Organizations & Sub-Organizations
Your organization gets its own private space on ZKey — users, apps, branding, and login rules that belong only to you. When you need to expand, create a sub-organization in seconds: a regional office, a department, a customer account. Sub-organizations inherit your defaults but run entirely their own way — their own login methods, their own look, their own security policies. Data never crosses boundaries. No one inside one organization can see or reach another.
Complete Data Isolation
Users, applications, sessions, OTP codes, and audit logs are all scoped to their organization. A user in Organization A has zero access to Organization B data — enforced at the query level, not just by application logic. The PostgreSQL schema uses organization-scoped IDs on every relevant table with enforced foreign key constraints.
Organization Hierarchy
Any organization can create sub-organizations beneath it. Sub-organizations inherit the parent's configuration defaults — auth policies, branding, OTP providers, allowed redirect URIs — but can override any setting independently. This makes it easy to manage a group of teams, business units, or customer accounts from a single parent organization without losing per-group flexibility.
Per-Organization Branding
Login pages, email templates, and error pages are fully customizable per organization — logo, colors, domain, and copy. Branding is served from the ZKey CDN and cached at the edge. White-label deployments are supported with custom domain mapping, so each organization can present its own identity to its users.
