Before diving into this content, it might be helpful to read the following:
There are a few limitations that will be lifted soon:
- The LangSmith SDKs do not support these organization management actions yet.
- Organization-scoped service keys with Organization Admin permission may be used for these actions.
X-Organization-Id header should be present on all requests, and X-Tenant-Id header should be present on requests that are scoped to a particular workspace.
Workspaces
User management
RBAC
Membership management
List roles under RBAC should be used for retrieving role IDs of these operations. List [organization|workspace] members endpoints (below) response "id"s should be used as identity_id in these operations.
Organization level:
- List active organization members
- List pending organization members
- Invite a user to the organization and one or more workspaces. This should be used when the user is not already a member in the organization.
- Update a user’s organization role
- Remove someone from the organization
- List workspace members
- Add a member to a workspace that is already part of the organization
- Update a user’s workspace role
- Remove someone from a workspace
These params should be omitted:
read_only (deprecated), password and full_name (basic auth only)API keys
Security settings
Organization Admin permissions are required to make these changes.
“Shared resources” in this context refer to public prompts, shared runs, and shared datasets.
- Update organization sharing settings
- use
unshare_allto unshare ALL shared resources for the selected workspace - usedisable_public_sharingto prevent future sharing of resources
- use
- Disable/enable PAT creation (for self-hosted, available in Helm chart version 0.11.25+)
- Use
pat_creation_disabledto disable PAT creation for the entire organization. - See the admin guide for information about the Organization Viewer role, which cannot create PATs.
- For self-hosted deployments, you can also globally disable PAT creation across all organizations using an environment variable.
- Use
User-only endpoints
These endpoints are user-scoped and require a logged-in user’s JWT, so they should only be executed through the UI./api-key/currentendpoints: these are related a user’s PATs/sso/email-verification/send(Cloud-only): this endpoint is related to SAML SSO
Sample code
The sample code below goes through a few common workflows related to organization management. Make sure to make necessary replacements wherever<replace_me> is in the code.
Connect these docs to Claude, VSCode, and more via MCP for real-time answers.

