Skip to main content

Invite users to your Organization

Organization invitations let you add new members to your Organization. When you send an invitation, Clerk sends an email to the invited user with a unique invitation link. When the user visits the Organization invitation link, Clerk redirects them to the Account Portal sign-in page. If the user is already signed in, Clerk redirects them to your application's homepage (/). If you want to redirect the user to a specific page in your application, you can specify a redirect URL when creating the invitation.

By default, only admins can invite users to an Organization.

This feature requires that Email is enabled, as Clerk uses the user's email address to send the invitation. If you don't want to enable Email for your application, you can bypass the invitation flow completely and add existing users directly to the Organization with the createOrganizationMembership() method. Because this method requires the user's ID, the user must already have a Clerk account.

When to use invitations

Invitations work well when you need precise control over who joins your Organization and which Role they receive. This approach fits scenarios where:

  • Teams are small and members are known in advance.
  • Onboarding requires manual approval or review.
  • Specific Roles need to be assigned during the invitation.

If you want to streamline enrollment for users with company email addresses, consider Verified Domains, which can automatically invite users based on their email domain. If customers require centralized authentication through their Identity Provider, use Enterprise SSO.

Create an invitation

Clerk's prebuilt components and Account Portal pages manage all Organization invitation flows, including creating, managing, and accepting invitations.

However, if you want to build , see the following sections.

Client-side

To create an Organization invitation on the client-side, see the dedicated guide. Note that this uses the organizations.inviteMember() method, which does not let you specify a redirect URL; the invitation links will always redirect to the Account Portal sign-in page. If you want to specify a redirect URL, you must create the invitation on the server-side.

Server-side

To create Organization invitations on the server-side, use the Backend API by either calling the endpoint directly or using clerkClient. clerkClient is a wrapper around the Backend API that makes it easier to interact with the API. If you receive a 429 response, respect the Retry-After header before retrying.

Use the following tabs to see examples for each method.

The following example demonstrates how to send a single Organization invitation using the POST /v1/organizations/{organization_id}/invitations endpoint. This endpoint is rate limited to 250 requests per hour per application instance.

terminal
curl 'https://api.clerk.com/v1/organizations/{org_123}/invitations' \
-X POST \
-H 'Authorization: Bearer YOUR_SECRET_KEY' \
-H 'Content-Type: application/json' \
-d '{ "inviter_user_id": "user_123", "email_address": "email@example.com", "role": "org:member" }'

The following example demonstrates how to send multiple Organization invitations in one request using the POST /v1/organizations/{organization_id}/invitations/bulk endpoint. This endpoint is limited to a maximum of 10 invitations per API call. If you need to send more invitations, please make multiple requests. This endpoint is rate limited to 50 requests per hour per application instance.

terminal
curl 'https://api.clerk.com/v1/organizations/{org_123}/invitations/bulk' \
-X POST \
-H 'Authorization: Bearer YOUR_SECRET_KEY' \
-H 'Content-Type: application/json' \
-d '[{ "inviter_user_id": "user_123", "email_address": "email123@example.com", "role": "org:member" }, { "inviter_user_id": "user_456", "email_address": "email456@example.com", "role": "org:member" }]'

To use clerkClient to send a single invitation, see the createOrganizationInvitation() reference documentation. To invite multiple users in one request, see the createOrganizationInvitationBulk() reference documentation.

Redirect URL

When you create an invitation, you can specify a redirect_url parameter. This parameter tells Clerk where to redirect the user when they visit the invitation link.

The following example demonstrates how to set the redirect_url parameter on the POST /v1/organizations/{organization_id}/invitations endpoint.

terminal
curl 'https://api.clerk.com/v1/organizations/{org_123}/invitations' \
  -X POST \
  -H 'Authorization: Bearer YOUR_SECRET_KEY' \
  -H 'Content-Type: application/json' \
  -d '{ "inviter_user_id": "user_123", "email_address": "email@example.com", "role": "org:member", "redirect_url": "https://www.example.com/accept-invitation" }'

createOrganizationInvitation() accepts a redirectUrl parameter. For createOrganizationInvitationBulk(), set redirectUrl on each invitation object in the params array.

Once the user visits the invitation link, they will be redirected to the page you specified. On that page, you must handle the authentication flow in your code. You can either embed the <SignIn /> component or, if the prebuilt component doesn't meet your needs or you require more control over the logic, you can build a custom flow.

Tip

To test redirect URLs in your development environment, pass your port. For example, http://localhost:3000/accept-invitation.

Invitation metadata

You can also add metadata to an invitation when creating the invitation through the Backend API. Once the invited user signs up using the invitation link, Clerk stores the invitation metadata (OrganizationInvitation.publicMetadata) in the Organization membership's metadata (OrganizationMembership.publicMetadata). For more details on Organization membership metadata, see the OrganizationMembership reference.

The following example demonstrates how to set the public_metadata parameter on the POST /v1/organizations/{organization_id}/invitations endpoint.

terminal
curl 'https://api.clerk.com/v1/organizations/{org_123}/invitations' \
  -X POST \
  -H 'Authorization: Bearer YOUR_SECRET_KEY' \
  -H 'Content-Type: application/json' \
  -d '{ "inviter_user_id": "user_123", "email_address": "email@example.com", "role": "org:member", "public_metadata": {"department": "marketing"} }'

createOrganizationInvitation() accepts a publicMetadata parameter. For createOrganizationInvitationBulk(), set publicMetadata on each invitation object in the params array.

Revoke an invitation

Revoking an invitation prevents the user from using the invitation link that was sent to them.

Client-side

To revoke an invitation client-side, see the dedicated guide.

Server-side

To revoke an invitation server-side, use the Backend API by either calling the endpoint directly or using clerkClient. clerkClient is a wrapper around the Backend API that makes it easier to interact with the API.

Use the following tabs to see examples for each method.

The following example demonstrates how to revoke an invitation using the POST /v1/organizations/{organization_id}/invitations/{invitation_id}/revoke endpoint.

terminal
curl 'https://api.clerk.com/v1/organizations/{org_123}/invitations/{inv_123}/revoke' \
  -X POST \
  -H 'Authorization: Bearer YOUR_SECRET_KEY' \
  -H 'Content-Type: application/json' \
  -d '{ "requesting_user_id": "user_123" }'

To use clerkClient to revoke an Organization invitation, see the revokeOrganizationInvitation() reference documentation.

Next steps

Now that you understand how to invite users to your Organization, you can:

Add custom Organization metadata

Learn how to store custom information about an Organization that is not part of the standard fields.

Configure Organization settings

Learn how to configure Organization settings.

Set up Enterprise SSO Connections

Learn how to set up Enterprise SSO Connections for centralized authentication through an Identity Provider.

Set up Roles and Permissions

Learn how to set up Roles and Permissions to control what invited users can access.

Feedback

What did you think of this content?

Last updated on

GitHubEdit on GitHub