Organizations
An organization is the top-level entity in SyVault that groups users, teams, shared folders, policies, and billing under a single administrative boundary. Every business deployment starts by creating an organization.
Creating an Organization
- Log in to the web vault and navigate to Settings > Organizations > Create Organization.
- Enter an Organization Name (e.g., "Acme Corp"). This is the display name shown throughout the Admin Console and in member invitations.
- Choose an Organization Slug -- a URL-safe identifier used in SSO Entity IDs and SCIM endpoints (e.g.,
acme-corp). The slug must be globally unique and can only contain lowercase letters, numbers, and hyphens. - Select a Plan and complete billing setup.
The organization slug cannot be changed after creation because it is embedded in SAML Entity IDs and SCIM endpoint URLs. Choose carefully.
Plans and Member Limits
SyVault offers five plans, each designed for a different scale of deployment:
| Plan | Seats | Key Features |
|---|---|---|
| Free | 1 | Individual vault (1 vault), unlimited records, 2FA, Travel Mode |
| Developer | 1 | Adds Secrets Manager (3 apps), CLI/SDK, unlimited vaults |
| Teams | Per-seat billing | Shared folders, teams, audit log, emergency access, org sharing |
| Business | Per-seat billing | SSO (SAML 2.0), SCIM provisioning, SIEM, compliance reports, enforcement policies, 10 SM apps |
| Enterprise | Per-seat billing | Dynamic secrets, custom branding, attestation badges, unlimited SM apps, dedicated support |
All plans include AES-256-GCM encryption, Argon2id key derivation, per-record encryption keys, and the full zero-knowledge architecture. The plans differ in collaboration, compliance, and administrative features.
Paid tiers (Teams, Business, Enterprise) bill per seat via Stripe. Upgrade from Teams to Business to unlock SSO, SCIM, and audit logging.
Organization Settings
Owners can configure the following under Admin Console > Settings:
- Display Name -- update the organization's display name at any time.
- Billing & Subscription -- view current plan, update payment method, download invoices.
- Domain Verification -- verify ownership of your email domain to enable automatic member discovery and enforce SSO for all users with that domain.
- Default Role -- set the role automatically assigned to new members (defaults to Member).
- Data Region -- on Enterprise plans, choose the geographic region where encrypted vault data is stored (US, EU, or AU).
Transferring Ownership
Organization ownership can be transferred to another member who already holds the Owner role. Navigate to Admin Console > Settings > Transfer Ownership, select the target user, and confirm with your master password. The transfer is logged in the audit trail and the previous owner is downgraded to Admin.
Deleting an organization is permanent and irreversible. All member associations, shared folders, teams, policies, and audit logs are destroyed. Individual members retain their personal vaults. Only Owners can delete an organization, and the action requires master password confirmation plus a 72-hour cooling-off period.
Multiple Organizations
A single SyVault account can belong to multiple organizations. Each organization is cryptographically isolated -- separate account keys, separate vault keys, separate shared folder keys. Compromising one organization's shared data has zero impact on another.