Create your organization
A self-service sign-up: name your organization, verify your email with a one-time code, and land in the admin console as its owner.
Creating an organization on Obexal is fully self-service: no sales contact, no manual provisioning. The person who creates it becomes its owner, with every administrative permission, and is signed in immediately.
Create your organization from the browser
- Open
https://accounts.obexal.com/create-organization. - Enter the organization name (2 to 60 characters), your email address and a password (12 characters minimum under the default policy).
- Obexal sends a 6-digit code to that address. Enter it to prove you control the mailbox.
- The organization is created, your account receives the owner role, and a session is opened automatically: you land directly in the admin console with a verified email.
Nothing is created until the code is validated: submitting the form only sends the code. It stays valid for 10 minutes, with 5 attempts, and the same screen lets you request a new one.
An email address can own only one organization: if yours already does, the sign-up is refused with org_email_exists and you are pointed to sign-in instead.
Your organization address
Every organization has a unique, permanent identifier: its slug. In the browser flow it is generated automatically (in the form org-xxxxxxxx). Through the API you can choose it: 3 to 32 characters, lowercase letters, digits and hyphens, with neither a leading nor a trailing hyphen. Infrastructure words (admin, api, login, www and others) are reserved.
Check availability before submitting:
curl "https://accounts.obexal.com/v1/auth/org/slug-available?slug=acme"
# {"available":true}
# or {"available":false,"reason":"taken"} with reason: invalid | reserved | takenThe slug cannot be changed afterwards. For a branded sign-in URL, connect a custom domain rather than relying on the slug.
Create an organization through the API
The same steps, over JSON. Start the sign-up (this sends the code, nothing else happens yet):
curl -sS -X POST https://accounts.obexal.com/v1/auth/org/signup \
-H 'Content-Type: application/json' \
-d '{"organizationName":"Acme","slug":"acme","email":"owner@example.eu","password":"'"$OWNER_PASSWORD"'"}'
# 200 -> {"otpRequired":true,"token":"<challenge>","email":"owner@example.eu","codeLength":6}Then confirm the code, which actually creates the organization:
curl -sS -X POST https://accounts.obexal.com/v1/auth/org/signup/verify \
-H 'Content-Type: application/json' \
-d '{"token":"<challenge>","code":"123456"}'
# 201 -> {"tenant":{"name":"Acme","slug":"acme","dataRegion":"eu"},"autoLogin":true}
# The response also sets the session cookie of the new owner (auto-login).POST /v1/auth/org/signup/resend with the current token returns a fresh challenge (new token, new code); the previous one stops working. All three endpoints are public and rate limited per IP: expect 429 rate_limited under repeated calls. Other errors: 409 org_email_exists, 409 slug_taken, 400 slug_invalid, 400 invalid_request.
How sign-in finds your organization
Users always sign in at https://accounts.obexal.com (or your custom domain, which replaces it everywhere). The organization is resolved in this order:
- Custom domain: a request arriving on a verified custom domain is scoped to your organization.
- Explicit slug: the hosted sign-in page accepts
?tenant=<slug>; API clients send the same information in theX-Obexal-Tenantheader. - Email address: without explicit context, if the address belongs to exactly one organization, sign-in is routed there. The "one email owns one organization" rule keeps this resolution unambiguous.
Where your organization lives
Every organization is created with dataRegion: "eu": hosted in France, in a datacenter in the Paris region, with data residency in the European Union. It is the only region available today. See Data residency and sovereignty.
Next steps
- Connect your first app: OIDC with PKCE, end to end.
- Invite your team: the directory works on an invitation model.