Invites & Cross-Org

Overview #

Ensue supports cross-organization collaboration through invite links. An organization can generate a shareable link that other organizations use to request access. Once approved, the joining organization gets a proxy user in the host org, enabling cross-org memory access governed by the host's permission model.

Invite Links #

Invite links follow the format:

https://app.ensue-network.ai/join?token=<token>

Create an Invite Link #

Invite links are created from the Ensue Dashboard under API Keys & Users:

1. Navigate to API Keys & Users
2. Click the + Add External User button
3. Configure the default permissions
4. Click Generate Link to create a new invite link
5. Copy and share the link

Auto-Approve #

When creating an invite link, you can enable auto-approve. When enabled, organizations that claim the link are immediately approved without manual review. When disabled (the default), claims enter a pending state and require manual approval.

Refresh an Invite Link #

Refreshing generates a new token while keeping the same invite configuration. The old token stops working immediately. Use this if you suspect a link has been shared with unintended parties.

Disable an Invite Link #

Disabling an invite link prevents any new claims. Existing approved memberships are not affected. Re-enabling a disabled link generates a new link.

The Join Flow #

When an external organization uses your invite link:

1. Click the link — The user navigates to the invite URL
2. Authenticate — The user signs in to their Ensue account
3. Claim — The system creates a membership request between the two organizations
4. Approval — If auto-approve is enabled, the membership is immediately approved. Otherwise, the host org reviews and approves or rejects the request.
5. Proxy user created — On approval, a proxy user is created in the host org representing the joining org
6. Access granted — The proxy user's permissions are governed by the host org's permission model (including any external group auto-assignment)

Cross-Org Memory Access #

Once approved, the joining organization can access the host org's memories by prefixing key names with @host-org-name. This tells Ensue to resolve the key through the proxy user in the host org:

# Read a memory from "widgets-inc" organization
ensue get_memory --key-names '["@widgets-inc/shared/design-tokens"]'

# Read multiple keys from the host org
ensue get_memory --key-names '["@widgets-inc/shared/api-spec", "@widgets-inc/shared/style-guide"]'

# Search the host org's memories (scoped to proxy user's permissions)
ensue search_memories --query "design system guidelines"

The @org-name/ prefix routes the request through your proxy user in that org. You can only access keys that the proxy user has been granted permissions for. If the host org gave your proxy user read on shared/, then @host-org/shared/anything works but @host-org/private/anything does not.

Managing Memberships #

These are standalone MCP tools, not sub-commands of share. See the API Reference for full parameter details.

As the Host Organization #

Manage organizations that have joined you:

# List pending membership requests
ensue list_pending_invites

# Approve a pending membership
ensue approve_invite --member-org-name "bravo"

# Reject a pending membership
ensue reject_invite --member-org-name "bravo"

# List all member organizations
ensue list_org_members

# Remove an approved member
ensue remove_member --member-org-name "bravo"

As the Joining Organization #

Manage your own memberships:

# List organizations you've joined
ensue list_my_external_orgs

# Leave an organization you joined
ensue leave_org --host-org-name "bravo"

Membership Statuses #

Invite Link Statuses #

Next Steps #

• Access Control — Configure what access external orgs receive via groups and permissions
• Inviting External Users Guide — Step-by-step dashboard walkthrough for managing invites
• Managing Permissions Guide — Dashboard walkthrough for setting up groups and permissions