feat(ui): Self-serve SSO within OrganizationProfile

[LauraBeatris]

Description

Introduces "Single Sign-On" section in OrganizationProfile, if self-serve SSO is enabled for the organization

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

[changeset-bot]

🦋 Changeset detected

Latest commit: d951d19

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 20 packages

Name	Type
@clerk/localizations	Minor
@clerk/clerk-js	Minor
@clerk/shared	Minor
@clerk/ui	Minor
@clerk/react	Patch
@clerk/chrome-extension	Patch
@clerk/expo	Patch
@clerk/astro	Patch
@clerk/backend	Patch
@clerk/expo-passkeys	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/hono	Patch
@clerk/msw	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch
@clerk/vue	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	May 21, 2026 5:45pm

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8600

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8600

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8600

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8600

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@8600

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8600

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8600

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8600

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8600

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8600

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8600

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8600

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8600

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8600

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8600

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8600

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8600

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8600

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8600

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8600

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8600

commit: d951d19

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 928a4f46-2068-434e-902a-4c009d401bc2

📥 Commits

Reviewing files that changed from the base of the PR and between 6f5a23a and d951d19.

📒 Files selected for processing (6)

• .changeset/dull-plums-sleep.md
• packages/clerk-js/src/core/resources/__tests__/Organization.test.ts
• packages/shared/src/types/organization.ts
• packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx
• packages/ui/src/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/ui/src/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx

💤 Files with no reviewable changes (2)

• packages/shared/src/types/organization.ts
• packages/clerk-js/src/core/resources/tests/Organization.test.ts

✅ Files skipped from review due to trivial changes (1)

• .changeset/dull-plums-sleep.md

---

📝 Walkthrough

Walkthrough

This PR adds organization-level self-serve SSO support: a boolean flag on the Organization resource (wiring in clerk-js, types, and snapshot), a localization entry and icon, exported ConfigureSSO protect/content components with an updated permission key, a conditional Organization Self-Serve SSO page and route integrated into the custom pages pipeline, fixture/test updates, and a changeset marking the packages as minor releases.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• clerk/javascript#8544: Both PRs touch the enterprise SSO ConfigureSSO flow and related tests/localization.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main feature being added: introducing a Self-serve SSO section within the OrganizationProfile component, which aligns with the substantial changes across multiple files.
Description check	✅ Passed	The description is directly related to the changeset, explaining that it introduces a Single Sign-On section in OrganizationProfile when self-serve SSO is enabled, with supporting screenshot and testing checklist.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx (1)

37-41: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Permission mismatch between test and implementation.

The test grants org:sys_enterprise_connections:manage but ConfigureSSOProtect now checks for org:sys_entconns:manage. This test will fail because the user won't have the required permission.

🐛 Proposed fix

         f.withUser({
           email_addresses: ['test@clerk.com'],
-          organization_memberships: [{ name: 'Org1', permissions: ['org:sys_enterprise_connections:manage'] }],
+          organization_memberships: [{ name: 'Org1', permissions: ['org:sys_entconns:manage'] }],
         });

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx`
around lines 37 - 41, The test grants the old permission string so
ConfigureSSOProtect's permission check fails; update the test user setup in
ConfigureSSO.test.tsx (the f.withUser call) to use the new permission key
'org:sys_entconns:manage' instead of 'org:sys_enterprise_connections:manage' so
the user has the permission that ConfigureSSOProtect checks for.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx`:
- Around line 37-41: The test grants the old permission string so
ConfigureSSOProtect's permission check fails; update the test user setup in
ConfigureSSO.test.tsx (the f.withUser call) to use the new permission key
'org:sys_entconns:manage' instead of 'org:sys_enterprise_connections:manage' so
the user has the permission that ConfigureSSOProtect checks for.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: e66b12c4-cc3b-4435-9dde-6c76b5ce8c7e

📥 Commits

Reviewing files that changed from the base of the PR and between 377350d and 384aab2.

⛔ Files ignored due to path filters (1)

• packages/ui/src/icons/connections.svg is excluded by !**/*.svg

📒 Files selected for processing (18)

• packages/backend/src/api/resources/JSON.ts
• packages/backend/src/api/resources/Organization.ts
• packages/clerk-js/src/core/resources/Organization.ts
• packages/clerk-js/src/core/resources/__tests__/Organization.test.ts
• packages/localizations/src/en-US.ts
• packages/shared/src/types/json.ts
• packages/shared/src/types/localization.ts
• packages/shared/src/types/organization.ts
• packages/ui/src/components/ConfigureSSO/ConfigureSSO.tsx
• packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx
• packages/ui/src/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/ui/src/components/OrganizationProfile/OrganizationSelfServeSSOPage.tsx
• packages/ui/src/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx
• packages/ui/src/constants.ts
• packages/ui/src/contexts/components/OrganizationProfile.ts
• packages/ui/src/icons/index.ts
• packages/ui/src/test/fixture-helpers.ts
• packages/ui/src/utils/createCustomPages.tsx

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx (1)

32-51: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Test fixture uses outdated permission key.

The test fixture at line 39 uses org:sys_enterprise_connections:manage but the implementation in ConfigureSSOProtect now checks for org:sys_entconns:manage. This test passes coincidentally because it grants permissions the component no longer checks for, meaning it doesn't validate the actual authorization logic.

🐛 Proposed fix to use the correct permission key

         organization_memberships: [{ name: 'Org1', permissions: ['org:sys_enterprise_connections:manage'] }],
+        organization_memberships: [{ name: 'Org1', permissions: ['org:sys_entconns:manage'] }],

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx`
around lines 32 - 51, The test grants the old permission key so it doesn't
validate the component's current check; update the permission string in the
fixture used by ConfigureSSO.test.tsx from
"org:sys_enterprise_connections:manage" to the current key
"org:sys_entconns:manage" (the user object created in the createFixtures call /
organization_memberships array) so ConfigureSSO/ConfigureSSOProtect's permission
check is exercised correctly.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@packages/ui/src/components/OrganizationProfile/OrganizationProfileRoutes.tsx`:
- Around line 153-161: The lazy-loaded OrganizationSelfServeSSOPage is rendered
without a Suspense boundary; wrap its usage inside a React.Suspense with an
appropriate fallback (matching other routes like
OrganizationBillingPage/OrganizationAPIKeysPage) so the lazy import can load
without throwing; update the JSX in OrganizationProfileRoutes where
OrganizationSelfServeSSOPage is rendered (the Route/Route index block) to
include a Suspense wrapper around <OrganizationSelfServeSSOPage />.

---

Outside diff comments:
In `@packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx`:
- Around line 32-51: The test grants the old permission key so it doesn't
validate the component's current check; update the permission string in the
fixture used by ConfigureSSO.test.tsx from
"org:sys_enterprise_connections:manage" to the current key
"org:sys_entconns:manage" (the user object created in the createFixtures call /
organization_memberships array) so ConfigureSSO/ConfigureSSOProtect's permission
check is exercised correctly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 530d621d-2e90-4427-ae47-e3508d7ee3f1

📥 Commits

Reviewing files that changed from the base of the PR and between 384aab2 and 07abb56.

⛔ Files ignored due to path filters (1)

• packages/ui/src/icons/connections.svg is excluded by !**/*.svg

📒 Files selected for processing (16)

• packages/clerk-js/src/core/resources/Organization.ts
• packages/clerk-js/src/core/resources/__tests__/Organization.test.ts
• packages/localizations/src/en-US.ts
• packages/shared/src/types/json.ts
• packages/shared/src/types/localization.ts
• packages/shared/src/types/organization.ts
• packages/ui/src/components/ConfigureSSO/ConfigureSSO.tsx
• packages/ui/src/components/ConfigureSSO/__tests__/ConfigureSSO.test.tsx
• packages/ui/src/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/ui/src/components/OrganizationProfile/OrganizationSelfServeSSOPage.tsx
• packages/ui/src/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx
• packages/ui/src/constants.ts
• packages/ui/src/contexts/components/OrganizationProfile.ts
• packages/ui/src/icons/index.ts
• packages/ui/src/test/fixture-helpers.ts
• packages/ui/src/utils/createCustomPages.tsx

✅ Files skipped from review due to trivial changes (1)

• packages/ui/src/test/fixture-helpers.ts