Manage user, organization & RBAC in Suger Console.


  1. Suger use Auth0 as the authentication & authorization provider. Both Sign in and Sign up share the same entry
  2. Suger supports sso with Google, Microsoft and OKTA (available upon request). If you need sso with other identity providers like OKTA, please contact us


  1. All Suger resources are organized & managed under organization. Each user must belong to at least one organization.
  2. When you sign up for Suger for the first time, you will be prompted to create a new organization. However, please note that your organization will require approval from Suger in order to become active. To initiate the approval process for your newly created organization, please get in touch with Suger Support.
  3. The user who creates the organization has the ADMIN role as default. It is allowed to add new users, edit user role or delete the users. There are 3 roles: ADMIN, EDITOR & READER. Their permission scope is defined below:
    User RoleRBAC Permissions
    ADMINFull access, including management of users, organizations, API Client & Webhook.
    EDITORFull access, but excluding the access to management of users, organizations, API Client & Webhook.
    READERCan only access Suger services with read access, no permission to create/edit/delete any resources
    • The email domain of the organization inherits from the user who created it.
    • For security purpose, only the users who has the same email domain as the organization can be added to that organization.