# Organizations **URL:** https://heroiclabs.com/docs/heroic-cloud/organizations/ **Summary:** An organization is the top-level entity in Heroic Cloud. Everything you create (titles, deployments, builders, teams, and users) is owned by an organization. **Keywords:** organizations, heroic cloud **Categories:** heroic-cloud, organizations --- # Organizations As studios grow, shared ownership becomes essential — resources shouldn't be tied to any one person's account. An organization is the top-level entity in Heroic Cloud: your studio or company's account. Everything you create (titles, deployments, builders, teams, and users) belongs to the organization, not to individual users. Billing, permissions, audit history, and support plans all live at the organization level. If a user leaves, the resources remain. ## Ownership model An organization can have **multiple owners**. Each owner has full, unrestricted access to every resource, setting, and permission in the organization. The original creator is automatically an Owner, but you can add additional owners at any time. Once at least two owners exist, you can revoke the original owner's role if needed. Set ownership per-user via the **Organization owner** checkbox on a user's detail page. Add as many owners as you need. ## Users across organizations A single user account can belong to **multiple organizations**. This is common for contractors, consultants, or studio leads who work across several teams. Each organization is fully isolated: a user's permissions, team memberships, and access in one organization have no effect on another. Switch between organizations from the navigation menu. ## What the organization manages The organization is where you manage platform-wide settings and resources: * **Identity and authentication** including SSO configuration, directory sync, and MFA enforcement. See [Enterprise SSO and directory sync](../enterprise/enterprise-sso/). * **Billing** including payment methods, usage tracking, and invoices. See [Billing](./billing-support/). * **Audit** as a complete log of every user action across the organization. See [Audit log](./audit-log/). ## MFA enforcement Enforce multi-factor authentication (MFA) for all users from the organization settings. Once enabled, users who haven't configured MFA must do so on their next login. MFA enforcement doesn't apply when using SSO or OAuth, since those providers handle authentication independently. ## Deleting an organization Permanently delete an organization only after removing all resources (titles, deployments, builders). Once deleted, the organization and its data can't be recovered. ## See also * [Audit log](./audit-log/) for tracking user actions. * [Billing](./billing-support/) for payments, invoices, and support plans. * [Enterprise SSO and directory sync](../enterprise/enterprise-sso/) for SAML and SCIM configuration. * [Access control](../access-control/) for managing access below the owner level.