DocsAPI ReferenceCookbook

Grok Business / Enterprise

Organization Management

Organizations provide a higher-level governance structure for enterprise customers, encompassing multiple console teams under unified IT controls. Available only to Enterprise tier subscribers, organizations enable centralized management of users, teams, and security features like SSO.

Access the organization dashboard by visiting console.x.ai/organization. This page is restricted to organization admins.

Enterprise Only: Organizations are exclusive to the Enterprise tier. Contact xAI sales to upgrade if needed.

Understanding Organizations

An organization acts as an overarching entity that groups related console teams, ideal for large enterprises with multiple business units or departments.

Key features:

  • Domain Association: Link your organization to a specific email domain (e.g., @yourcompany.com). Any user signing up or logging in with an email from this domain is automatically associated with the organization.
  • User Visibility: Organization admins can view a comprehensive list of all associated users across teams on the /organization page.
  • Team Association: Teams created by organization members are automatically linked to the organization and displayed in the dashboard for oversight.

This structure supports a multi-team architecture, allowing independent Grok Business or API teams while maintaining centralized governance, such as uniform access controls and auditing.

Viewing Users and Teams

To view users:

  1. Navigate to console.x.ai/organization.
  2. Scroll to the "Users" section for a list of all domain-associated users, including their team affiliations and access status.

To view teams:

  1. In the same dashboard, access the "Teams" section.
  2. Review associated console teams, their members, and high-level usage metrics.

Use these views to ensure compliance, spot inactive accounts, or identify growth needs.

Setting Up SSO

Secure and streamline logins by integrating Single Sign-On (SSO) with your preferred Identity Provider (IdP).

To configure SSO:

  1. On the /organization page, click "Configure SSO".
  2. Choose your IdP from the supported list (e.g., Okta, Azure AD, Google Workspace).
  3. Follow the self-guided, IdP-specific instructions provided—each includes step-by-step setup, metadata exchange, and attribute mapping details.
  4. Save your configuration and test SSO to confirm the functionality.

SSO setup is straightforward and tailored to common providers, ensuring quick deployment.

Activating SSO and User Impact

Once configured, SSO will be activated and enforced organization-wide.

Post-activation:

  • Users must log in via SSO on their next access.
  • If a user selects "Log in with email" and enters a domain-associated address, (e.g., @yourcompany.com) the system automatically detects it and redirects to your IdP for authentication.
  • Non-domain emails (e.g., @differentcompany.com) fall back to standard login methods.

This ensures seamless, secure access without disrupting workflows.

Communication Tip: Notify your users in advance about the SSO rollout to minimize support queries.

Setting up SCIM

Automate user provisioning and deprovisioning by integrating System for Cross-domain Identity Management (SCIM) with your Identity Provider (IdP). Follow these steps to set up SCIM effectively.

Step 1: Configure Groups in Your IdP

  1. On the /organization page, click "Setup SCIM".
  2. Follow the IdP-specific steps provided to sync your groups.
  3. Create as many groups as needed in your IdP—typically named something like xai-admin, xai-supergrok-heavy, xai-supergrok, or whatever fits your organizational structure. This step ensures your groups are ready for mapping and synchronization with xAI.

Step 2: Map Groups to Roles in xAI

Map your IdP groups to the available roles in xAI.

  • The out-of-the-box roles include Admin, SuperGrok Heavy, SuperGrok, and Member (the default role assigned to users without any specified group).
  • If you require more granular roles beyond these, contact your xAI representative to explore custom setup options—these standard roles are usually sufficient for most organizations. This mapping aligns your IdP groups with xAI's role-based access controls.

Step 3: Map Roles to Teams, Permissions, and Licenses

Assign your mapped roles to appropriate resources.

  • Map roles to teams (usually just one primary team, but you may have more).
  • Assign any relevant permissions.
  • Typically, associate a license with the role.

This step customizes access and entitlements based on your organizational needs.

Step 4: Preview and Activate SCIM

Before finalizing, review the changes.

  • We provide a preview of what your organization will look like after activation.
  • Confirm that members are assigned to the correct roles, those roles have the appropriate level of authorization, and the right licenses are applied.
  • Once you feel confident everything is correct, click "Activate" to make SCIM your default provisioning system.

This verification ensures a smooth transition.

Warning: SCIM is very disruptive. Users might lose or gain access to resources they did not have before. Notify your organization that you are undergoing this transition and verify everything is correct during the preview stage before proceeding.

Need Help?

For assistance with organization setup, SSO troubleshooting, or Enterprise features, contact xAI sales at x.ai/grok/business/enquire.