Enterprise
Organizations & Teams
Collaborate with your team. Manage access with fine-grained permissions, SSO integration, and organization-scoped API keys.
Teams
Unlimited members
RBAC
4 role levels
Scoped Keys
Per-org API keys
SSO
SAML / OIDC
Team Management
Acme Corporation
AC
Alice Chen
alice@company.com
Owner
BS
Bob Smith
bob@company.com
Admin
CD
Carol Davis
carol@company.com
Developer
DW
Dan Wilson
dan@company.com
PendingViewer
Roles & Permissions
Permission Matrix
| Permission | Owner | Admin | Developer | Viewer |
|---|---|---|---|---|
| Manage Billing | — | — | — | |
| Manage Members | — | — | ||
| Create API Keys | — | |||
| Run Valuations | — | |||
| View Analytics | ||||
| Delete Organization | — | — | — |
API Examples
Create Organization
# Create a new organization
curl -X POST https://api.justkalm.com/v2/organizations \
-H "Authorization: Bearer jk_live_xxx" \
-H "Content-Type: application/json" \
-d '{
"name": "Acme Corporation",
"slug": "acme-corp",
"billing_email": "billing@acme.com"
}'
# Response
{
"id": "org_K7j9mNpQ",
"name": "Acme Corporation",
"slug": "acme-corp",
"created_at": "2024-01-15T10:30:00Z",
"owner": {
"id": "user_abc123",
"email": "alice@acme.com"
}
}Invite Team Member
# Invite a team member
curl -X POST https://api.justkalm.com/v2/organizations/org_K7j9mNpQ/invitations \
-H "Authorization: Bearer jk_live_xxx" \
-H "Content-Type: application/json" \
-d '{
"email": "bob@acme.com",
"role": "developer",
"expires_in": "7d"
}'
# Response
{
"invitation_id": "inv_L8k0nOrR",
"email": "bob@acme.com",
"role": "developer",
"status": "pending",
"expires_at": "2024-01-22T10:30:00Z",
"invite_url": "https://justkalm.com/join/inv_L8k0nOrR"
}Create Scoped API Key
# Create API key scoped to organization
curl -X POST https://api.justkalm.com/v2/organizations/org_K7j9mNpQ/api-keys \
-H "Authorization: Bearer jk_live_xxx" \
-H "Content-Type: application/json" \
-d '{
"name": "Production API Key",
"permissions": ["valuations:write", "analytics:read"],
"ip_whitelist": ["192.168.1.0/24"],
"rate_limit_override": 2000
}'
# Response
{
"key_id": "key_M9l1pPsS",
"key": "jk_live_org_xxx", // Only shown once!
"name": "Production API Key",
"organization_id": "org_K7j9mNpQ",
"permissions": ["valuations:write", "analytics:read"],
"created_at": "2024-01-15T10:35:00Z"
}Configure SAML SSOEnterprise
# Configure SAML SSO (Enterprise)
curl -X PUT https://api.justkalm.com/v2/organizations/org_K7j9mNpQ/sso \
-H "Authorization: Bearer jk_live_xxx" \
-H "Content-Type: application/json" \
-d '{
"provider": "okta",
"sso_url": "https://acme.okta.com/app/xxx/sso/saml",
"entity_id": "https://acme.okta.com/xxx",
"certificate": "-----BEGIN CERTIFICATE-----\n...",
"require_sso": true,
"auto_provision": true,
"default_role": "developer"
}'Supported SSO Providers
🔐
Okta
☁️
Azure AD
🔵
Google Workspace
🔑
OneLogin
🔒
Auth0
🏓
PingIdentity
☁️
JumpCloud
⚙️
Custom SAML
Best Practices
Use Least Privilege
Assign the minimum role needed. Viewers for dashboards, Developers for API access, Admins for team management.
Enable SSO
For organizations with 10+ members, SSO simplifies onboarding, offboarding, and ensures consistent access policies.
Multiple Owners
Always have at least 2 Owners to prevent lockout if one leaves the organization or loses access.
Scope API Keys
Create separate API keys per service with only needed permissions. Use IP whitelists for production keys.
Ready to Collaborate?
Create an organization and invite your team. Free plans include unlimited team members.