can grant the Account admin permission to users who have an admin role in at least one organization within the account.

Manage company admins

Company admins can promote or demote other users' company roles using the Change a user's company role API route.

Switch organizations

In order to switch to a different organization:

  1. Go to your Port application.
  2. Click on the logo in the top left corner of the page.
  3. Click on the organization you want to switch to.

Login behavior and organization switching

When users log in, they automatically access their last visited organization, unless they open a direct link to a page in a different organization.

We recommend you verify the active organization before making changes.

All Port URLs include the organization ID in the path. When you share a link and the recipient opens it, Port automatically switches them to the correct organization before loading the page - even if they were last active in a different organization.

The entire tab reflects this context, including the tab title, making it easy to identify which organization is active in each tab.

If the recipient does not have access to the organization in the link, they will not be able to access the page.

Share links across teams

Copy links directly from your browser's address bar when sharing resources across teams or environments (for example, between staging and production). The organization context is already included, so recipients will land in the correct organization regardless of which organization they were last active in.

Automatic user access

Automatic user access makes it easy to onboard large groups of users:

  • Users with account admin permissions and organization admins can mark an organization as publicly accessible to SSO users.
  • When users log in via SSO, they automatically get the default member role in the organizations.

To enable automatic user access:

  1. Go to the Builder page of your portal.
  2. Click on Organization settings in the sidebar.
  3. In the Settings tab, enable the "Automatic user access" for the organization.
  4. Click Save.

SSO access to organizations

When users connect with SSO, their access is determined by:

  • Explicit invitations: Organizations where the user has been explicitly invited.
  • Automatic user access: Organizations that have "Automatic User Access" enabled.

On login, Port checks which organizations the user has been explicitly invited to, plus which organizations have automatic user access enabled, and grants access to those organizations only.

User status in multi-org environments

When managing users across multiple organizations within an account, it's important to understand how user statuses work and their implications for access control.

User status definitions

StatusDescriptionCan access Port?Cross-org behavior
ActiveUser has full access to the organization.YesStatus is per-organization. A user can be Active in one org and have a different status in another.
InvitedUser has been sent an invitation email but has not yet logged in.No, until they acceptInvitation is per-organization. User must accept and log in to become Active.
StagedUser exists in the system but has not been invited via email.Yes, if activated in any orgIf a Staged user is activated in one organization, they gain access to that organization. Their status in other organizations remains unchanged.
DisabledUser access has been revoked for this organization.No, for this orgDisabled status must be set per-organization. To fully block a user, disable them in all organizations.
Staged status does not block access across organizations

Setting a user to Staged in one organization does not prevent them from accessing Port if they have Active status in another organization within the same account.

If you need to completely revoke a user's access across all organizations, you must set their status to Disabled in every organization they belong to.

Managing user status

To change a user's status:

  1. Go to the Users page in your portal.
  2. Find the user you want to modify.
  3. Click the status dropdown and select the new status.
  4. The change takes effect immediately for that organization.

Best practices for access control

  • To temporarily suspend access: Set the user to Disabled in all organizations where they should not have access.
  • To fully revoke access: Disable the user in all organizations within the account.
  • To onboard new users gradually: Use Staged status, but be aware that activating them in one organization allows access to that organization immediately.
  • For offboarding: Set the user to Disabled across all organizations rather than relying on Staged status.

Default login organization

When a company has multiple organizations in Port (e.g. production and sandbox), new SSO users need to be routed to one of them on first login. By default, Port routes new users to the oldest organization by creation date — which can result in sandbox orgs being the unintended default.

Company admins can explicitly designate one org as the landing destination for new SSO users.

To set the default login organization:

  1. Go to the Builder page and open Organization settings for the org you want to set as the default.

  2. Navigate to the Access tab.

  3. Make sure Automatic user access is enabled.

  4. Toggle on New SSO users will land on this org by default.

  5. Click Save.

Notes & limitations

  • This setting only affects new users who have never logged in before. Returning users always land on their most recently used organization.

  • Only one organization per company can be set as the default at a time. Setting a new default automatically replaces the previous one.

  • If you don't see the toggle, make sure your organization has Company SSO configured and that Automatic user access is enabled.