--- descriptions: authentication: selected_organization_id: >- The [organization](/reference/organization) the user selected to sign in to. reference: curl: - key: authenticate_organization_selection id: authenticate_organization_selection url: /reference/authkit/authentication/organization-selection title: /user_management/authenticate type: POST parameters: - key: client_id type: string description: (client_id) - key: client_secret type: string description: (client_secret) - key: grant_type type: '"urn:workos:oauth:grant-type:organization-selection"' description: (authentication.grant_type) - key: pending_authentication_token type: string description: (authentication.pending_authentication_token) - key: organization_id type: string description: (authentication.selected_organization_id) - key: ip_address type: string optional: true description: (authentication.ip_address) - key: user_agent type: string optional: true description: (authentication.user_agent) returns: - key: anonymous type: object unwrap: true properties: - key: user type: user description: (user.self) - key: organization_id type: string optional: true description: (authentication.organization_id) - key: authentication_method type: >- "SSO" | "Password" | "AppleOAuth" | "GitHubOAuth" | "GoogleOAuth" | "MicrosoftOAuth" | "MagicAuth" | "Impersonation" optional: false description: (authentication.authentication_method) js: - key: authenticateWithOrganizationSelection id: authenticate_organization_selection url: /reference/authkit/authentication/organization-selection title: userManagement.authenticateWithOrganizationSelection() parameters: - key: clientId type: string description: (client_id) - key: pendingAuthenticationToken type: string description: (authentication.pending_authentication_token) - key: organizationId type: string description: (authentication.selected_organization_id) - key: ipAddress type: string optional: true description: (authentication.ip_address) - key: userAgent type: string optional: true description: (authentication.user_agent) - key: session type: object optional: true unwrap: true properties: - key: sealSession type: boolean description: (authentication.seal_session) - key: cookiePassword type: string optional: true description: (authentication.cookie_password_seal) returns: - key: anonymous type: object unwrap: true properties: - key: user type: User description: (user.self) - key: organizationId type: string optional: true description: (authentication.organization_id) - key: authenticationMethod type: >- "SSO" | "Password" | "AppleOAuth" | "GitHubOAuth" | "GoogleOAuth" | "MicrosoftOAuth" | "MagicAuth" | "Impersonation" optional: false description: (authentication.authentication_method) - key: sealedSession type: string optional: true description: (authentication.sealed_session) python: - key: authenticate_with_organization_selection id: authenticate_organization_selection url: /reference/authkit/authentication/organization-selection title: user_management.authenticate_with_organization_selection() parameters: - key: organization_id type: str description: (authentication.selected_organization_id) - key: pending_authentication_token type: str description: (authentication.pending_authentication_token) - key: ip_address type: str optional: true description: (authentication.ip_address) - key: user_agent type: str optional: true description: (authentication.user_agent) returns: - key: anonymous type: AuthenticationResponse unwrap: true properties: - key: user type: User description: (user.self) - key: organization_id type: str optional: true description: (authentication.organization_id) - key: access_token type: str optional: false description: (authentication.access_token) - key: refresh_token type: str optional: false description: (authentication.refresh_token) go: - key: AuthenticateWithOrganizationSelection id: authenticate_organization_selection url: /reference/authkit/authentication/organization-selection title: usermanagement.AuthenticateWithOrganizationSelection() parameters: - (ctx) - key: opts type: usermanagement.AuthenticateWithOrganizationSelectionOpts unwrap: true properties: - key: ClientID type: string description: (client_id) - key: PendingAuthenticationToken type: string description: (authentication.pending_authentication_token) - key: OrganizationId type: string description: (authentication.selected_organization_id) - key: IPAddress type: string optional: true description: (authentication.ip_address) - key: UserAgent type: string optional: true description: (authentication.user_agent) returns: - key: response type: object unwrap: true properties: - key: User type: User description: (user.self) - key: OrganizationID type: string optional: true description: (authentication.organization_id) - (err) php: - key: authenticateWithOrganizationSelection id: authenticate_organization_selection url: /reference/authkit/authentication/organization-selection title: $userManagement->authenticateWithOrganizationSelection() parameters: - key: clientId type: string description: (client_id) - key: organizationId type: string description: (authentication.selected_organization_id) - key: pendingAuthenticationToken type: string description: (authentication.pending_authentication_token) - key: ipAddress type: string optional: true description: (authentication.ip_address) - key: userAgent type: string optional: true description: (authentication.user_agent) returns: - key: anonymous type: object unwrap: true properties: - key: user type: User description: (user.self) - key: organizationId type: string optional: true description: (authentication.organization_id) ruby: - key: authenticate_with_organization_selection id: authenticate_organization_selection url: /reference/authkit/authentication/organization-selection title: UserManagement.authenticate_with_organization_selection() parameters: - key: client_id type: String description: (client_id) - key: organization_id type: String description: (authentication.selected_organization_id) - key: pending_authentication_token type: String description: (authentication.pending_authentication_token) - key: ip_address type: String optional: true description: (authentication.ip_address) - key: user_agent type: String optional: true description: (authentication.user_agent) returns: - key: anonymous type: object unwrap: true properties: - key: user type: User description: (user.self) - key: organization_id type: String optional: true description: (authentication.organization_id) java: - key: authenticateWithOrganizationSelection id: authenticate_organization_selection url: /reference/authkit/authentication/organization-selection title: userManagement.authenticateWithOrganizationSelection() parameters: - key: clientId type: String description: (client_id) - key: organizationId type: String description: (authentication.selected_organization_id) - key: pendingAuthenticationToken type: String description: (authentication.pending_authentication_token) - key: options type: AuthenticationAdditionalOptionsBuilder optional: true unwrap: true properties: - key: invitationToken type: String optional: true description: (authentication.invitation_token) - key: ipAddress type: String optional: true description: (authentication.ip_address) - key: userAgent type: String optional: true description: (authentication.user_agent) returns: - key: response type: Authentication unwrap: true properties: - key: user type: User optional: true description: (user.self) - key: organizationId type: String optional: true description: (authentication.organization_id) - key: accessToken type: string optional: true description: (authentication.access_token) - key: refreshToken type: string optional: true description: (authentication.refresh_token) - key: impersonator type: AuthenticationImpersonator optional: true properties: - key: email type: String description: (authentication.impersonator.email) - key: reason type: String optional: true description: (authentication.impersonator.reason) originalPath: >- .tmp-workos-clone/packages/docs/content/reference/authkit/authentication/organization-selection.mdx --- ## Authenticate with organization selection Authenticates a user into an organization they are a member of. When a user who is a member of multiple organizations attempts to authenticate with their credentials, the API will return an [organization selection error](/reference/authkit/authentication-errors/organization-selection-error) that contains a pending authentication token. To continue with the authentication flow, your application should display the list of organizations for the user to choose. Use the pending authentication token from the error and the organization the user selected in your UI to complete the authentication.