> ## Documentation Index > Fetch the complete documentation index at: https://docs.nscale.com/llms.txt > Use this file to discover all available pages before exploring further. # List organizations > Returns a list of organizations that the user is a member of. If an email address is provided in the query this allows a user with sufficient privilege to check if a given user is a member of any organizations. ## OpenAPI ````yaml /openapi/identity-openapi.yaml get /api/v1/organizations openapi: 3.0.3 info: title: Identity API description: >- The Identity API provides an OIDC compliant interface for use with all official and 3rd party services and proxies. As its intended use is for multi-tenant cloud deployments, it acts as an aggregation layer for other 3rd party OIDC services, dispatching login requests to the required OIDC backend. Token introspection forms the basis of role based access control across all APIs. For security purposes, access tokens and refresh tokens are limited to a single session per client, thus if they are being consumed by a horizontally scalable platform care must be taken to ensure token rotation is handled atomically by a single process, and the tokens are distributed to each service instance synchronously. version: 1.11.0 servers: - url: https://identity.nks.europe-west4.nscale.com security: [] paths: /api/v1/organizations: description: |- Allows management of organizations. An organization may use ad hoc authentication, where users select their identity provider manually, or domain based authentication where, provided with an email address, the domain is matched against the organization and the identity provider implicitly selected. Domain based authentication allows integration with user provided OIDC compliant identity services. get: tags: - Organizations summary: List organizations description: >- Returns a list of organizations that the user is a member of. If an email address is provided in the query this allows a user with sufficient privilege to check if a given user is a member of any organizations. parameters: - $ref: '#/components/parameters/userEmailParameter' responses: '200': $ref: '#/components/responses/organizationsResponse' '401': $ref: '#/components/responses/unauthorizedResponse' '403': $ref: '#/components/responses/forbiddenResponse' '404': $ref: '#/components/responses/notFoundResponse' '500': $ref: '#/components/responses/internalServerErrorResponse' security: - oauth2Authentication: [] components: parameters: userEmailParameter: name: email in: query description: A user's email address. schema: type: string responses: organizationsResponse: description: A list of organizations. content: application/json: schema: $ref: '#/components/schemas/organizations' example: - metadata: id: a142f641-7fd6-4ab9-a875-344c7ebadc53 name: acme-corp creationTime: '2024-05-31T14:11:00Z' provisioningStatus: provisioned healthStatus: healthy spec: organizationType: domain domain: acme.corp providerID: b6ec241d-e3b4-4afc-a7aa-500fcb650d8e unauthorizedResponse: description: Authentication failed or the access token has expired. content: application/json: schema: $ref: '#/components/schemas/error' example: error: access_denied error_description: authentication failed forbiddenResponse: description: >- Request was denied by authorization, this may be caused by the authorization token not having the required scope for an API, or the user doesn't have the necessary privileges on the provider platform. content: application/json: schema: $ref: '#/components/schemas/error' example: error: forbidden error_description: user credentials do not have the required privileges notFoundResponse: description: Unable to find a resource. content: application/json: schema: $ref: '#/components/schemas/error' example: error: not_found error_description: the requested resource does not exist internalServerErrorResponse: description: >- An unexpected or unhandled error occurred. This may be a transient error and may succeed on a retry. If this isn't the case, please report it as an issue. content: application/json: schema: $ref: '#/components/schemas/error' example: error: server_error error_description: failed to token claim schemas: organizations: description: A list of organizations. type: array items: $ref: '#/components/schemas/organizationRead' error: description: Generic error message, compatible with oauth2. type: object required: - error - error_description properties: error: description: >- A terse error string expanding on the HTTP error code. Errors are based on the OAuth 2.02 specification, but are expanded with proprietary status codes for APIs other than those specified by OAuth 2.02. type: string enum: - invalid_request - server_error - access_denied - not_found - conflict - method_not_allowed - unsupported_media_type - request_entity_too_large - forbidden error_description: description: Verbose message describing the error. type: string organizationRead: description: An organization when read. type: object required: - metadata - spec properties: metadata: $ref: '#/components/schemas/resourceReadMetadata' spec: $ref: '#/components/schemas/organizationSpec' resourceReadMetadata: description: Metadata required by all resource reads. allOf: - $ref: '#/components/schemas/staticResourceMetadata' - type: object required: - provisioningStatus - healthStatus properties: deletionTime: description: The time the resource was deleted. type: string format: date-time provisioningStatus: $ref: '#/components/schemas/resourceProvisioningStatus' healthStatus: $ref: '#/components/schemas/resourceHealthStatus' organizationSpec: description: An organization. type: object required: - organizationType properties: organizationType: $ref: '#/components/schemas/organizationType' domain: description: The email domain of the organization. type: string format: hostname providerScope: $ref: '#/components/schemas/providerScope' providerID: description: >- The ID of the provider to use, the scope is determined by useCustomProvider. If false, this refers to a built in provider, if true, then to an organization specific one. type: string googleCustomerID: description: >- When set this identifies the customer ID for the google managed organization. This field is currently unused. type: string staticResourceMetadata: description: | This metadata is for resources that just exist, and don't require any provisioning and health status, but benefit from a standardized metadata format. type: object allOf: - $ref: '#/components/schemas/resourceMetadata' - type: object required: - id - creationTime properties: id: description: The unique resource ID. type: string creationTime: description: The time the resource was created. type: string format: date-time createdBy: description: The user who created the resource. type: string modifiedTime: description: The time a resource was updated. type: string format: date-time modifiedBy: description: The user who updated the resource. type: string resourceProvisioningStatus: description: The provisioning state of a resource. type: string enum: - unknown - provisioning - provisioned - deprovisioning - error resourceHealthStatus: description: The health state of a resource. type: string enum: - unknown - healthy - degraded - error organizationType: description: >- Describes the authentication method of the organization. Ad hoc authentication means that users are exclusively added via explicit group membership And must use a 'sign-in via' option. Domain authentication means that users may login via their email address, must in the case of custom identity providers, that maps from domain to an identity provider. type: string enum: - adhoc - domain providerScope: description: >- Describes how to lookup the provider, when "global", use a built in generic provider e.g. Google/Microsoft, when "organization", use an organization scoped provider. type: string enum: - global - organization resourceMetadata: description: Metadata required for all API resource reads and writes. required: - name properties: name: $ref: '#/components/schemas/kubernetesLabelValue' description: description: >- The resource description, this optionally augments the name with more context. type: string tags: $ref: '#/components/schemas/tagList' kubernetesLabelValue: description: >- A valid Kubernetes label value, typically used for resource names that can be indexed in the database. type: string pattern: ^[0-9A-Za-z](?:[0-9A-Za-z-_.]{0,61}[0-9A-Za-z])?$ tagList: description: A list of tags. type: array items: $ref: '#/components/schemas/tag' tag: description: >- A tag mapping arbitrary names to values. These have no special meaning for any component are are intended for use by end users to add additional context to a resource, for example to categorize it. type: object required: - name - value properties: name: description: A unique tag name. type: string value: description: The value of the tag. type: string securitySchemes: oauth2Authentication: description: Operation requires OAuth 2.0 bearer token authentication. type: oauth2 flows: authorizationCode: authorizationUrl: https://identity.nks.europe-west4.nscale.com/oauth2/v2/authorization tokenUrl: https://identity.nks.europe-west4.nscale.com/oauth2/v2/token scopes: {} ````