Organization Management
One organization, multiple isolated workspaces - centralized billing, access control, and policy management for your whole team
Overview
An organization is the top-level container in Instafill.ai. It holds one or more workspaces, manages billing for all of them, and lets you set security policies that apply across every workspace at once.
Each workspace's data is isolated by its workspaceId. Organization-level operations - managing workspaces, enforcing 2FA, accessing usage reports - require an org-level JWT claim that is distinct from workspace-level membership claims. Standard workspace member tokens carry only workspace-scoped claims and cannot perform organization-level operations.
Real-world example: A teleradiology practice automated hospital credentialing by creating one organization with separate workspaces for each hospital network, keeping each network's credentialing data isolated while managing billing and policy from one place.
Key Capabilities
- Multiple workspaces under one org: A single billing account covers all workspaces. Org admins can create, configure, and delete workspaces without accessing the data inside them.
- Member management: Invite users by email. Remove members from the organization members list at any time.
- 2FA enforcement: Require two-factor authentication for all organization members across every workspace. Members without 2FA enabled cannot access organization resources until they set it up.
- Notifications: When enabled, Instafill.ai sends an email to all organization members with access to a form whenever a new filled PDF is ready.
- Workspace settings: Configure language, date format, time format, decimal digits, and DPI per workspace from the workspace general settings.
- Consolidated usage reporting: Aggregate fill quota and usage across all workspaces for billing and capacity planning.
- Billing via Stripe: Manage your subscription and billing from Settings → Organization → Billing, which opens the Stripe billing portal.
- Audit logging: Org-level actions - member changes, workspace creation and deletion - are logged with user, timestamp, and action.
How It Works
1. Create the organization
First-time users automatically receive a personal organization. Additional organizations can be created for separate business units or clients. The organization name is set at creation and can be changed at any time from Settings → Organization → General.
2. Invite and manage members
Go to Settings → Organization → Members and use the Invite button to add people by email. Members appear in the list and can be removed at any time using the Remove button.
3. Enforce 2FA
Go to Settings → Organization → Authentication security and enable "Require two-factor authentication for everyone in your organization." Members who do not have 2FA enabled will be unable to access organization resources until they update their settings. Outside collaborators without 2FA enabled are removed from the organization.
4. Set up notifications
Go to Settings → Organization → Notifications and enable "Notify members when a form is filled." When turned on, Instafill.ai sends an email to all organization members with access to a form whenever a filled PDF is ready. The email includes processing time, number of fields processed, and a direct link to the filled PDF.
See how to set up team notifications for a full walkthrough.
5. Create and manage workspaces
Go to Settings → Organization → Workspaces to see all workspaces, create new ones, and delete existing ones. Each workspace gets its own workspaceId - the data isolation boundary. Workspace members are assigned independently of org membership.
6. Monitor usage
The Plan and Usage page shows current plan details and fill quota consumption across all workspaces, including fills used, fills remaining, and the next reset date.
Real-world example: Teams using the n8n integration can trigger automated workflows when forms are completed across any workspace, sending notifications to Slack or updating internal systems automatically.
Use Cases
Organization management is most useful for companies with multiple teams or client groups that need logical separation. Law firms create separate workspaces per practice area so that litigation and real estate teams have isolated form libraries. Healthcare systems use one workspace per clinic location so that CMS-1500 claims, credentialing forms, and intake documents for each location are never visible to staff at another. Enterprises segment departments to enforce independent quota tracking and billing allocation while keeping all workspaces under one consolidated account.
Benefits
- Governance without data access: Org admins can manage structure - workspaces, policies, members - without being able to read the form data inside each workspace unless they are also a member of that workspace
- 2FA at scale: Requiring 2FA at the org level applies the policy to every member without per-workspace configuration
- Consolidated billing: One subscription covers all workspaces; fill quota usage aggregates at the org level
- Instant team visibility: Form-fill notifications mean every member with access to a form knows the moment a filled PDF is ready, without checking the dashboard
- Audit coverage: Org-level actions are logged with user identity, timestamp, and the specific change made
Security and Privacy
Data is scoped to workspaceId and protected via JWT authentication middleware running across both service layers.
Org-level claim enforcement: Operations that affect multiple workspaces or org-level settings require an org-level JWT claim. A workspace-scoped token cannot perform them regardless of which workspace it was issued for.
Data isolation: Organizations are fully isolated from each other. Within an organization, each workspace's data is isolated by its workspaceId - being a member of the organization does not grant access to workspace data. See Workspace Data Isolation for how this is enforced.
Audit logging: All org-level changes are logged with the acting user's identity, timestamp, and the specific change made.
Common Questions
Can members belong to multiple organizations?
Yes. A user account can hold membership in multiple organizations and in multiple workspaces across those orgs. Each org and workspace context results in different JWT claims, enforced independently by the service layer.
What happens to data if I delete a workspace?
Deleting a workspace permanently removes all forms, sessions, profiles, and source documents within it. This action cannot be undone, so confirm that all needed data has been exported before proceeding.
How is billing handled for organizations?
One billing account per organization covers all workspaces. Fill quota consumption from all workspaces aggregates toward the org-level plan limit. Billing is managed through the Stripe portal, accessible from Settings → Organization → Billing.
What is the scope of API key access?
API keys are workspace-scoped. A key created in one workspace cannot access data in another workspace, even within the same organization. See API Key Management for details.