organization-best-practices
Multi-tenant organization setup with member management, role-based access control, and team support via Better Auth.
- Configure organizations with customizable creation rules, membership limits, and ownership constraints; creators automatically receive the owner role
- Manage members and invitations with email delivery, expiration windows, and shareable invitation URLs; support multiple roles per member
- Define custom roles and permissions with dynamic access control; check permissions server-side via
hasPermissionendpoint or client-side viacheckRolePermission - Create and manage teams within organizations with configurable member and team limits; set active teams to scope API calls
- Use lifecycle hooks (beforeCreate, afterCreate, beforeDelete) and schema customization to extend default behavior and integrate with external systems
Setup
- Add
organization()plugin to server config - Add
organizationClient()plugin to client config - Run
npx @better-auth/cli migrate - Verify: check that organization, member, invitation tables exist in your database
import { betterAuth } from "better-auth";
import { organization } from "better-auth/plugins";
export const auth = betterAuth({
plugins: [
organization({
allowUserToCreateOrganization: true,
organizationLimit: 5, // Max orgs per user
membershipLimit: 100, // Max members per org
}),
],
More from better-auth/skills
better-auth-best-practices
Configure Better Auth server and client, set up database adapters, manage sessions, add plugins, and handle environment variables. Use when users mention Better Auth, betterauth, auth.ts, or need to set up TypeScript authentication with email/password, OAuth, or plugin configuration.
49.2Kcreate-auth-skill
Scaffold and implement authentication in TypeScript/JavaScript apps using Better Auth. Detect frameworks, configure database adapters, set up route handlers, add OAuth providers, and create auth UI pages. Use when users want to add login, sign-up, or authentication to a new or existing project with Better Auth.
20.5Kemail-and-password-best-practices
Configure email verification, implement password reset flows, set password policies, and customise hashing algorithms for Better Auth email/password authentication. Use when users need to set up login, sign-in, sign-up, credential authentication, or password security with Better Auth.
15.6Ktwo-factor-authentication-best-practices
Configure TOTP authenticator apps, send OTP codes via email/SMS, manage backup codes, handle trusted devices, and implement 2FA sign-in flows using Better Auth's twoFactor plugin. Use when users need MFA, multi-factor authentication, authenticator setup, or login security with Better Auth.
13.8Kemail & password best practices
This skill provides guidance and enforcement rules for implementing secure email and password authentication using Better Auth.
2two-factor authentication best practices
Configure TOTP authenticator apps, send OTP codes via email/SMS, manage backup codes, handle trusted devices, and implement 2FA sign-in flows using Better Auth's twoFactor plugin. Use when users need MFA, multi-factor authentication, authenticator setup, or login security with Better Auth.
1