From 24b1e53ffafcad89deb37b630210fde612be3274 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Mon, 8 Sep 2025 08:52:09 +0300
Subject: [PATCH 01/15] WIP

---
 docs/sso-rbac/multi-organization.md | 75 +++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 docs/sso-rbac/multi-organization.md

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
new file mode 100644
index 0000000000..4a57f534c8
--- /dev/null
+++ b/docs/sso-rbac/multi-organization.md
@@ -0,0 +1,75 @@
+---
+sidebar_position: 3
+---
+
+# Multi-organization support
+
+Port's multi-organization feature introduces a multi-organization model inside Port, where a single user can seamlessly move between different organizations without needing separate logins.
+This capability enables better organizational structure management, improved access control across different environments or business units, and streamlined user onboarding.
+
+:::info Feature availability
+The **multi-org feature** is available on request and can be enabled only by contacting Port support.
+:::
+
+## What is multi-organization?
+
+Multi-organization within Port means that users can belong to more than one organization simultaneously.  
+This enables:
+
+- **Cross-organization access**: Users can work across multiple organizations without needing separate accounts.
+- **Seamless switching**: Switch between organizations using the [UI](#switch-organization).
+- **Unified identity**: Maintain a single identity while accessing multiple organizational contexts.
+
+## Key features
+
+### Switch organization
+
+To add an organization:
+
+1. Go to your [Port application](https://app.port.io).
+2. Click on the logo in the top left corner of the page.
+3. Choose the organization you want to switch to.
+
+:::info Login behavior
+Note that when users log in, they automatically access their last visited organization.
+:::
+
+### User lifecycle status
+
+A new `staged` user status has been introduced for better user lifecycle management:
+
+- `Staged`: User exists but hasn't been invited by email.
+- `Active`: User has logged into Port and can use the portal normally.
+- `Invited`: User was invited to Port via an invitation email.
+- `Disabled`: User is disabled and cannot use Port.
+
+:::info Migration required
+The Auth0 logic that automatically made `Disabled` statuses `Active` on SSO login has been removed. Customers currently misusing the `Disabled` status will need to migrate to `Staged` status.
+:::
+
+## Automatic User Access (Just-in-Time / JIT)
+
+The Automatic User Access enables streamlined onboarding for large groups of users:
+
+- **Organization settings**: Organization admins can mark an organization as publicly accessible to SSO users.
+- **SSO login**: When users log in via SSO, they automatically gain default `Member` access to the organizations.
+
+To enable Automatic User Access:
+
+1. Navigate to the organization settings.
+2. Enable "Automatic user access" for the organization.
+3. Configure default role (typically "Member").
+4. `Save` settings.
+
+:::info Default access
+Users logging in via SSO will automatically join organizations with Automatic User Access enabled, receiving the default Member role unless they already have a different role assigned.
+:::
+
+## SCIM support
+
+SCIM (System for Cross-domain Identity Management) will be supported to:
+- Ingest users and teams.
+- Manage user and team memberships.
+- Delete users and teams.
+
+This ensures seamless integration with existing identity management systems.
\ No newline at end of file

From da76aef8365eda1c5f0436996c1812e8edef4691 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Mon, 8 Sep 2025 10:23:12 +0300
Subject: [PATCH 02/15] added multi-org documentation

---
 docs/sso-rbac/multi-organization.md | 39 +++++++++++++----------------
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index 4a57f534c8..8ffb265f6b 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -4,17 +4,16 @@ sidebar_position: 3
 
 # Multi-organization support
 
-Port's multi-organization feature introduces a multi-organization model inside Port, where a single user can seamlessly move between different organizations without needing separate logins.
-This capability enables better organizational structure management, improved access control across different environments or business units, and streamlined user onboarding.
+Port's multi-organization feature introduces a multi-organization model inside Port, where a single user can seamlessly move between different organizations without needing separate logins. This capability lets companies create multiple organizations, and make it easier to onboard users.
 
 :::info Feature availability
-The **multi-org feature** is available on request and can be enabled only by contacting Port support.
+The **multi-organization feature** is available on request and must be enabled by Port support.  
+To group existing organizations under one account, customers need to provide Port with the relevant `OrgIDs` and the SSO connection to use.
 :::
 
 ## What is multi-organization?
 
-Multi-organization within Port means that users can belong to more than one organization simultaneously.  
-This enables:
+Multi-organization within Port means that users can belong to more than one organization simultaneously, for example, prod and dev. This enables:
 
 - **Cross-organization access**: Users can work across multiple organizations without needing separate accounts.
 - **Seamless switching**: Switch between organizations using the [UI](#switch-organization).
@@ -24,14 +23,15 @@ This enables:
 
 ### Switch organization
 
-To add an organization:
+To add an organization:  
+(TODO: make sure what are the steps here)
 
 1. Go to your [Port application](https://app.port.io).
 2. Click on the logo in the top left corner of the page.
-3. Choose the organization you want to switch to.
+3. Click on the organization you want to switch to.
 
 :::info Login behavior
-Note that when users log in, they automatically access their last visited organization.
+Note that when users log in, they automatically access their **last visited** organization.
 :::
 
 ### User lifecycle status
@@ -44,30 +44,27 @@ A new `staged` user status has been introduced for better user lifecycle managem
 - `Disabled`: User is disabled and cannot use Port.
 
 :::info Migration required
-The Auth0 logic that automatically made `Disabled` statuses `Active` on SSO login has been removed. Customers currently misusing the `Disabled` status will need to migrate to `Staged` status.
+The Auth0 logic that automatically made `Disabled` statuses `Active` on SSO login has been removed. Customers currently using the `Disabled` status will need to migrate to the `Staged` status.
 :::
 
-## Automatic User Access (Just-in-Time / JIT)
+### Automatic user access
 
-The Automatic User Access enables streamlined onboarding for large groups of users:
+Automatic user access makes it easy to onboard large groups of users:
 
-- **Organization settings**: Organization admins can mark an organization as publicly accessible to SSO users.
-- **SSO login**: When users log in via SSO, they automatically gain default `Member` access to the organizations.
+- Organization admins can mark an organization as publicly accessible to SSO users.
+- When users log in via SSO, they automatically get the default `member` role in the organizations.
 
-To enable Automatic User Access:
+To enable automatic user access:  
+(TODO: make sure what are the steps here)
 
 1. Navigate to the organization settings.
 2. Enable "Automatic user access" for the organization.
-3. Configure default role (typically "Member").
-4. `Save` settings.
+3. `Save` settings.
 
-:::info Default access
-Users logging in via SSO will automatically join organizations with Automatic User Access enabled, receiving the default Member role unless they already have a different role assigned.
-:::
-
-## SCIM support
+### SCIM support
 
 SCIM (System for Cross-domain Identity Management) will be supported to:
+
 - Ingest users and teams.
 - Manage user and team memberships.
 - Delete users and teams.

From a89fb2f36f6b5583724168dd4dc69ca0eda7364d Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Mon, 8 Sep 2025 12:42:57 +0300
Subject: [PATCH 03/15] Changed the multi-org page, removed unnecssary and

---
 docs/sso-rbac/multi-organization.md           | 47 ++++---------------
 .../users-and-teams/manage-users-teams.md     |  1 +
 2 files changed, 10 insertions(+), 38 deletions(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index 8ffb265f6b..18be908271 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -4,26 +4,20 @@ sidebar_position: 3
 
 # Multi-organization support
 
-Port's multi-organization feature introduces a multi-organization model inside Port, where a single user can seamlessly move between different organizations without needing separate logins. This capability lets companies create multiple organizations, and make it easier to onboard users.
-
-:::info Feature availability
-The **multi-organization feature** is available on request and must be enabled by Port support.  
-To group existing organizations under one account, customers need to provide Port with the relevant `OrgIDs` and the SSO connection to use.
-:::
-
-## What is multi-organization?
-
 Multi-organization within Port means that users can belong to more than one organization simultaneously, for example, prod and dev. This enables:
 
 - **Cross-organization access**: Users can work across multiple organizations without needing separate accounts.
 - **Seamless switching**: Switch between organizations using the [UI](#switch-organization).
 - **Unified identity**: Maintain a single identity while accessing multiple organizational contexts.
 
-## Key features
+:::info Feature availability
+The **multi-organization feature** is available on request and must be enabled by Port support.  
+To group existing organizations under one account, customers need to provide Port with the relevant `OrgIDs` and the SSO connection to use.
+:::
 
-### Switch organization
+## Switch organizations
 
-To add an organization:  
+In order to switch to a different organization:  
 (TODO: make sure what are the steps here)
 
 1. Go to your [Port application](https://app.port.io).
@@ -34,24 +28,11 @@ To add an organization:
 Note that when users log in, they automatically access their **last visited** organization.
 :::
 
-### User lifecycle status
-
-A new `staged` user status has been introduced for better user lifecycle management:
-
-- `Staged`: User exists but hasn't been invited by email.
-- `Active`: User has logged into Port and can use the portal normally.
-- `Invited`: User was invited to Port via an invitation email.
-- `Disabled`: User is disabled and cannot use Port.
-
-:::info Migration required
-The Auth0 logic that automatically made `Disabled` statuses `Active` on SSO login has been removed. Customers currently using the `Disabled` status will need to migrate to the `Staged` status.
-:::
-
-### Automatic user access
+## Automatic user access
 
 Automatic user access makes it easy to onboard large groups of users:
 
-- Organization admins can mark an organization as publicly accessible to SSO users.
+- Account admins can mark an organization as publicly accessible to SSO users.
 - When users log in via SSO, they automatically get the default `member` role in the organizations.
 
 To enable automatic user access:  
@@ -59,14 +40,4 @@ To enable automatic user access:
 
 1. Navigate to the organization settings.
 2. Enable "Automatic user access" for the organization.
-3. `Save` settings.
-
-### SCIM support
-
-SCIM (System for Cross-domain Identity Management) will be supported to:
-
-- Ingest users and teams.
-- Manage user and team memberships.
-- Delete users and teams.
-
-This ensures seamless integration with existing identity management systems.
\ No newline at end of file
+3. `Save` settings.
\ No newline at end of file
diff --git a/docs/sso-rbac/users-and-teams/manage-users-teams.md b/docs/sso-rbac/users-and-teams/manage-users-teams.md
index 1467acb990..de98567d89 100644
--- a/docs/sso-rbac/users-and-teams/manage-users-teams.md
+++ b/docs/sso-rbac/users-and-teams/manage-users-teams.md
@@ -137,6 +137,7 @@ resource "port_system_blueprint" "user" {
 
 A user can have one of the following statuses at any given time:
 
+- `Staged`: the user exists but hasn't been invited by email.
 - `Active` - the user has logged into Port and can use the portal normally.
 - `Invited` - the user was invited to Port via an invitation email.
 - `Disabled` - the user is disabled and cannot use Port.

From 7c019325825f5862aeafb789d7088bf03c5bec84 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Mon, 8 Sep 2025 13:54:54 +0300
Subject: [PATCH 04/15] Changed to aaron suggested name

---
 docs/sso-rbac/multi-organization.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index 18be908271..c092afc27e 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -2,9 +2,9 @@
 sidebar_position: 3
 ---
 
-# Multi-organization support
+# Multiple organization membership
 
-Multi-organization within Port means that users can belong to more than one organization simultaneously, for example, prod and dev. This enables:
+Multiple organization membership within Port means that users can belong to more than one organization simultaneously, for example, prod and dev. This enables:
 
 - **Cross-organization access**: Users can work across multiple organizations without needing separate accounts.
 - **Seamless switching**: Switch between organizations using the [UI](#switch-organization).

From 069a3fc18676e5ea689dbbdcd4d60ef98fc55ced Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Mon, 8 Sep 2025 14:30:59 +0300
Subject: [PATCH 05/15] Added "add organizations" section

---
 docs/sso-rbac/multi-organization.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index c092afc27e..7b31413ba0 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -11,10 +11,15 @@ Multiple organization membership within Port means that users can belong to more
 - **Unified identity**: Maintain a single identity while accessing multiple organizational contexts.
 
 :::info Feature availability
-The **multi-organization feature** is available on request and must be enabled by Port support.  
+The **multi-organization feature** is available on request and must be enabled by Port's support team.  
 To group existing organizations under one account, customers need to provide Port with the relevant `OrgIDs` and the SSO connection to use.
 :::
 
+## Add organizations
+
+As an `account admin`, you can create new organizations directly from the UI using the `Add organization` (TODO - change it to its actual name) button.
+If you wish to grant `account admin` permissions to another user, please contact Port's support team.
+
 ## Switch organizations
 
 In order to switch to a different organization:  

From dd9e8edceee2fdbc12bbb45d9e286fdb8aa54381 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Mon, 8 Sep 2025 16:40:48 +0300
Subject: [PATCH 06/15] Changed the default status to staged

---
 docs/sso-rbac/users-and-teams/manage-users-teams.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sso-rbac/users-and-teams/manage-users-teams.md b/docs/sso-rbac/users-and-teams/manage-users-teams.md
index de98567d89..ca5cb9a918 100644
--- a/docs/sso-rbac/users-and-teams/manage-users-teams.md
+++ b/docs/sso-rbac/users-and-teams/manage-users-teams.md
@@ -142,7 +142,7 @@ A user can have one of the following statuses at any given time:
 - `Invited` - the user was invited to Port via an invitation email.
 - `Disabled` - the user is disabled and cannot use Port.
 
-By default, all new users are created with the `Disabled` status (no email invitation is sent).
+By default, all new users are created with the `Staged` status (the user exists but hasn't been invited by email).
 
 In your software catalog, admins can access the [Users](https://app.getport.io/_users) page to view and manage all of the user entities in the organization.  
 Here admins can also change a user's status, and invite new users.

From db9f0752941bc79cb2c3f2bf335d68203fad2c88 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Tue, 9 Sep 2025 10:39:53 +0300
Subject: [PATCH 07/15] changed button name

---
 docs/sso-rbac/multi-organization.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index 7b31413ba0..9d864c5e4b 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -17,13 +17,12 @@ To group existing organizations under one account, customers need to provide Por
 
 ## Add organizations
 
-As an `account admin`, you can create new organizations directly from the UI using the `Add organization` (TODO - change it to its actual name) button.
+As an `account admin`, you can create new organizations directly from the UI using the `+ Create new organization` button.
 If you wish to grant `account admin` permissions to another user, please contact Port's support team.
 
 ## Switch organizations
 
 In order to switch to a different organization:  
-(TODO: make sure what are the steps here)
 
 1. Go to your [Port application](https://app.port.io).
 2. Click on the logo in the top left corner of the page.

From 2e1149eb60faa1758ebf0695409f3ad24ebab979 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Wed, 10 Sep 2025 10:50:48 +0300
Subject: [PATCH 08/15] added a section about SSO

---
 docs/sso-rbac/multi-organization.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index 9d864c5e4b..bedcb687d7 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -8,7 +8,6 @@ Multiple organization membership within Port means that users can belong to more
 
 - **Cross-organization access**: Users can work across multiple organizations without needing separate accounts.
 - **Seamless switching**: Switch between organizations using the [UI](#switch-organization).
-- **Unified identity**: Maintain a single identity while accessing multiple organizational contexts.
 
 :::info Feature availability
 The **multi-organization feature** is available on request and must be enabled by Port's support team.  
@@ -44,4 +43,13 @@ To enable automatic user access:
 
 1. Navigate to the organization settings.
 2. Enable "Automatic user access" for the organization.
-3. `Save` settings.
\ No newline at end of file
+3. `Save` settings.
+
+## SSO access to organizations
+
+When users connect with SSO, their access is determined by:
+
+- **Explicit invitations**: Organizations where the user has been explicitly invited.
+- **Automatic user access**: Organizations that have "Automatic User Access" enabled.
+
+On login, Port checks which organizations the user has been explicitly invited to, plus which organizations have automatic user access enabled, and grants access to those organizations only.
\ No newline at end of file

From 48cbb39fa0ebefcafa7d3ce6357e365afa348745 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Mon, 15 Sep 2025 11:10:53 +0300
Subject: [PATCH 09/15] Update the staged status and the multi-org page

---
 docs/sso-rbac/multi-organization.md                 | 8 ++++----
 docs/sso-rbac/users-and-teams/manage-users-teams.md | 7 +++----
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index bedcb687d7..b97d5fe648 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -39,11 +39,11 @@ Automatic user access makes it easy to onboard large groups of users:
 - When users log in via SSO, they automatically get the default `member` role in the organizations.
 
 To enable automatic user access:  
-(TODO: make sure what are the steps here)
 
-1. Navigate to the organization settings.
-2. Enable "Automatic user access" for the organization.
-3. `Save` settings.
+1. Go to the [Builder page](https://app.getport.io/settings/data-model) of your portal.
+2. Click on `Organization settings` in the sidebar.
+3. Enable the "Automatic user access" for the organization.
+4. Click `Save`.
 
 ## SSO access to organizations
 
diff --git a/docs/sso-rbac/users-and-teams/manage-users-teams.md b/docs/sso-rbac/users-and-teams/manage-users-teams.md
index ca5cb9a918..b101246aa1 100644
--- a/docs/sso-rbac/users-and-teams/manage-users-teams.md
+++ b/docs/sso-rbac/users-and-teams/manage-users-teams.md
@@ -135,14 +135,14 @@ resource "port_system_blueprint" "user" {
 
 ### User status
 
-A user can have one of the following statuses at any given time:
+A user can have one of the following statuses at any given time within the scope of a each Port organization:
 
-- `Staged`: the user exists but hasn't been invited by email.
+- `Staged`- the user exists but hasn't been invited by email.
 - `Active` - the user has logged into Port and can use the portal normally.
 - `Invited` - the user was invited to Port via an invitation email.
 - `Disabled` - the user is disabled and cannot use Port.
 
-By default, all new users are created with the `Staged` status (the user exists but hasn't been invited by email).
+By default, all new users are created with the `Staged` status (the user exists but hasn't been invited by email), after login, the user status is set to `Active`.
 
 In your software catalog, admins can access the [Users](https://app.getport.io/_users) page to view and manage all of the user entities in the organization.  
 Here admins can also change a user's status, and invite new users.
@@ -150,7 +150,6 @@ Here admins can also change a user's status, and invite new users.
 #### Limitations
 
 - Only users with a UI/API origin can invite users and change their status.  
-
 - Users cannot change their own status.
 
 ### Ownership

From c9568203953be8a0a1e8c1238e6be0d58a0f50c5 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Mon, 15 Sep 2025 12:48:57 +0300
Subject: [PATCH 10/15] removed the users change from this PR

---
 docs/sso-rbac/multi-organization.md                 | 5 +++--
 docs/sso-rbac/users-and-teams/manage-users-teams.md | 8 ++++----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index b97d5fe648..155629a506 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -11,12 +11,13 @@ Multiple organization membership within Port means that users can belong to more
 
 :::info Feature availability
 The **multi-organization feature** is available on request and must be enabled by Port's support team.  
-To group existing organizations under one account, customers need to provide Port with the relevant `OrgIDs` and the SSO connection to use.
+To group existing organizations under one account, customers need to provide Port with the relevant `OrgIDs` and the SSO connection to use.  
+Organizations can be grouped only if they are in the same region.
 :::
 
 ## Add organizations
 
-As an `account admin`, you can create new organizations directly from the UI using the `+ Create new organization` button.
+As an `account admin` of a paid account, you can create new organizations directly from the UI using the `+ Create new organization` button.
 If you wish to grant `account admin` permissions to another user, please contact Port's support team.
 
 ## Switch organizations
diff --git a/docs/sso-rbac/users-and-teams/manage-users-teams.md b/docs/sso-rbac/users-and-teams/manage-users-teams.md
index b101246aa1..eb8bc8ceb3 100644
--- a/docs/sso-rbac/users-and-teams/manage-users-teams.md
+++ b/docs/sso-rbac/users-and-teams/manage-users-teams.md
@@ -135,14 +135,13 @@ resource "port_system_blueprint" "user" {
 
 ### User status
 
-A user can have one of the following statuses at any given time within the scope of a each Port organization:
+A user can have one of the following statuses at any given time:
 
-- `Staged`- the user exists but hasn't been invited by email.
-- `Active` - the user has logged into Port and can use the portal normally.
+- `Active`  - the user has logged into Port and can use the portal normally.
 - `Invited` - the user was invited to Port via an invitation email.
 - `Disabled` - the user is disabled and cannot use Port.
 
-By default, all new users are created with the `Staged` status (the user exists but hasn't been invited by email), after login, the user status is set to `Active`.
+By default, all new users are created with the `Disabled` status (no email invitation is sent).  
 
 In your software catalog, admins can access the [Users](https://app.getport.io/_users) page to view and manage all of the user entities in the organization.  
 Here admins can also change a user's status, and invite new users.
@@ -150,6 +149,7 @@ Here admins can also change a user's status, and invite new users.
 #### Limitations
 
 - Only users with a UI/API origin can invite users and change their status.  
+
 - Users cannot change their own status.
 
 ### Ownership

From c0faa471b6c571f2283e8d152c53c610444786f8 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Mon, 15 Sep 2025 12:49:44 +0300
Subject: [PATCH 11/15] removed spaces

---
 docs/sso-rbac/users-and-teams/manage-users-teams.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sso-rbac/users-and-teams/manage-users-teams.md b/docs/sso-rbac/users-and-teams/manage-users-teams.md
index eb8bc8ceb3..1467acb990 100644
--- a/docs/sso-rbac/users-and-teams/manage-users-teams.md
+++ b/docs/sso-rbac/users-and-teams/manage-users-teams.md
@@ -137,11 +137,11 @@ resource "port_system_blueprint" "user" {
 
 A user can have one of the following statuses at any given time:
 
-- `Active`  - the user has logged into Port and can use the portal normally.
+- `Active` - the user has logged into Port and can use the portal normally.
 - `Invited` - the user was invited to Port via an invitation email.
 - `Disabled` - the user is disabled and cannot use Port.
 
-By default, all new users are created with the `Disabled` status (no email invitation is sent).  
+By default, all new users are created with the `Disabled` status (no email invitation is sent).
 
 In your software catalog, admins can access the [Users](https://app.getport.io/_users) page to view and manage all of the user entities in the organization.  
 Here admins can also change a user's status, and invite new users.

From 15e59b67ea5e08447a2372b70760df6664d06e9a Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Mon, 15 Sep 2025 14:37:19 +0300
Subject: [PATCH 12/15] fix aaron's note about account admins in automatic user
 access

---
 docs/sso-rbac/multi-organization.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index 155629a506..a3e4454b59 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -36,7 +36,7 @@ Note that when users log in, they automatically access their **last visited** or
 
 Automatic user access makes it easy to onboard large groups of users:
 
-- Account admins can mark an organization as publicly accessible to SSO users.
+- Account admins and admins can mark an organization as publicly accessible to SSO users.
 - When users log in via SSO, they automatically get the default `member` role in the organizations.
 
 To enable automatic user access:  

From 580c96ce9919d6c171069d19bae5ba0cc7b3f44e Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Tue, 16 Sep 2025 16:27:45 +0300
Subject: [PATCH 13/15] checked some of the flow on staging

---
 docs/sso-rbac/multi-organization.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index a3e4454b59..d0c5322552 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -15,9 +15,9 @@ To group existing organizations under one account, customers need to provide Por
 Organizations can be grouped only if they are in the same region.
 :::
 
-## Add organizations
+## Create an organization
 
-As an `account admin` of a paid account, you can create new organizations directly from the UI using the `+ Create new organization` button.
+As an `account admin` of a paid account, you can create new organizations directly from the UI using the `+ Create Organization` button.
 If you wish to grant `account admin` permissions to another user, please contact Port's support team.
 
 ## Switch organizations
@@ -43,7 +43,7 @@ To enable automatic user access:
 
 1. Go to the [Builder page](https://app.getport.io/settings/data-model) of your portal.
 2. Click on `Organization settings` in the sidebar.
-3. Enable the "Automatic user access" for the organization.
+3. In the `Settings` tab, enable the "Automatic user access" for the organization.
 4. Click `Save`.
 
 ## SSO access to organizations

From 743f1af80304b5120870f826c6034eaa8792a753 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Wed, 17 Sep 2025 14:35:42 +0300
Subject: [PATCH 14/15] added steps to create an organization

---
 docs/sso-rbac/multi-organization.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index d0c5322552..36aca25465 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -17,7 +17,13 @@ Organizations can be grouped only if they are in the same region.
 
 ## Create an organization
 
-As an `account admin` of a paid account, you can create new organizations directly from the UI using the `+ Create Organization` button.
+As an `account admin` of a paid account, you can create new organizations directly from the UI:
+
+1. Go to your [Port application](https://app.port.io).
+2. Click on the logo in the top left corner of the page.
+3. Click on the `+ Create Organization` button.
+4. Follow the steps to create a new organization.
+
 If you wish to grant `account admin` permissions to another user, please contact Port's support team.
 
 ## Switch organizations

From 8306d29e5fc5fe7ca95ba323823a6904e7cae1d1 Mon Sep 17 00:00:00 2001
From: Sivan Elkabes <sivane@getport.io>
Date: Thu, 18 Sep 2025 15:37:01 +0300
Subject: [PATCH 15/15] added Aaron's note about the account admin being a
 permission and not a role

---
 docs/sso-rbac/multi-organization.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/docs/sso-rbac/multi-organization.md b/docs/sso-rbac/multi-organization.md
index 36aca25465..f8eab80ca6 100644
--- a/docs/sso-rbac/multi-organization.md
+++ b/docs/sso-rbac/multi-organization.md
@@ -17,7 +17,7 @@ Organizations can be grouped only if they are in the same region.
 
 ## Create an organization
 
-As an `account admin` of a paid account, you can create new organizations directly from the UI:
+As a user with `account admin` permissions on a paid account, you can create new organizations directly from the UI:
 
 1. Go to your [Port application](https://app.port.io).
 2. Click on the logo in the top left corner of the page.
@@ -26,6 +26,10 @@ As an `account admin` of a paid account, you can create new organizations direct
 
 If you wish to grant `account admin` permissions to another user, please contact Port's support team.
 
+:::info Account admin permission
+`Account admin` is a permission that can be granted in addition to a user's existing role (`admin`, `moderator`, or `member`).
+:::
+
 ## Switch organizations
 
 In order to switch to a different organization:  
@@ -42,7 +46,7 @@ Note that when users log in, they automatically access their **last visited** or
 
 Automatic user access makes it easy to onboard large groups of users:
 
-- Account admins and admins can mark an organization as publicly accessible to SSO users.
+- Users with account admin permissions and organization admins can mark an organization as publicly accessible to SSO users.
 - When users log in via SSO, they automatically get the default `member` role in the organizations.
 
 To enable automatic user access: