Organization Settings
Data Entity
Description
Per-organization configuration record storing operational settings, branding preferences, support access grants, and platform behavior overrides for a single tenant. One row per organization — the authoritative configuration source for all tenant-scoped runtime behavior.
Data Structure
| Name | Type | Description | Constraints |
|---|---|---|---|
id |
uuid |
Primary key | PKrequiredunique |
organization_id |
uuid |
FK to organizations. One-to-one relationship — each organization has exactly one settings row. | requiredunique |
display_name |
string |
Public-facing name of the organization as shown in the app and admin portal. Overrides the canonical organizations.name for display purposes. | required |
logo_url |
string |
URL to the organization's logo stored in cloud storage. Displayed in the mobile app header and admin portal. | - |
primary_color |
string |
Hex color code for tenant-specific theming (e.g. #1A73E8). Applied to primary buttons and accent elements in the mobile app. | - |
support_access_enabled |
boolean |
Whether Global Admin (Norse Digital Products) support access is currently granted for this organization. | required |
support_access_expires_at |
datetime |
Timestamp at which support access automatically expires. NULL when support_access_enabled is false. Revocation or expiry immediately removes Norse Global Admin access to this org's operational data. | - |
support_access_granted_by_user_id |
uuid |
FK to users — the Org Admin who last granted support access. Used for audit trail. | - |
support_access_granted_at |
datetime |
Timestamp when support access was most recently granted. | - |
default_language |
enum |
Default UI language for this organization's users. | required |
timezone |
string |
IANA timezone identifier for the organization (e.g. Europe/Oslo). Used for activity timestamp display and report date boundaries. | required |
country_code |
string |
ISO 3166-1 alpha-2 country code for the organization (e.g. NO). Drives locale defaults and regulatory feature eligibility. | required |
contact_email |
string |
Primary administrative contact email for platform communications to this organization. | - |
max_users |
integer |
Maximum number of active users allowed for this organization. NULL means unlimited. Enforced at user invite time. | - |
bufdir_organization_id |
string |
Organization's identifier in the Bufdir reporting system. Required before Bufdir reports can be exported. NULL until configured. | - |
bufdir_grant_year |
integer |
Current Bufdir grant year for report period scoping. Used in Bufdir report generation. | - |
accounting_system |
enum |
Accounting system integration target for this organization. | - |
accounting_api_endpoint |
string |
Base URL of the organization's accounting system API. Only relevant when accounting_system != none. | - |
accounting_api_credentials_encrypted |
text |
AES-256 encrypted JSON blob containing API credentials for the accounting system. Decrypted only by accounting-api-adapter at sync time. | - |
expense_auto_approval_threshold_km |
integer |
Kilometre threshold below which expense claims are auto-approved without manual review. NULL disables auto-approval. | - |
expense_receipt_required_above_nok |
integer |
Expense amount in NOK above which a receipt photo is required. Default 100 NOK per HLF requirement. | - |
external_portal_url |
string |
URL of the organization's external member portal (e.g. HLF's Dynamics 'min side'). Used by External Portal Integration feature. | - |
external_portal_integration_enabled |
boolean |
Whether the external portal integration is active for this organization. | required |
onboarding_completed_at |
datetime |
Timestamp when the organization completed initial onboarding setup. NULL while onboarding is still in progress. | - |
created_at |
datetime |
Row creation timestamp. Set once at organization provisioning. | required |
updated_at |
datetime |
Last modification timestamp. Updated on every write. | required |
Database Indexes
idx_organization_settings_organization_id
Columns: organization_id
idx_organization_settings_support_access
Columns: support_access_enabled, support_access_expires_at
Validation Rules
primary_color_hex_format
error
Validation failed
support_access_expiry_future
error
Validation failed
support_access_expiry_required_when_enabled
error
Validation failed
accounting_endpoint_required_with_system
error
Validation failed
timezone_valid_iana
error
Validation failed
expense_thresholds_non_negative
error
Validation failed
Business Rules
one_settings_row_per_organization
Exactly one organization_settings row must exist per organization. The row is provisioned automatically when the organization record is created and is never deleted independently.
support_access_expiry_enforcement
When support_access_expires_at is reached, support_access_enabled must be treated as false by all authorization checks. The auth middleware reads this field on every Global Admin request to an org-scoped endpoint and denies access if expired, even if the boolean flag was not explicitly reset.
support_access_audit_required
Every grant or revocation of support access must produce an audit log entry scoped to the organization, recording the Org Admin who acted, the expiry date set, and the timestamp.
accounting_credentials_encrypted_at_rest
accounting_api_credentials_encrypted must never be stored in plaintext. The accounting-api-adapter is the only component permitted to decrypt this field; it must not be returned to any API response.
bufdir_id_required_before_export
bufdir_organization_id must be non-null before the bufdir-report-service is allowed to generate or export a Bufdir report for this organization.
settings_page_org_admin_only
Only Organization Admins and Global Admins (with active support access) may read or modify this record. Coordinators and Peer Mentors have no access.