Organizations & Members
How multi-org workspaces, member roles, and team invites work in the boilerplate.
Overview
Every user can belong to one or more organizations (workspaces). Each organization has its own members, roles, and subscription. Users switch between organizations from the sidebar — no separate logins required.
| Concept | What it means |
|---|---|
| Organization | A workspace with its own members and billing |
| Member | A user who belongs to an organization |
| Role | A permission level assigned to each member |
| Invite | An email sent via Resend to add a new member |
How Organizations Work
Creating an Organization
New users are taken through an onboarding flow after signing up:
- Profile setup — set display name and avatar (
/onboarding/profile-setup) - Org setup — create the first organization (
/onboarding/org-setup)
After onboarding, the user is redirected to their organization dashboard at /org/[orgId]/dashboard.
Multiple Organizations
A user can create or join multiple organizations. The active organization is reflected in the URL (/org/[orgId]/...) and can be switched from the sidebar at any time.
Member Roles
Roles are seeded into the roles table during database setup. The boilerplate ships with sensible defaults — you can add custom roles directly in the database or via a migration.
Each organization member has exactly one role. Role names are fetched from the roles table and displayed in the members UI.
To add a custom role, insert a row into the roles table in your Supabase
dashboard or via a migration, then assign it when inviting members.
Inviting Members
Open the Members Page
Navigate to your organization → Members (/org/[orgId]/members).
You'll see a list of current members with their roles.
Send an Invite
Click Invite Member, enter the person's email, and select a role.
The boilerplate:
- Creates a record in
organization_invites - Generates a signed JWT invite token
- Sends a branded email via Resend with the invite link
Make sure RESEND_API_KEY and a verified sender domain are configured,
otherwise invite emails won't be delivered.
Accepting an Invite
When the recipient clicks the link in the email:
- If they don't have an account, they're taken to sign-up first
- After signing in, they're redirected to
/accept-invite?token=... - The token is validated, the invite record is removed, and they're added as a member
Managing Members
From the Members page (/org/[orgId]/members) you can:
- View all current members and their roles
- Remove a member from the organization
- View pending invites at
/org/[orgId]/members/invitesand cancel them if needed
Organization Settings
Each organization has a Settings page (/org/[orgId]/settings) where you can:
- Update the organization name
- Upload or change the organization logo
Database Tables
| Table | Purpose |
|---|---|
organizations | Stores org name, logo, timestamps |
organization_members | Links users to orgs with a role |
organization_invites | Pending invites (email + role + org) |
roles | Available roles (seeded on setup) |
All tables are protected by Row Level Security (RLS) policies — members can only read data from organizations they belong to.
Troubleshooting
Invite email not received
- Check
RESEND_API_KEYin your.envfile - Verify your sender domain at resend.com/domains
- Check the Resend dashboard logs for delivery errors
Accept-invite link throws an error
- The JWT token may have expired — resend the invite from the pending invites page
- Confirm
JWT_SECRET_KEYis the same value used when the invite was created
User lands on onboarding again after signing up via invite
- This is expected if they haven't completed profile setup yet — onboarding runs first, then the invite is accepted