[PM-25923] Simplify and align response models for Organization members and Provider users (#6385)

* Update ProviderUserOrganizationDetailsView to include SSO configuration data * Updated the ProviderUserOrganizationDetailsViewQuery to join with SsoConfigs and select SSO-related fields. * Modified the SQL view to reflect the inclusion of SSO configuration data. * Added a new migration script for the updated view structure. * Add SSO configuration properties to ProviderUserOrganizationDetails model * Add SSO configuration handling to ProfileProviderOrganizationResponseModel * Introduced properties for SSO configuration, including SSO enabled status and KeyConnector details. * Implemented deserialization of SSO configuration data to populate new fields in the response model. * Add integration tests for ProviderUserRepository.GetManyOrganizationDetailsByUserAsync * Add BaseUserOrganizationDetails model to encapsulate common properties * Introduced a new abstract class to define shared properties for organization users and provider organization users * Add BaseProfileOrganizationResponseModel to encapsulate organization response properties * Introduced a new abstract class that ensures all properties are fully populated for profile organization responses. * Update ProviderUserOrganizationDetailsViewQuery to include missing ProviderUserId * Refactor OrganizationUserOrganizationDetails and ProviderUserOrganizationDetails to inherit from BaseUserOrganizationDetails * Updated both models to extend BaseUserOrganizationDetails, promoting code reuse and ensure they have the same base properties * Refactor ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel to inherit from BaseProfileOrganizationResponseModel * Refactor ProviderUserRepositoryTests to improve organization detail assertions * Consolidated assertions for organization details into a new method, AssertProviderOrganizationDetails, enhancing code readability and maintainability. * Updated test cases to verify all relevant properties for organizations with and without SSO configurations. * Add integration test for GetManyDetailsByUserAsync to verify SSO properties * Implemented a new test case to ensure that the SSO properties are correctly populated for organizations with and without SSO configurations. * The test verifies the expected behavior of the method when interacting with the user and organization repositories, including cleanup of created entities after the test execution. * Add unit tests for ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel * Introduced tests to validate the constructors of ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel, ensuring that all properties are populated correctly based on the provided organization details. * Verified expected behavior for both organization and provider models, including SSO configurations and relevant properties. * Update SyncControllerTests.Get_ProviderPlanTypeProperlyPopulated to nullify SSO configurations in provider user organization details * Refactor BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel for null safety Updated properties in BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel to support null safety by introducing nullable types where appropriate. * Enhance null safety in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails Updated properties in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails to support null safety by introducing nullable types where appropriate, ensuring better handling of potential null values. * Move common properties from ProfileOrganizationResponseModel to BaseProfileOrganizationResponseModel * Refactor organization details: Remove BaseUserOrganizationDetails and introduce IProfileMemberOrganizationDetails interface for improved structure and clarity in organization user data management. * Enhance OrganizationUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface * Refactor ProviderUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface * Refactor ProfileOrganizationResponseModelTests and ProfileProviderOrganizationResponseModelTests: Update constructors to utilize Organization and ProviderUserOrganizationDetails, enhancing property population and test coverage. * Enhance ProviderUserOrganizationDetails: Add UseResetPassword, UseSecretsManager, and UsePasswordManager properties to the query and SQL views * Update BaseProfileOrganizationResponseModel documentation: Clarify purpose and usage of organization properties for OrganizationUsers and ProviderUsers. * Rename ProfileOrganizationResponseModel to ProfileMemberOrganizationResponseModel, update references and update related test names * Add XML documentation for ProfileMemberOrganizationResponseModel and ProfileProviderOrganizationResponseModel to clarify their purpose and relationships * Remove unnecessary cleanup code from OrganizationUserRepositoryTests * Remove unnecessary cleanup code from ProviderUserRepositoryTests * Rename test method in ProviderUserRepositoryTests to improve clarity on property population * Add CreateFullOrganization method to ProviderUserRepositoryTests for improved organization setup in tests * Refactor organization creation in tests to use CreateTestOrganizationAsync for consistency and improved setup * Rename IProfileMemberOrganizationDetails to IProfileOrganizationDetails * Rename ProfileMemberOrganizationResponseModel back to ProfileOrganizationResponseModel * Refactor organization response models to remove Family Sponsorship properties from BaseProfileOrganizationResponseModel and reintroduce them in ProfileOrganizationResponseModel. Update related interfaces and tests accordingly. * Bump date on migration script * Update OrganizationUserOrganizationDetailsViewQuery to include UseAutomaticUserConfirmation property
2026-01-31 14:13:18 +08:00 · 2025-10-24 20:42:28 +01:00
parent bd52cf56e7
commit 9b313d9c0a
16 changed files with 881 additions and 231 deletions
--- a/src/Api/AdminConsole/Models/Response/BaseProfileOrganizationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/BaseProfileOrganizationResponseModel.cs
@@ -0,0 +1,127 @@
 using System.Text.Json.Serialization;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Extensions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Api;
 using Bit.Core.Models.Data;
 using Bit.Core.Utilities;
 namespace Bit.Api.AdminConsole.Models.Response;
 /// <summary>
 /// Contains organization properties for both OrganizationUsers and ProviderUsers.
 /// Any organization properties in sync data should be added to this class so they are populated for both
 /// members and providers.
 /// </summary>
 public abstract class BaseProfileOrganizationResponseModel : ResponseModel
 {
    protected BaseProfileOrganizationResponseModel(
        string type, IProfileOrganizationDetails organizationDetails) : base(type)
    {
        Id = organizationDetails.OrganizationId;
        UserId = organizationDetails.UserId;
        Name = organizationDetails.Name;
        Enabled = organizationDetails.Enabled;
        Identifier = organizationDetails.Identifier;
        ProductTierType = organizationDetails.PlanType.GetProductTier();
        UsePolicies = organizationDetails.UsePolicies;
        UseSso = organizationDetails.UseSso;
        UseKeyConnector = organizationDetails.UseKeyConnector;
        UseScim = organizationDetails.UseScim;
        UseGroups = organizationDetails.UseGroups;
        UseDirectory = organizationDetails.UseDirectory;
        UseEvents = organizationDetails.UseEvents;
        UseTotp = organizationDetails.UseTotp;
        Use2fa = organizationDetails.Use2fa;
        UseApi = organizationDetails.UseApi;
        UseResetPassword = organizationDetails.UseResetPassword;
        UsersGetPremium = organizationDetails.UsersGetPremium;
        UseCustomPermissions = organizationDetails.UseCustomPermissions;
        UseActivateAutofillPolicy = organizationDetails.PlanType.GetProductTier() == ProductTierType.Enterprise;
        UseRiskInsights = organizationDetails.UseRiskInsights;
        UseOrganizationDomains = organizationDetails.UseOrganizationDomains;
        UseAdminSponsoredFamilies = organizationDetails.UseAdminSponsoredFamilies;
        UseAutomaticUserConfirmation = organizationDetails.UseAutomaticUserConfirmation;
        UseSecretsManager = organizationDetails.UseSecretsManager;
        UsePasswordManager = organizationDetails.UsePasswordManager;
        SelfHost = organizationDetails.SelfHost;
        Seats = organizationDetails.Seats;
        MaxCollections = organizationDetails.MaxCollections;
        MaxStorageGb = organizationDetails.MaxStorageGb;
        Key = organizationDetails.Key;
        HasPublicAndPrivateKeys = organizationDetails.PublicKey != null && organizationDetails.PrivateKey != null;
        SsoBound = !string.IsNullOrWhiteSpace(organizationDetails.SsoExternalId);
        ResetPasswordEnrolled = !string.IsNullOrWhiteSpace(organizationDetails.ResetPasswordKey);
        ProviderId = organizationDetails.ProviderId;
        ProviderName = organizationDetails.ProviderName;
        ProviderType = organizationDetails.ProviderType;
        LimitCollectionCreation = organizationDetails.LimitCollectionCreation;
        LimitCollectionDeletion = organizationDetails.LimitCollectionDeletion;
        LimitItemDeletion = organizationDetails.LimitItemDeletion;
        AllowAdminAccessToAllCollectionItems = organizationDetails.AllowAdminAccessToAllCollectionItems;
        SsoEnabled = organizationDetails.SsoEnabled ?? false;
        if (organizationDetails.SsoConfig != null)
        {
            var ssoConfigData = SsoConfigurationData.Deserialize(organizationDetails.SsoConfig);
            KeyConnectorEnabled = ssoConfigData.MemberDecryptionType == MemberDecryptionType.KeyConnector && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl);
            KeyConnectorUrl = ssoConfigData.KeyConnectorUrl;
            SsoMemberDecryptionType = ssoConfigData.MemberDecryptionType;
        }
    }
    public Guid Id { get; set; }
    [JsonConverter(typeof(HtmlEncodingStringConverter))]
    public string Name { get; set; } = null!;
    public bool Enabled { get; set; }
    public string? Identifier { get; set; }
    public ProductTierType ProductTierType { get; set; }
    public bool UsePolicies { get; set; }
    public bool UseSso { get; set; }
    public bool UseKeyConnector { get; set; }
    public bool UseScim { get; set; }
    public bool UseGroups { get; set; }
    public bool UseDirectory { get; set; }
    public bool UseEvents { get; set; }
    public bool UseTotp { get; set; }
    public bool Use2fa { get; set; }
    public bool UseApi { get; set; }
    public bool UseResetPassword { get; set; }
    public bool UseSecretsManager { get; set; }
    public bool UsePasswordManager { get; set; }
    public bool UsersGetPremium { get; set; }
    public bool UseCustomPermissions { get; set; }
    public bool UseActivateAutofillPolicy { get; set; }
    public bool UseRiskInsights { get; set; }
    public bool UseOrganizationDomains { get; set; }
    public bool UseAdminSponsoredFamilies { get; set; }
    public bool UseAutomaticUserConfirmation { get; set; }
    public bool SelfHost { get; set; }
    public int? Seats { get; set; }
    public short? MaxCollections { get; set; }
    public short? MaxStorageGb { get; set; }
    public string? Key { get; set; }
    public bool HasPublicAndPrivateKeys { get; set; }
    public bool SsoBound { get; set; }
    public bool ResetPasswordEnrolled { get; set; }
    public bool LimitCollectionCreation { get; set; }
    public bool LimitCollectionDeletion { get; set; }
    public bool LimitItemDeletion { get; set; }
    public bool AllowAdminAccessToAllCollectionItems { get; set; }
    public Guid? ProviderId { get; set; }
    [JsonConverter(typeof(HtmlEncodingStringConverter))]
    public string? ProviderName { get; set; }
    public ProviderType? ProviderType { get; set; }
    public bool SsoEnabled { get; set; }
    public bool KeyConnectorEnabled { get; set; }
    public string? KeyConnectorUrl { get; set; }
    public MemberDecryptionType? SsoMemberDecryptionType { get; set; }
    public bool AccessSecretsManager { get; set; }
    public Guid? UserId { get; set; }
    public OrganizationUserStatusType Status { get; set; }
    public OrganizationUserType Type { get; set; }
    public Permissions? Permissions { get; set; }
 }
--- a/src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs
@@ -1,150 +1,47 @@
-// FIXME: Update this file to be null safe and then delete the line below
+using Bit.Core.Enums;
 #nullable disable
 using System.Text.Json.Serialization;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Extensions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Api;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Utilities;
 namespace Bit.Api.AdminConsole.Models.Response;
-public class ProfileOrganizationResponseModel : ResponseModel
+/// <summary>
 /// Sync data for organization members and their organization.
 /// Note: see <see cref="ProfileProviderOrganizationResponseModel"/> for organization sync data received by provider users.
 /// </summary>
 public class ProfileOrganizationResponseModel : BaseProfileOrganizationResponseModel
 {
    public ProfileOrganizationResponseModel(string str) : base(str) { }
    public ProfileOrganizationResponseModel(
-        OrganizationUserOrganizationDetails organization,
+        OrganizationUserOrganizationDetails organizationDetails,
        IEnumerable<Guid> organizationIdsClaimingUser)
-        : this("profileOrganization")
+        : base("profileOrganization", organizationDetails)
    {
-        Id = organization.OrganizationId;
+        Status = organizationDetails.Status;
-        Name = organization.Name;
+        Type = organizationDetails.Type;
-        UsePolicies = organization.UsePolicies;
+        OrganizationUserId = organizationDetails.OrganizationUserId;
-        UseSso = organization.UseSso;
+        UserIsClaimedByOrganization = organizationIdsClaimingUser.Contains(organizationDetails.OrganizationId);
-        UseKeyConnector = organization.UseKeyConnector;
+        Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organizationDetails.Permissions);
-        UseScim = organization.UseScim;
+        IsAdminInitiated = organizationDetails.IsAdminInitiated ?? false;
-        UseGroups = organization.UseGroups;
+        FamilySponsorshipFriendlyName = organizationDetails.FamilySponsorshipFriendlyName;
-        UseDirectory = organization.UseDirectory;
+        FamilySponsorshipLastSyncDate = organizationDetails.FamilySponsorshipLastSyncDate;
-        UseEvents = organization.UseEvents;
+        FamilySponsorshipToDelete = organizationDetails.FamilySponsorshipToDelete;
-        UseTotp = organization.UseTotp;
+        FamilySponsorshipValidUntil = organizationDetails.FamilySponsorshipValidUntil;
-        Use2fa = organization.Use2fa;
+        FamilySponsorshipAvailable = (organizationDetails.FamilySponsorshipFriendlyName == null || IsAdminInitiated) &&
        UseApi = organization.UseApi;
        UseResetPassword = organization.UseResetPassword;
        UseSecretsManager = organization.UseSecretsManager;
        UsePasswordManager = organization.UsePasswordManager;
        UsersGetPremium = organization.UsersGetPremium;
        UseCustomPermissions = organization.UseCustomPermissions;
        UseActivateAutofillPolicy = organization.PlanType.GetProductTier() == ProductTierType.Enterprise;
        SelfHost = organization.SelfHost;
        Seats = organization.Seats;
        MaxCollections = organization.MaxCollections;
        MaxStorageGb = organization.MaxStorageGb;
        Key = organization.Key;
        HasPublicAndPrivateKeys = organization.PublicKey != null && organization.PrivateKey != null;
        Status = organization.Status;
        Type = organization.Type;
        Enabled = organization.Enabled;
        SsoBound = !string.IsNullOrWhiteSpace(organization.SsoExternalId);
        Identifier = organization.Identifier;
        Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organization.Permissions);
        ResetPasswordEnrolled = !string.IsNullOrWhiteSpace(organization.ResetPasswordKey);
        UserId = organization.UserId;
        OrganizationUserId = organization.OrganizationUserId;
        ProviderId = organization.ProviderId;
        ProviderName = organization.ProviderName;
        ProviderType = organization.ProviderType;
        FamilySponsorshipFriendlyName = organization.FamilySponsorshipFriendlyName;
        IsAdminInitiated = organization.IsAdminInitiated ?? false;
        FamilySponsorshipAvailable = (FamilySponsorshipFriendlyName == null || IsAdminInitiated) &&
            StaticStore.GetSponsoredPlan(PlanSponsorshipType.FamiliesForEnterprise)
-            .UsersCanSponsor(organization);
+            .UsersCanSponsor(organizationDetails);
-        ProductTierType = organization.PlanType.GetProductTier();
+        AccessSecretsManager = organizationDetails.AccessSecretsManager;
        FamilySponsorshipLastSyncDate = organization.FamilySponsorshipLastSyncDate;
        FamilySponsorshipToDelete = organization.FamilySponsorshipToDelete;
        FamilySponsorshipValidUntil = organization.FamilySponsorshipValidUntil;
        AccessSecretsManager = organization.AccessSecretsManager;
        LimitCollectionCreation = organization.LimitCollectionCreation;
        LimitCollectionDeletion = organization.LimitCollectionDeletion;
        LimitItemDeletion = organization.LimitItemDeletion;
        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
        UserIsClaimedByOrganization = organizationIdsClaimingUser.Contains(organization.OrganizationId);
        UseRiskInsights = organization.UseRiskInsights;
        UseOrganizationDomains = organization.UseOrganizationDomains;
        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
        SsoEnabled = organization.SsoEnabled ?? false;
        if (organization.SsoConfig != null)
        {
            var ssoConfigData = SsoConfigurationData.Deserialize(organization.SsoConfig);
            KeyConnectorEnabled = ssoConfigData.MemberDecryptionType == MemberDecryptionType.KeyConnector && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl);
            KeyConnectorUrl = ssoConfigData.KeyConnectorUrl;
            SsoMemberDecryptionType = ssoConfigData.MemberDecryptionType;
        }
        UseAutomaticUserConfirmation = organization.UseAutomaticUserConfirmation;
    }
    public Guid Id { get; set; }
    [JsonConverter(typeof(HtmlEncodingStringConverter))]
    public string Name { get; set; }
    public bool UsePolicies { get; set; }
    public bool UseSso { get; set; }
    public bool UseKeyConnector { get; set; }
    public bool UseScim { get; set; }
    public bool UseGroups { get; set; }
    public bool UseDirectory { get; set; }
    public bool UseEvents { get; set; }
    public bool UseTotp { get; set; }
    public bool Use2fa { get; set; }
    public bool UseApi { get; set; }
    public bool UseResetPassword { get; set; }
    public bool UseSecretsManager { get; set; }
    public bool UsePasswordManager { get; set; }
    public bool UsersGetPremium { get; set; }
    public bool UseCustomPermissions { get; set; }
    public bool UseActivateAutofillPolicy { get; set; }
    public bool SelfHost { get; set; }
    public int? Seats { get; set; }
    public short? MaxCollections { get; set; }
    public short? MaxStorageGb { get; set; }
    public string Key { get; set; }
    public OrganizationUserStatusType Status { get; set; }
    public OrganizationUserType Type { get; set; }
    public bool Enabled { get; set; }
    public bool SsoBound { get; set; }
    public string Identifier { get; set; }
    public Permissions Permissions { get; set; }
    public bool ResetPasswordEnrolled { get; set; }
    public Guid? UserId { get; set; }
    public Guid OrganizationUserId { get; set; }
-    public bool HasPublicAndPrivateKeys { get; set; }
+    public bool UserIsClaimedByOrganization { get; set; }
-    public Guid? ProviderId { get; set; }
+    public string? FamilySponsorshipFriendlyName { get; set; }
    [JsonConverter(typeof(HtmlEncodingStringConverter))]
    public string ProviderName { get; set; }
    public ProviderType? ProviderType { get; set; }
    public string FamilySponsorshipFriendlyName { get; set; }
    public bool FamilySponsorshipAvailable { get; set; }
    public ProductTierType ProductTierType { get; set; }
    public bool KeyConnectorEnabled { get; set; }
    public string KeyConnectorUrl { get; set; }
    public DateTime? FamilySponsorshipLastSyncDate { get; set; }
    public DateTime? FamilySponsorshipValidUntil { get; set; }
    public bool? FamilySponsorshipToDelete { get; set; }
-    public bool AccessSecretsManager { get; set; }
+    public bool IsAdminInitiated { get; set; }
    public bool LimitCollectionCreation { get; set; }
    public bool LimitCollectionDeletion { get; set; }
    public bool LimitItemDeletion { get; set; }
    public bool AllowAdminAccessToAllCollectionItems { get; set; }
    /// <summary>
-    /// Obsolete.
+    /// Obsolete property for backward compatibility
    /// See <see cref="UserIsClaimedByOrganization"/>
    /// </summary>
    [Obsolete("Please use UserIsClaimedByOrganization instead. This property will be removed in a future version.")]
    public bool UserIsManagedByOrganization
@@ -152,19 +49,4 @@ public class ProfileOrganizationResponseModel : ResponseModel
        get => UserIsClaimedByOrganization;
        set => UserIsClaimedByOrganization = value;
    }
    /// <summary>
    /// Indicates if the user is claimed by the organization.
    /// </summary>
    /// <remarks>
    /// A user is claimed by an organization if the user's email domain is verified by the organization and the user is a member.
    /// The organization must be enabled and able to have verified domains.
    /// </remarks>
    public bool UserIsClaimedByOrganization { get; set; }
    public bool UseRiskInsights { get; set; }
    public bool UseOrganizationDomains { get; set; }
    public bool UseAdminSponsoredFamilies { get; set; }
    public bool IsAdminInitiated { get; set; }
    public bool SsoEnabled { get; set; }
    public MemberDecryptionType? SsoMemberDecryptionType { get; set; }
    public bool UseAutomaticUserConfirmation { get; set; }
 }
--- a/src/Api/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModel.cs
+++ b/src/Api/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModel.cs
@@ -1,57 +1,24 @@
 using Bit.Core.AdminConsole.Models.Data.Provider;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Extensions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 namespace Bit.Api.AdminConsole.Models.Response;
-public class ProfileProviderOrganizationResponseModel : ProfileOrganizationResponseModel
+/// <summary>
 /// Sync data for provider users and their managed organizations.
 /// Note: see <see cref="ProfileOrganizationResponseModel"/> for organization sync data received by organization members.
 /// </summary>
 public class ProfileProviderOrganizationResponseModel : BaseProfileOrganizationResponseModel
 {
-    public ProfileProviderOrganizationResponseModel(ProviderUserOrganizationDetails organization)
+    public ProfileProviderOrganizationResponseModel(ProviderUserOrganizationDetails organizationDetails)
-        : base("profileProviderOrganization")
+        : base("profileProviderOrganization", organizationDetails)
    {
        Id = organization.OrganizationId;
        Name = organization.Name;
        UsePolicies = organization.UsePolicies;
        UseSso = organization.UseSso;
        UseKeyConnector = organization.UseKeyConnector;
        UseScim = organization.UseScim;
        UseGroups = organization.UseGroups;
        UseDirectory = organization.UseDirectory;
        UseEvents = organization.UseEvents;
        UseTotp = organization.UseTotp;
        Use2fa = organization.Use2fa;
        UseApi = organization.UseApi;
        UseResetPassword = organization.UseResetPassword;
        UsersGetPremium = organization.UsersGetPremium;
        UseCustomPermissions = organization.UseCustomPermissions;
        UseActivateAutofillPolicy = organization.PlanType.GetProductTier() == ProductTierType.Enterprise;
        SelfHost = organization.SelfHost;
        Seats = organization.Seats;
        MaxCollections = organization.MaxCollections;
        MaxStorageGb = organization.MaxStorageGb;
        Key = organization.Key;
        HasPublicAndPrivateKeys = organization.PublicKey != null && organization.PrivateKey != null;
        Status = OrganizationUserStatusType.Confirmed; // Provider users are always confirmed
        Type = OrganizationUserType.Owner; // Provider users behave like Owners
-        Enabled = organization.Enabled;
+        ProviderId = organizationDetails.ProviderId;
-        SsoBound = false;
+        ProviderName = organizationDetails.ProviderName;
-        Identifier = organization.Identifier;
+        ProviderType = organizationDetails.ProviderType;
        Permissions = new Permissions();
-        ResetPasswordEnrolled = false;
+        AccessSecretsManager = false; // Provider users cannot access Secrets Manager
        UserId = organization.UserId;
        ProviderId = organization.ProviderId;
        ProviderName = organization.ProviderName;
        ProviderType = organization.ProviderType;
        ProductTierType = organization.PlanType.GetProductTier();
        LimitCollectionCreation = organization.LimitCollectionCreation;
        LimitCollectionDeletion = organization.LimitCollectionDeletion;
        LimitItemDeletion = organization.LimitItemDeletion;
        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
        UseRiskInsights = organization.UseRiskInsights;
        UseOrganizationDomains = organization.UseOrganizationDomains;
        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
        UseAutomaticUserConfirmation = organization.UseAutomaticUserConfirmation;
    }
 }
--- a/src/Core/AdminConsole/Models/Data/IProfileOrganizationDetails.cs
+++ b/src/Core/AdminConsole/Models/Data/IProfileOrganizationDetails.cs
@@ -0,0 +1,56 @@
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.Billing.Enums;
 namespace Bit.Core.AdminConsole.Models.Data;
 /// <summary>
 /// Interface defining common organization details properties shared between
 /// regular organization users and provider organization users for profile endpoints.
 /// </summary>
 public interface IProfileOrganizationDetails
 {
    Guid? UserId { get; set; }
    Guid OrganizationId { get; set; }
    string Name { get; set; }
    bool Enabled { get; set; }
    PlanType PlanType { get; set; }
    bool UsePolicies { get; set; }
    bool UseSso { get; set; }
    bool UseKeyConnector { get; set; }
    bool UseScim { get; set; }
    bool UseGroups { get; set; }
    bool UseDirectory { get; set; }
    bool UseEvents { get; set; }
    bool UseTotp { get; set; }
    bool Use2fa { get; set; }
    bool UseApi { get; set; }
    bool UseResetPassword { get; set; }
    bool SelfHost { get; set; }
    bool UsersGetPremium { get; set; }
    bool UseCustomPermissions { get; set; }
    bool UseSecretsManager { get; set; }
    int? Seats { get; set; }
    short? MaxCollections { get; set; }
    short? MaxStorageGb { get; set; }
    string? Identifier { get; set; }
    string? Key { get; set; }
    string? ResetPasswordKey { get; set; }
    string? PublicKey { get; set; }
    string? PrivateKey { get; set; }
    string? SsoExternalId { get; set; }
    string? Permissions { get; set; }
    Guid? ProviderId { get; set; }
    string? ProviderName { get; set; }
    ProviderType? ProviderType { get; set; }
    bool? SsoEnabled { get; set; }
    string? SsoConfig { get; set; }
    bool UsePasswordManager { get; set; }
    bool LimitCollectionCreation { get; set; }
    bool LimitCollectionDeletion { get; set; }
    bool AllowAdminAccessToAllCollectionItems { get; set; }
    bool UseRiskInsights { get; set; }
    bool LimitItemDeletion { get; set; }
    bool UseAdminSponsoredFamilies { get; set; }
    bool UseOrganizationDomains { get; set; }
    bool UseAutomaticUserConfirmation { get; set; }
 }
--- a/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs
+++ b/src/Core/AdminConsole/Models/Data/Organizations/OrganizationUsers/OrganizationUserOrganizationDetails.cs
@@ -1,20 +1,18 @@
-// FIXME: Update this file to be null safe and then delete the line below
+using System.Text.Json.Serialization;
 #nullable disable
 using System.Text.Json.Serialization;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Utilities;
 namespace Bit.Core.Models.Data.Organizations.OrganizationUsers;
-public class OrganizationUserOrganizationDetails
+public class OrganizationUserOrganizationDetails : IProfileOrganizationDetails
 {
    public Guid OrganizationId { get; set; }
    public Guid? UserId { get; set; }
    public Guid OrganizationUserId { get; set; }
    [JsonConverter(typeof(HtmlEncodingStringConverter))]
-    public string Name { get; set; }
+    public string Name { get; set; } = null!;
    public bool UsePolicies { get; set; }
    public bool UseSso { get; set; }
    public bool UseKeyConnector { get; set; }
@@ -33,24 +31,24 @@ public class OrganizationUserOrganizationDetails
    public int? Seats { get; set; }
    public short? MaxCollections { get; set; }
    public short? MaxStorageGb { get; set; }
-    public string Key { get; set; }
+    public string? Key { get; set; }
    public Enums.OrganizationUserStatusType Status { get; set; }
    public Enums.OrganizationUserType Type { get; set; }
    public bool Enabled { get; set; }
    public PlanType PlanType { get; set; }
-    public string SsoExternalId { get; set; }
+    public string? SsoExternalId { get; set; }
-    public string Identifier { get; set; }
+    public string? Identifier { get; set; }
-    public string Permissions { get; set; }
+    public string? Permissions { get; set; }
-    public string ResetPasswordKey { get; set; }
+    public string? ResetPasswordKey { get; set; }
-    public string PublicKey { get; set; }
+    public string? PublicKey { get; set; }
-    public string PrivateKey { get; set; }
+    public string? PrivateKey { get; set; }
    public Guid? ProviderId { get; set; }
    [JsonConverter(typeof(HtmlEncodingStringConverter))]
-    public string ProviderName { get; set; }
+    public string? ProviderName { get; set; }
    public ProviderType? ProviderType { get; set; }
-    public string FamilySponsorshipFriendlyName { get; set; }
+    public string? FamilySponsorshipFriendlyName { get; set; }
    public bool? SsoEnabled { get; set; }
-    public string SsoConfig { get; set; }
+    public string? SsoConfig { get; set; }
    public DateTime? FamilySponsorshipLastSyncDate { get; set; }
    public DateTime? FamilySponsorshipValidUntil { get; set; }
    public bool? FamilySponsorshipToDelete { get; set; }
--- a/src/Core/AdminConsole/Models/Data/Provider/ProviderUserOrganizationDetails.cs
+++ b/src/Core/AdminConsole/Models/Data/Provider/ProviderUserOrganizationDetails.cs
@@ -1,19 +1,16 @@
-// FIXME: Update this file to be null safe and then delete the line below
+using System.Text.Json.Serialization;
 #nullable disable
 using System.Text.Json.Serialization;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Utilities;
 namespace Bit.Core.AdminConsole.Models.Data.Provider;
-public class ProviderUserOrganizationDetails
+public class ProviderUserOrganizationDetails : IProfileOrganizationDetails
 {
    public Guid OrganizationId { get; set; }
    public Guid? UserId { get; set; }
    [JsonConverter(typeof(HtmlEncodingStringConverter))]
-    public string Name { get; set; }
+    public string Name { get; set; } = null!;
    public bool UsePolicies { get; set; }
    public bool UseSso { get; set; }
    public bool UseKeyConnector { get; set; }
@@ -28,20 +25,22 @@ public class ProviderUserOrganizationDetails
    public bool SelfHost { get; set; }
    public bool UsersGetPremium { get; set; }
    public bool UseCustomPermissions { get; set; }
    public bool UseSecretsManager { get; set; }
    public bool UsePasswordManager { get; set; }
    public int? Seats { get; set; }
    public short? MaxCollections { get; set; }
    public short? MaxStorageGb { get; set; }
-    public string Key { get; set; }
+    public string? Key { get; set; }
    public ProviderUserStatusType Status { get; set; }
    public ProviderUserType Type { get; set; }
    public bool Enabled { get; set; }
-    public string Identifier { get; set; }
+    public string? Identifier { get; set; }
-    public string PublicKey { get; set; }
+    public string? PublicKey { get; set; }
-    public string PrivateKey { get; set; }
+    public string? PrivateKey { get; set; }
    public Guid? ProviderId { get; set; }
    public Guid? ProviderUserId { get; set; }
    [JsonConverter(typeof(HtmlEncodingStringConverter))]
-    public string ProviderName { get; set; }
+    public string? ProviderName { get; set; }
    public PlanType PlanType { get; set; }
    public bool LimitCollectionCreation { get; set; }
    public bool LimitCollectionDeletion { get; set; }
@@ -50,6 +49,11 @@ public class ProviderUserOrganizationDetails
    public bool UseRiskInsights { get; set; }
    public bool UseOrganizationDomains { get; set; }
    public bool UseAdminSponsoredFamilies { get; set; }
-    public ProviderType ProviderType { get; set; }
+    public ProviderType? ProviderType { get; set; }
    public bool UseAutomaticUserConfirmation { get; set; }
    public bool? SsoEnabled { get; set; }
    public string? SsoConfig { get; set; }
    public string? SsoExternalId { get; set; }
    public string? Permissions { get; set; }
    public string? ResetPasswordKey { get; set; }
 }
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserOrganizationDetailsViewQuery.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/OrganizationUserOrganizationDetailsViewQuery.cs
@@ -73,7 +73,8 @@ public class OrganizationUserOrganizationDetailsViewQuery : IQuery<OrganizationU
                        UseAdminSponsoredFamilies = o.UseAdminSponsoredFamilies,
                        LimitItemDeletion = o.LimitItemDeletion,
                        IsAdminInitiated = os.IsAdminInitiated,
-                        UseOrganizationDomains = o.UseOrganizationDomains
+                        UseOrganizationDomains = o.UseOrganizationDomains,
                        UseAutomaticUserConfirmation = o.UseAutomaticUserConfirmation
                    };
        return query;
    }
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/ProviderUserOrganizationDetailsViewQuery.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/Queries/ProviderUserOrganizationDetailsViewQuery.cs
@@ -12,7 +12,9 @@ public class ProviderUserOrganizationDetailsViewQuery : IQuery<ProviderUserOrgan
                    join po in dbContext.ProviderOrganizations on pu.ProviderId equals po.ProviderId
                    join o in dbContext.Organizations on po.OrganizationId equals o.Id
                    join p in dbContext.Providers on pu.ProviderId equals p.Id
-                    select new { pu, po, o, p };
+                    join ss in dbContext.SsoConfigs on o.Id equals ss.OrganizationId into ss_g
                    from ss in ss_g.DefaultIfEmpty()
                    select new { pu, po, o, p, ss };
        return query.Select(x => new ProviderUserOrganizationDetails
        {
            OrganizationId = x.po.OrganizationId,
@@ -29,6 +31,9 @@ public class ProviderUserOrganizationDetailsViewQuery : IQuery<ProviderUserOrgan
            UseTotp = x.o.UseTotp,
            Use2fa = x.o.Use2fa,
            UseApi = x.o.UseApi,
            UseResetPassword = x.o.UseResetPassword,
            UseSecretsManager = x.o.UseSecretsManager,
            UsePasswordManager = x.o.UsePasswordManager,
            SelfHost = x.o.SelfHost,
            UsersGetPremium = x.o.UsersGetPremium,
            UseCustomPermissions = x.o.UseCustomPermissions,
@@ -39,6 +44,7 @@ public class ProviderUserOrganizationDetailsViewQuery : IQuery<ProviderUserOrgan
            Key = x.po.Key,
            Status = x.pu.Status,
            Type = x.pu.Type,
            ProviderUserId = x.pu.Id,
            PublicKey = x.o.PublicKey,
            PrivateKey = x.o.PrivateKey,
            ProviderId = x.p.Id,
@@ -52,7 +58,9 @@ public class ProviderUserOrganizationDetailsViewQuery : IQuery<ProviderUserOrgan
            ProviderType = x.p.Type,
            UseOrganizationDomains = x.o.UseOrganizationDomains,
            UseAdminSponsoredFamilies = x.o.UseAdminSponsoredFamilies,
-            UseAutomaticUserConfirmation = x.o.UseAutomaticUserConfirmation
+            UseAutomaticUserConfirmation = x.o.UseAutomaticUserConfirmation,
            SsoEnabled = x.ss.Enabled,
            SsoConfig = x.ss.Data,
        });
    }
 }
--- a/src/Sql/dbo/Views/ProviderUserProviderOrganizationDetailsView.sql
+++ b/src/Sql/dbo/Views/ProviderUserProviderOrganizationDetailsView.sql
@@ -16,6 +16,8 @@ SELECT
    O.[Use2fa],
    O.[UseApi],
    O.[UseResetPassword],
    O.[UseSecretsManager],
    O.[UsePasswordManager],
    O.[SelfHost],
    O.[UsersGetPremium],
    O.[UseCustomPermissions],
@@ -40,7 +42,9 @@ SELECT
    P.[Type] ProviderType,
    O.[LimitItemDeletion],
    O.[UseOrganizationDomains],
-    O.[UseAutomaticUserConfirmation]
+    O.[UseAutomaticUserConfirmation],
    SS.[Enabled] SsoEnabled,
    SS.[Data] SsoConfig
 FROM
    [dbo].[ProviderUser] PU
 INNER JOIN
@@ -49,3 +53,5 @@ INNER JOIN
    [dbo].[Organization] O ON O.[Id] = PO.[OrganizationId]
 INNER JOIN
    [dbo].[Provider] P ON P.[Id] = PU.[ProviderId]
 LEFT JOIN
    [dbo].[SsoConfig] SS ON SS.[OrganizationId] = O.[Id]
--- a/test/Api.Test/AdminConsole/Models/Response/ProfileOrganizationResponseModelTests.cs
+++ b/test/Api.Test/AdminConsole/Models/Response/ProfileOrganizationResponseModelTests.cs
@@ -0,0 +1,150 @@
 using Bit.Api.AdminConsole.Models.Response;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Extensions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Utilities;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Xunit;
 namespace Bit.Api.Test.AdminConsole.Models.Response;
 public class ProfileOrganizationResponseModelTests
 {
    [Theory, BitAutoData]
    public void Constructor_ShouldPopulatePropertiesCorrectly(Organization organization)
    {
        var userId = Guid.NewGuid();
        var organizationUserId = Guid.NewGuid();
        var providerId = Guid.NewGuid();
        var organizationIdsClaimingUser = new[] { organization.Id };
        var organizationDetails = new OrganizationUserOrganizationDetails
        {
            OrganizationId = organization.Id,
            UserId = userId,
            OrganizationUserId = organizationUserId,
            Name = organization.Name,
            Enabled = organization.Enabled,
            Identifier = organization.Identifier,
            PlanType = organization.PlanType,
            UsePolicies = organization.UsePolicies,
            UseSso = organization.UseSso,
            UseKeyConnector = organization.UseKeyConnector,
            UseScim = organization.UseScim,
            UseGroups = organization.UseGroups,
            UseDirectory = organization.UseDirectory,
            UseEvents = organization.UseEvents,
            UseTotp = organization.UseTotp,
            Use2fa = organization.Use2fa,
            UseApi = organization.UseApi,
            UseResetPassword = organization.UseResetPassword,
            UseSecretsManager = organization.UseSecretsManager,
            UsePasswordManager = organization.UsePasswordManager,
            UsersGetPremium = organization.UsersGetPremium,
            UseCustomPermissions = organization.UseCustomPermissions,
            UseRiskInsights = organization.UseRiskInsights,
            UseOrganizationDomains = organization.UseOrganizationDomains,
            UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies,
            UseAutomaticUserConfirmation = organization.UseAutomaticUserConfirmation,
            SelfHost = organization.SelfHost,
            Seats = organization.Seats,
            MaxCollections = organization.MaxCollections,
            MaxStorageGb = organization.MaxStorageGb,
            Key = "organization-key",
            PublicKey = "public-key",
            PrivateKey = "private-key",
            LimitCollectionCreation = organization.LimitCollectionCreation,
            LimitCollectionDeletion = organization.LimitCollectionDeletion,
            LimitItemDeletion = organization.LimitItemDeletion,
            AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems,
            ProviderId = providerId,
            ProviderName = "Test Provider",
            ProviderType = ProviderType.Msp,
            SsoEnabled = true,
            SsoConfig = new SsoConfigurationData
            {
                MemberDecryptionType = MemberDecryptionType.KeyConnector,
                KeyConnectorUrl = "https://keyconnector.example.com"
            }.Serialize(),
            SsoExternalId = "external-sso-id",
            Permissions = CoreHelpers.ClassToJsonData(new Core.Models.Data.Permissions { ManageUsers = true }),
            ResetPasswordKey = "reset-password-key",
            FamilySponsorshipFriendlyName = "Family Sponsorship",
            FamilySponsorshipLastSyncDate = DateTime.UtcNow.AddDays(-1),
            FamilySponsorshipToDelete = false,
            FamilySponsorshipValidUntil = DateTime.UtcNow.AddYears(1),
            IsAdminInitiated = true,
            Status = OrganizationUserStatusType.Confirmed,
            Type = OrganizationUserType.Owner,
            AccessSecretsManager = true,
            SmSeats = 5,
            SmServiceAccounts = 10
        };
        var result = new ProfileOrganizationResponseModel(organizationDetails, organizationIdsClaimingUser);
        Assert.Equal("profileOrganization", result.Object);
        Assert.Equal(organization.Id, result.Id);
        Assert.Equal(userId, result.UserId);
        Assert.Equal(organization.Name, result.Name);
        Assert.Equal(organization.Enabled, result.Enabled);
        Assert.Equal(organization.Identifier, result.Identifier);
        Assert.Equal(organization.PlanType.GetProductTier(), result.ProductTierType);
        Assert.Equal(organization.UsePolicies, result.UsePolicies);
        Assert.Equal(organization.UseSso, result.UseSso);
        Assert.Equal(organization.UseKeyConnector, result.UseKeyConnector);
        Assert.Equal(organization.UseScim, result.UseScim);
        Assert.Equal(organization.UseGroups, result.UseGroups);
        Assert.Equal(organization.UseDirectory, result.UseDirectory);
        Assert.Equal(organization.UseEvents, result.UseEvents);
        Assert.Equal(organization.UseTotp, result.UseTotp);
        Assert.Equal(organization.Use2fa, result.Use2fa);
        Assert.Equal(organization.UseApi, result.UseApi);
        Assert.Equal(organization.UseResetPassword, result.UseResetPassword);
        Assert.Equal(organization.UseSecretsManager, result.UseSecretsManager);
        Assert.Equal(organization.UsePasswordManager, result.UsePasswordManager);
        Assert.Equal(organization.UsersGetPremium, result.UsersGetPremium);
        Assert.Equal(organization.UseCustomPermissions, result.UseCustomPermissions);
        Assert.Equal(organization.PlanType.GetProductTier() == ProductTierType.Enterprise, result.UseActivateAutofillPolicy);
        Assert.Equal(organization.UseRiskInsights, result.UseRiskInsights);
        Assert.Equal(organization.UseOrganizationDomains, result.UseOrganizationDomains);
        Assert.Equal(organization.UseAdminSponsoredFamilies, result.UseAdminSponsoredFamilies);
        Assert.Equal(organization.UseAutomaticUserConfirmation, result.UseAutomaticUserConfirmation);
        Assert.Equal(organization.SelfHost, result.SelfHost);
        Assert.Equal(organization.Seats, result.Seats);
        Assert.Equal(organization.MaxCollections, result.MaxCollections);
        Assert.Equal(organization.MaxStorageGb, result.MaxStorageGb);
        Assert.Equal(organizationDetails.Key, result.Key);
        Assert.True(result.HasPublicAndPrivateKeys);
        Assert.Equal(organization.LimitCollectionCreation, result.LimitCollectionCreation);
        Assert.Equal(organization.LimitCollectionDeletion, result.LimitCollectionDeletion);
        Assert.Equal(organization.LimitItemDeletion, result.LimitItemDeletion);
        Assert.Equal(organization.AllowAdminAccessToAllCollectionItems, result.AllowAdminAccessToAllCollectionItems);
        Assert.Equal(organizationDetails.ProviderId, result.ProviderId);
        Assert.Equal(organizationDetails.ProviderName, result.ProviderName);
        Assert.Equal(organizationDetails.ProviderType, result.ProviderType);
        Assert.Equal(organizationDetails.SsoEnabled, result.SsoEnabled);
        Assert.True(result.KeyConnectorEnabled);
        Assert.Equal("https://keyconnector.example.com", result.KeyConnectorUrl);
        Assert.Equal(MemberDecryptionType.KeyConnector, result.SsoMemberDecryptionType);
        Assert.True(result.SsoBound);
        Assert.Equal(organizationDetails.Status, result.Status);
        Assert.Equal(organizationDetails.Type, result.Type);
        Assert.Equal(organizationDetails.OrganizationUserId, result.OrganizationUserId);
        Assert.True(result.UserIsClaimedByOrganization);
        Assert.NotNull(result.Permissions);
        Assert.True(result.ResetPasswordEnrolled);
        Assert.Equal(organizationDetails.AccessSecretsManager, result.AccessSecretsManager);
        Assert.Equal(organizationDetails.FamilySponsorshipFriendlyName, result.FamilySponsorshipFriendlyName);
        Assert.Equal(organizationDetails.FamilySponsorshipLastSyncDate, result.FamilySponsorshipLastSyncDate);
        Assert.Equal(organizationDetails.FamilySponsorshipToDelete, result.FamilySponsorshipToDelete);
        Assert.Equal(organizationDetails.FamilySponsorshipValidUntil, result.FamilySponsorshipValidUntil);
        Assert.True(result.IsAdminInitiated);
        Assert.False(result.FamilySponsorshipAvailable);
    }
 }
--- a/test/Api.Test/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModelTests.cs
+++ b/test/Api.Test/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModelTests.cs
@@ -0,0 +1,129 @@
 using Bit.Api.AdminConsole.Models.Response;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Models.Data.Provider;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Extensions;
 using Bit.Core.Enums;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Xunit;
 namespace Bit.Api.Test.AdminConsole.Models.Response;
 public class ProfileProviderOrganizationResponseModelTests
 {
    [Theory, BitAutoData]
    public void Constructor_ShouldPopulatePropertiesCorrectly(Organization organization)
    {
        var userId = Guid.NewGuid();
        var providerId = Guid.NewGuid();
        var providerUserId = Guid.NewGuid();
        var organizationDetails = new ProviderUserOrganizationDetails
        {
            OrganizationId = organization.Id,
            UserId = userId,
            Name = organization.Name,
            Enabled = organization.Enabled,
            Identifier = organization.Identifier,
            PlanType = organization.PlanType,
            UsePolicies = organization.UsePolicies,
            UseSso = organization.UseSso,
            UseKeyConnector = organization.UseKeyConnector,
            UseScim = organization.UseScim,
            UseGroups = organization.UseGroups,
            UseDirectory = organization.UseDirectory,
            UseEvents = organization.UseEvents,
            UseTotp = organization.UseTotp,
            Use2fa = organization.Use2fa,
            UseApi = organization.UseApi,
            UseResetPassword = organization.UseResetPassword,
            UseSecretsManager = organization.UseSecretsManager,
            UsePasswordManager = organization.UsePasswordManager,
            UsersGetPremium = organization.UsersGetPremium,
            UseCustomPermissions = organization.UseCustomPermissions,
            UseRiskInsights = organization.UseRiskInsights,
            UseOrganizationDomains = organization.UseOrganizationDomains,
            UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies,
            UseAutomaticUserConfirmation = organization.UseAutomaticUserConfirmation,
            SelfHost = organization.SelfHost,
            Seats = organization.Seats,
            MaxCollections = organization.MaxCollections,
            MaxStorageGb = organization.MaxStorageGb,
            Key = "provider-org-key",
            PublicKey = "public-key",
            PrivateKey = "private-key",
            LimitCollectionCreation = organization.LimitCollectionCreation,
            LimitCollectionDeletion = organization.LimitCollectionDeletion,
            LimitItemDeletion = organization.LimitItemDeletion,
            AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems,
            ProviderId = providerId,
            ProviderName = "Test MSP Provider",
            ProviderType = ProviderType.Msp,
            SsoEnabled = true,
            SsoConfig = new SsoConfigurationData
            {
                MemberDecryptionType = MemberDecryptionType.TrustedDeviceEncryption
            }.Serialize(),
            Status = ProviderUserStatusType.Confirmed,
            Type = ProviderUserType.ProviderAdmin,
            ProviderUserId = providerUserId
        };
        var result = new ProfileProviderOrganizationResponseModel(organizationDetails);
        Assert.Equal("profileProviderOrganization", result.Object);
        Assert.Equal(organization.Id, result.Id);
        Assert.Equal(userId, result.UserId);
        Assert.Equal(organization.Name, result.Name);
        Assert.Equal(organization.Enabled, result.Enabled);
        Assert.Equal(organization.Identifier, result.Identifier);
        Assert.Equal(organization.PlanType.GetProductTier(), result.ProductTierType);
        Assert.Equal(organization.UsePolicies, result.UsePolicies);
        Assert.Equal(organization.UseSso, result.UseSso);
        Assert.Equal(organization.UseKeyConnector, result.UseKeyConnector);
        Assert.Equal(organization.UseScim, result.UseScim);
        Assert.Equal(organization.UseGroups, result.UseGroups);
        Assert.Equal(organization.UseDirectory, result.UseDirectory);
        Assert.Equal(organization.UseEvents, result.UseEvents);
        Assert.Equal(organization.UseTotp, result.UseTotp);
        Assert.Equal(organization.Use2fa, result.Use2fa);
        Assert.Equal(organization.UseApi, result.UseApi);
        Assert.Equal(organization.UseResetPassword, result.UseResetPassword);
        Assert.Equal(organization.UseSecretsManager, result.UseSecretsManager);
        Assert.Equal(organization.UsePasswordManager, result.UsePasswordManager);
        Assert.Equal(organization.UsersGetPremium, result.UsersGetPremium);
        Assert.Equal(organization.UseCustomPermissions, result.UseCustomPermissions);
        Assert.Equal(organization.PlanType.GetProductTier() == ProductTierType.Enterprise, result.UseActivateAutofillPolicy);
        Assert.Equal(organization.UseRiskInsights, result.UseRiskInsights);
        Assert.Equal(organization.UseOrganizationDomains, result.UseOrganizationDomains);
        Assert.Equal(organization.UseAdminSponsoredFamilies, result.UseAdminSponsoredFamilies);
        Assert.Equal(organization.UseAutomaticUserConfirmation, result.UseAutomaticUserConfirmation);
        Assert.Equal(organization.SelfHost, result.SelfHost);
        Assert.Equal(organization.Seats, result.Seats);
        Assert.Equal(organization.MaxCollections, result.MaxCollections);
        Assert.Equal(organization.MaxStorageGb, result.MaxStorageGb);
        Assert.Equal(organizationDetails.Key, result.Key);
        Assert.True(result.HasPublicAndPrivateKeys);
        Assert.Equal(organization.LimitCollectionCreation, result.LimitCollectionCreation);
        Assert.Equal(organization.LimitCollectionDeletion, result.LimitCollectionDeletion);
        Assert.Equal(organization.LimitItemDeletion, result.LimitItemDeletion);
        Assert.Equal(organization.AllowAdminAccessToAllCollectionItems, result.AllowAdminAccessToAllCollectionItems);
        Assert.Equal(organizationDetails.ProviderId, result.ProviderId);
        Assert.Equal(organizationDetails.ProviderName, result.ProviderName);
        Assert.Equal(organizationDetails.ProviderType, result.ProviderType);
        Assert.Equal(OrganizationUserStatusType.Confirmed, result.Status);
        Assert.Equal(OrganizationUserType.Owner, result.Type);
        Assert.Equal(organizationDetails.SsoEnabled, result.SsoEnabled);
        Assert.False(result.KeyConnectorEnabled);
        Assert.Null(result.KeyConnectorUrl);
        Assert.Equal(MemberDecryptionType.TrustedDeviceEncryption, result.SsoMemberDecryptionType);
        Assert.False(result.SsoBound);
        Assert.NotNull(result.Permissions);
        Assert.False(result.Permissions.ManageUsers);
        Assert.False(result.ResetPasswordEnrolled);
        Assert.False(result.AccessSecretsManager);
    }
 }
--- a/test/Api.Test/Vault/Controllers/SyncControllerTests.cs
+++ b/test/Api.Test/Vault/Controllers/SyncControllerTests.cs
@@ -285,6 +285,10 @@ public class SyncControllerTests
        providerUserRepository
            .GetManyDetailsByUserAsync(user.Id, ProviderUserStatusType.Confirmed).Returns(providerUserDetails);
        foreach (var p in providerUserOrganizationDetails)
        {
            p.SsoConfig = null;
        }
        providerUserRepository
            .GetManyOrganizationDetailsByUserAsync(user.Id, ProviderUserStatusType.Confirmed)
            .Returns(providerUserOrganizationDetails);
--- a/test/Infrastructure.IntegrationTest/AdminConsole/OrganizationTestHelpers.cs
+++ b/test/Infrastructure.IntegrationTest/AdminConsole/OrganizationTestHelpers.cs
@@ -33,14 +33,69 @@ public static class OrganizationTestHelpers
    public static Task<Organization> CreateTestOrganizationAsync(this IOrganizationRepository organizationRepository,
        int? seatCount = null,
        string identifier = "test")
-        => organizationRepository.CreateAsync(new Organization
+    {
        var id = Guid.NewGuid();
        return organizationRepository.CreateAsync(new Organization
        {
-            Name = $"{identifier}-{Guid.NewGuid()}",
+            Name = $"{identifier}-{id}",
-            BillingEmail = "billing@example.com", // TODO: EF does not enforce this being NOT NULL
+            BillingEmail = $"billing-{id}@example.com",
-            Plan = "Enterprise (Annually)", // TODO: EF does not enforce this being NOT NULl
+            Plan = "Enterprise (Annually)",
            PlanType = PlanType.EnterpriseAnnually,
-            Seats = seatCount
+            Identifier = $"{identifier}-{id}",
            BusinessName = $"Test Business {id}",
            BusinessAddress1 = "123 Test Street",
            BusinessAddress2 = "Suite 100",
            BusinessAddress3 = "Building A",
            BusinessCountry = "US",
            BusinessTaxNumber = "123456789",
            Seats = seatCount,
            MaxCollections = 50,
            UsePolicies = true,
            UseSso = true,
            UseKeyConnector = true,
            UseScim = true,
            UseGroups = true,
            UseDirectory = true,
            UseEvents = true,
            UseTotp = true,
            Use2fa = true,
            UseApi = true,
            UseResetPassword = true,
            UseSecretsManager = true,
            UsePasswordManager = true,
            SelfHost = false,
            UsersGetPremium = true,
            UseCustomPermissions = true,
            Storage = 1073741824, // 1 GB in bytes
            MaxStorageGb = 10,
            Gateway = GatewayType.Stripe,
            GatewayCustomerId = $"cus_{id}",
            GatewaySubscriptionId = $"sub_{id}",
            ReferenceData = "{\"test\":\"data\"}",
            Enabled = true,
            LicenseKey = $"license-{id}",
            PublicKey = "test-public-key",
            PrivateKey = "test-private-key",
            TwoFactorProviders = null,
            ExpirationDate = DateTime.UtcNow.AddYears(1),
            MaxAutoscaleSeats = 200,
            OwnersNotifiedOfAutoscaling = null,
            Status = OrganizationStatusType.Managed,
            SmSeats = 50,
            SmServiceAccounts = 25,
            MaxAutoscaleSmSeats = 100,
            MaxAutoscaleSmServiceAccounts = 50,
            LimitCollectionCreation = true,
            LimitCollectionDeletion = true,
            LimitItemDeletion = true,
            AllowAdminAccessToAllCollectionItems = true,
            UseRiskInsights = true,
            UseOrganizationDomains = true,
            UseAdminSponsoredFamilies = true,
            SyncSeats = false,
            UseAutomaticUserConfirmation = true
        });
    }
    /// <summary>
    /// Creates a confirmed Owner for the specified organization and user.
--- a/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs
+++ b/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs
@@ -461,13 +461,7 @@ public class OrganizationUserRepositoryTests
            KdfParallelism = 3
        });
-        var organization = await organizationRepository.CreateAsync(new Organization
+        var organization = await organizationRepository.CreateTestOrganizationAsync();
        {
            Name = "Test Org",
            BillingEmail = user1.Email, // TODO: EF does not enforce this being NOT NULL
            Plan = "Test", // TODO: EF does not enforce this being NOT NULL
            PrivateKey = "privatekey",
        });
        var orgUser1 = await organizationUserRepository.CreateAsync(new OrganizationUser
        {
@@ -536,9 +530,72 @@ public class OrganizationUserRepositoryTests
        Assert.Equal(organization.SmServiceAccounts, result.SmServiceAccounts);
        Assert.Equal(organization.LimitCollectionCreation, result.LimitCollectionCreation);
        Assert.Equal(organization.LimitCollectionDeletion, result.LimitCollectionDeletion);
        Assert.Equal(organization.LimitItemDeletion, result.LimitItemDeletion);
        Assert.Equal(organization.AllowAdminAccessToAllCollectionItems, result.AllowAdminAccessToAllCollectionItems);
        Assert.Equal(organization.UseRiskInsights, result.UseRiskInsights);
        Assert.Equal(organization.UseOrganizationDomains, result.UseOrganizationDomains);
        Assert.Equal(organization.UseAdminSponsoredFamilies, result.UseAdminSponsoredFamilies);
        Assert.Equal(organization.UseAutomaticUserConfirmation, result.UseAutomaticUserConfirmation);
    }
    [Theory, DatabaseData]
    public async Task GetManyDetailsByUserAsync_ShouldPopulateSsoPropertiesCorrectly(
        IUserRepository userRepository,
        IOrganizationRepository organizationRepository,
        IOrganizationUserRepository organizationUserRepository,
        ISsoConfigRepository ssoConfigRepository)
    {
        var user = await userRepository.CreateTestUserAsync();
        var organizationWithSso = await organizationRepository.CreateTestOrganizationAsync();
        var organizationWithoutSso = await organizationRepository.CreateTestOrganizationAsync();
        var orgUserWithSso = await organizationUserRepository.CreateAsync(new OrganizationUser
        {
            OrganizationId = organizationWithSso.Id,
            UserId = user.Id,
            Status = OrganizationUserStatusType.Confirmed,
            Type = OrganizationUserType.Owner,
            Email = user.Email
        });
        var orgUserWithoutSso = await organizationUserRepository.CreateAsync(new OrganizationUser
        {
            OrganizationId = organizationWithoutSso.Id,
            UserId = user.Id,
            Status = OrganizationUserStatusType.Confirmed,
            Type = OrganizationUserType.User,
            Email = user.Email
        });
        // Create SSO configuration for first organization only
        var serializedSsoConfigData = new SsoConfigurationData
        {
            MemberDecryptionType = MemberDecryptionType.KeyConnector,
            KeyConnectorUrl = "https://keyconnector.example.com"
        }.Serialize();
        var ssoConfig = await ssoConfigRepository.CreateAsync(new SsoConfig
        {
            OrganizationId = organizationWithSso.Id,
            Enabled = true,
            Data = serializedSsoConfigData
        });
        var results = (await organizationUserRepository.GetManyDetailsByUserAsync(user.Id)).ToList();
        Assert.Equal(2, results.Count);
        var orgWithSsoDetails = results.Single(r => r.OrganizationId == organizationWithSso.Id);
        var orgWithoutSsoDetails = results.Single(r => r.OrganizationId == organizationWithoutSso.Id);
        // Organization with SSO should have SSO properties populated
        Assert.True(orgWithSsoDetails.SsoEnabled);
        Assert.NotNull(orgWithSsoDetails.SsoConfig);
        Assert.Equal(serializedSsoConfigData, orgWithSsoDetails.SsoConfig);
        // Organization without SSO should have null SSO properties
        Assert.Null(orgWithoutSsoDetails.SsoEnabled);
        Assert.Null(orgWithoutSsoDetails.SsoConfig);
    }
    [DatabaseTheory, DatabaseData]
--- a/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/ProviderUserRepositoryTests.cs
+++ b/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/ProviderUserRepositoryTests.cs
@@ -0,0 +1,142 @@
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Entities.Provider;
 using Bit.Core.AdminConsole.Enums.Provider;
 using Bit.Core.AdminConsole.Models.Data.Provider;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Entities;
 using Bit.Core.Repositories;
 using Xunit;
 namespace Bit.Infrastructure.IntegrationTest.AdminConsole.Repositories;
 public class ProviderUserRepositoryTests
 {
    [Theory, DatabaseData]
    public async Task GetManyOrganizationDetailsByUserAsync_ShouldPopulatePropertiesCorrectly(
        IUserRepository userRepository,
        IOrganizationRepository organizationRepository,
        IProviderRepository providerRepository,
        IProviderUserRepository providerUserRepository,
        IProviderOrganizationRepository providerOrganizationRepository,
        ISsoConfigRepository ssoConfigRepository)
    {
        var user = await userRepository.CreateTestUserAsync();
        var organizationWithSso = await organizationRepository.CreateTestOrganizationAsync();
        var organizationWithoutSso = await organizationRepository.CreateTestOrganizationAsync();
        var provider = await providerRepository.CreateAsync(new Provider
        {
            Name = "Test Provider",
            Enabled = true,
            Type = ProviderType.Msp
        });
        var providerUser = await providerUserRepository.CreateAsync(new ProviderUser
        {
            ProviderId = provider.Id,
            UserId = user.Id,
            Status = ProviderUserStatusType.Confirmed,
            Type = ProviderUserType.ProviderAdmin
        });
        var providerOrganizationWithSso = await providerOrganizationRepository.CreateAsync(new ProviderOrganization
        {
            ProviderId = provider.Id,
            OrganizationId = organizationWithSso.Id
        });
        var providerOrganizationWithoutSso = await providerOrganizationRepository.CreateAsync(new ProviderOrganization
        {
            ProviderId = provider.Id,
            OrganizationId = organizationWithoutSso.Id
        });
        // Create SSO configuration for first organization only
        var serializedSsoConfigData = new SsoConfigurationData
        {
            MemberDecryptionType = MemberDecryptionType.KeyConnector,
            KeyConnectorUrl = "https://keyconnector.example.com"
        }.Serialize();
        var ssoConfig = await ssoConfigRepository.CreateAsync(new SsoConfig
        {
            OrganizationId = organizationWithSso.Id,
            Enabled = true,
            Data = serializedSsoConfigData
        });
        var results = (await providerUserRepository.GetManyOrganizationDetailsByUserAsync(user.Id, ProviderUserStatusType.Confirmed)).ToList();
        Assert.Equal(2, results.Count);
        var orgWithSsoDetails = results.Single(r => r.OrganizationId == organizationWithSso.Id);
        var orgWithoutSsoDetails = results.Single(r => r.OrganizationId == organizationWithoutSso.Id);
        // Verify all properties for both organizations
        AssertProviderOrganizationDetails(orgWithSsoDetails, organizationWithSso, user, provider, providerUser);
        AssertProviderOrganizationDetails(orgWithoutSsoDetails, organizationWithoutSso, user, provider, providerUser);
        // Organization without SSO should have null SSO properties
        Assert.Null(orgWithoutSsoDetails.SsoEnabled);
        Assert.Null(orgWithoutSsoDetails.SsoConfig);
        // Organization with SSO should have SSO properties populated
        Assert.True(orgWithSsoDetails.SsoEnabled);
        Assert.NotNull(orgWithSsoDetails.SsoConfig);
        Assert.Equal(serializedSsoConfigData, orgWithSsoDetails.SsoConfig);
    }
    private static void AssertProviderOrganizationDetails(
        ProviderUserOrganizationDetails actual,
        Organization expectedOrganization,
        User expectedUser,
        Provider expectedProvider,
        ProviderUser expectedProviderUser)
    {
        // Organization properties
        Assert.Equal(expectedOrganization.Id, actual.OrganizationId);
        Assert.Equal(expectedUser.Id, actual.UserId);
        Assert.Equal(expectedOrganization.Name, actual.Name);
        Assert.Equal(expectedOrganization.UsePolicies, actual.UsePolicies);
        Assert.Equal(expectedOrganization.UseSso, actual.UseSso);
        Assert.Equal(expectedOrganization.UseKeyConnector, actual.UseKeyConnector);
        Assert.Equal(expectedOrganization.UseScim, actual.UseScim);
        Assert.Equal(expectedOrganization.UseGroups, actual.UseGroups);
        Assert.Equal(expectedOrganization.UseDirectory, actual.UseDirectory);
        Assert.Equal(expectedOrganization.UseEvents, actual.UseEvents);
        Assert.Equal(expectedOrganization.UseTotp, actual.UseTotp);
        Assert.Equal(expectedOrganization.Use2fa, actual.Use2fa);
        Assert.Equal(expectedOrganization.UseApi, actual.UseApi);
        Assert.Equal(expectedOrganization.UseResetPassword, actual.UseResetPassword);
        Assert.Equal(expectedOrganization.UsersGetPremium, actual.UsersGetPremium);
        Assert.Equal(expectedOrganization.UseCustomPermissions, actual.UseCustomPermissions);
        Assert.Equal(expectedOrganization.SelfHost, actual.SelfHost);
        Assert.Equal(expectedOrganization.Seats, actual.Seats);
        Assert.Equal(expectedOrganization.MaxCollections, actual.MaxCollections);
        Assert.Equal(expectedOrganization.MaxStorageGb, actual.MaxStorageGb);
        Assert.Equal(expectedOrganization.Identifier, actual.Identifier);
        Assert.Equal(expectedOrganization.PublicKey, actual.PublicKey);
        Assert.Equal(expectedOrganization.PrivateKey, actual.PrivateKey);
        Assert.Equal(expectedOrganization.Enabled, actual.Enabled);
        Assert.Equal(expectedOrganization.PlanType, actual.PlanType);
        Assert.Equal(expectedOrganization.LimitCollectionCreation, actual.LimitCollectionCreation);
        Assert.Equal(expectedOrganization.LimitCollectionDeletion, actual.LimitCollectionDeletion);
        Assert.Equal(expectedOrganization.LimitItemDeletion, actual.LimitItemDeletion);
        Assert.Equal(expectedOrganization.AllowAdminAccessToAllCollectionItems, actual.AllowAdminAccessToAllCollectionItems);
        Assert.Equal(expectedOrganization.UseRiskInsights, actual.UseRiskInsights);
        Assert.Equal(expectedOrganization.UseOrganizationDomains, actual.UseOrganizationDomains);
        Assert.Equal(expectedOrganization.UseAdminSponsoredFamilies, actual.UseAdminSponsoredFamilies);
        Assert.Equal(expectedOrganization.UseAutomaticUserConfirmation, actual.UseAutomaticUserConfirmation);
        // Provider-specific properties
        Assert.Equal(expectedProvider.Id, actual.ProviderId);
        Assert.Equal(expectedProvider.Name, actual.ProviderName);
        Assert.Equal(expectedProvider.Type, actual.ProviderType);
        Assert.Equal(expectedProviderUser.Id, actual.ProviderUserId);
        Assert.Equal(expectedProviderUser.Status, actual.Status);
        Assert.Equal(expectedProviderUser.Type, actual.Type);
    }
 }
--- a/util/Migrator/DbScripts/2025-10-22_00_ProviderUserOrganizationSsoData.sql
+++ b/util/Migrator/DbScripts/2025-10-22_00_ProviderUserOrganizationSsoData.sql
@@ -0,0 +1,64 @@
 CREATE OR ALTER VIEW [dbo].[ProviderUserProviderOrganizationDetailsView]
 AS
 SELECT
    PU.[UserId],
    PO.[OrganizationId],
    O.[Name],
    O.[Enabled],
    O.[UsePolicies],
    O.[UseSso],
    O.[UseKeyConnector],
    O.[UseScim],
    O.[UseGroups],
    O.[UseDirectory],
    O.[UseEvents],
    O.[UseTotp],
    O.[Use2fa],
    O.[UseApi],
    O.[UseResetPassword],
    O.[UseSecretsManager],
    O.[UsePasswordManager],
    O.[SelfHost],
    O.[UsersGetPremium],
    O.[UseCustomPermissions],
    O.[Seats],
    O.[MaxCollections],
    O.[MaxStorageGb],
    O.[Identifier],
    PO.[Key],
    O.[PublicKey],
    O.[PrivateKey],
    PU.[Status],
    PU.[Type],
    PO.[ProviderId],
    PU.[Id] ProviderUserId,
    P.[Name] ProviderName,
    O.[PlanType],
    O.[LimitCollectionCreation],
    O.[LimitCollectionDeletion],
    O.[AllowAdminAccessToAllCollectionItems],
    O.[UseRiskInsights],
    O.[UseAdminSponsoredFamilies],
    P.[Type] ProviderType,
    O.[LimitItemDeletion],
    O.[UseOrganizationDomains],
    O.[UseAutomaticUserConfirmation],
    SS.[Enabled] SsoEnabled,
    SS.[Data] SsoConfig
 FROM
    [dbo].[ProviderUser] PU
 INNER JOIN
    [dbo].[ProviderOrganization] PO ON PO.[ProviderId] = PU.[ProviderId]
 INNER JOIN
    [dbo].[Organization] O ON O.[Id] = PO.[OrganizationId]
 INNER JOIN
    [dbo].[Provider] P ON P.[Id] = PU.[ProviderId]
 LEFT JOIN
    [dbo].[SsoConfig] SS ON SS.[OrganizationId] = O.[Id]
 GO
 IF OBJECT_ID('[dbo].[ProviderUserProviderOrganizationDetails_ReadByUserIdStatus]') IS NOT NULL
 BEGIN
    EXECUTE sp_refreshsqlmodule N'[dbo].[ProviderUserProviderOrganizationDetails_ReadByUserIdStatus]';
 END
 GO