> ## Documentation Index > Fetch the complete documentation index at: https://docs.nscale.com/llms.txt > Use this file to discover all available pages before exploring further. # Update organization > Update an organization. ## OpenAPI ````yaml /openapi/identity-openapi.yaml put /api/v1/organizations/{organizationID} openapi: 3.0.3 info: title: Identity API description: >- The Identity API provides an OIDC compliant interface for use with all official and 3rd party services and proxies. As its intended use is for multi-tenant cloud deployments, it acts as an aggregation layer for other 3rd party OIDC services, dispatching login requests to the required OIDC backend. Token introspection forms the basis of role based access control across all APIs. For security purposes, access tokens and refresh tokens are limited to a single session per client, thus if they are being consumed by a horizontally scalable platform care must be taken to ensure token rotation is handled atomically by a single process, and the tokens are distributed to each service instance synchronously. version: 1.11.0 servers: - url: https://identity.nks.europe-west4.nscale.com security: [] paths: /api/v1/organizations/{organizationID}: description: |- Allows management of organizations. An organization may use ad hoc authentication, where users select their identity provider manually, or domain based authentication where, provided with an email address, the domain is matched against the organization and the identity provider implicitly selected. Domain based authentication allows integration with user provided OIDC compliant identity services. parameters: - $ref: '#/components/parameters/organizationIDParameter' put: tags: - Organizations summary: Update organization description: Update an organization. requestBody: $ref: '#/components/requestBodies/updateOrganizationRequest' responses: '200': description: Organization successfully updated and returned. '401': $ref: '#/components/responses/unauthorizedResponse' '403': $ref: '#/components/responses/forbiddenResponse' '500': $ref: '#/components/responses/internalServerErrorResponse' security: - oauth2Authentication: [] components: parameters: organizationIDParameter: name: organizationID in: path description: An organization ID. required: true schema: type: string requestBodies: updateOrganizationRequest: description: Body required to update an organization. required: true content: application/json: schema: $ref: '#/components/schemas/organizationWrite' example: metadata: name: acme description: Acme.com's organization. spec: organizationType: adhoc responses: unauthorizedResponse: description: Authentication failed or the access token has expired. content: application/json: schema: $ref: '#/components/schemas/error' example: error: access_denied error_description: authentication failed forbiddenResponse: description: >- Request was denied by authorization, this may be caused by the authorization token not having the required scope for an API, or the user doesn't have the necessary privileges on the provider platform. content: application/json: schema: $ref: '#/components/schemas/error' example: error: forbidden error_description: user credentials do not have the required privileges internalServerErrorResponse: description: >- An unexpected or unhandled error occurred. This may be a transient error and may succeed on a retry. If this isn't the case, please report it as an issue. content: application/json: schema: $ref: '#/components/schemas/error' example: error: server_error error_description: failed to token claim schemas: organizationWrite: description: An organization when created or updated. type: object required: - metadata - spec properties: metadata: $ref: '#/components/schemas/resourceMetadata' spec: $ref: '#/components/schemas/organizationSpec' error: description: Generic error message, compatible with oauth2. type: object required: - error - error_description properties: error: description: >- A terse error string expanding on the HTTP error code. Errors are based on the OAuth 2.02 specification, but are expanded with proprietary status codes for APIs other than those specified by OAuth 2.02. type: string enum: - invalid_request - server_error - access_denied - not_found - conflict - method_not_allowed - unsupported_media_type - request_entity_too_large - forbidden error_description: description: Verbose message describing the error. type: string resourceMetadata: description: Metadata required for all API resource reads and writes. required: - name properties: name: $ref: '#/components/schemas/kubernetesLabelValue' description: description: >- The resource description, this optionally augments the name with more context. type: string tags: $ref: '#/components/schemas/tagList' organizationSpec: description: An organization. type: object required: - organizationType properties: organizationType: $ref: '#/components/schemas/organizationType' domain: description: The email domain of the organization. type: string format: hostname providerScope: $ref: '#/components/schemas/providerScope' providerID: description: >- The ID of the provider to use, the scope is determined by useCustomProvider. If false, this refers to a built in provider, if true, then to an organization specific one. type: string googleCustomerID: description: >- When set this identifies the customer ID for the google managed organization. This field is currently unused. type: string kubernetesLabelValue: description: >- A valid Kubernetes label value, typically used for resource names that can be indexed in the database. type: string pattern: ^[0-9A-Za-z](?:[0-9A-Za-z-_.]{0,61}[0-9A-Za-z])?$ tagList: description: A list of tags. type: array items: $ref: '#/components/schemas/tag' organizationType: description: >- Describes the authentication method of the organization. Ad hoc authentication means that users are exclusively added via explicit group membership And must use a 'sign-in via' option. Domain authentication means that users may login via their email address, must in the case of custom identity providers, that maps from domain to an identity provider. type: string enum: - adhoc - domain providerScope: description: >- Describes how to lookup the provider, when "global", use a built in generic provider e.g. Google/Microsoft, when "organization", use an organization scoped provider. type: string enum: - global - organization tag: description: >- A tag mapping arbitrary names to values. These have no special meaning for any component are are intended for use by end users to add additional context to a resource, for example to categorize it. type: object required: - name - value properties: name: description: A unique tag name. type: string value: description: The value of the tag. type: string securitySchemes: oauth2Authentication: description: Operation requires OAuth 2.0 bearer token authentication. type: oauth2 flows: authorizationCode: authorizationUrl: https://identity.nks.europe-west4.nscale.com/oauth2/v2/authorization tokenUrl: https://identity.nks.europe-west4.nscale.com/oauth2/v2/token scopes: {} ````