diff --git a/src/Api/AdminConsole/Controllers/BaseAdminConsoleController.cs b/src/Api/AdminConsole/Controllers/BaseAdminConsoleController.cs
new file mode 100644
index 0000000000..9b147c3c54
--- /dev/null
+++ b/src/Api/AdminConsole/Controllers/BaseAdminConsoleController.cs
@@ -0,0 +1,26 @@
+using Bit.Core.AdminConsole.Utilities.v2;
+using Bit.Core.AdminConsole.Utilities.v2.Results;
+using Bit.Core.Models.Api;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Api.AdminConsole.Controllers;
+
+public abstract class BaseAdminConsoleController : Controller
+{
+    protected static IResult Handle(CommandResult commandResult) =>
+        commandResult.Match<IResult>(
+            error => error switch
+            {
+                BadRequestError badRequest => TypedResults.BadRequest(new ErrorResponseModel(badRequest.Message)),
+                NotFoundError notFound => TypedResults.NotFound(new ErrorResponseModel(notFound.Message)),
+                InternalError internalError => TypedResults.Json(
+                    new ErrorResponseModel(internalError.Message),
+                    statusCode: StatusCodes.Status500InternalServerError),
+                _ => TypedResults.Json(
+                    new ErrorResponseModel(error.Message),
+                    statusCode: StatusCodes.Status500InternalServerError
+                )
+            },
+            _ => TypedResults.NoContent()
+        );
+}
diff --git a/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs b/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs
index 4b9f7e5d71..155b60ce5b 100644
--- a/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs
+++ b/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs
@@ -11,8 +11,10 @@ using Bit.Api.Models.Response;
 using Bit.Api.Vault.AuthorizationHandlers.Collections;
 using Bit.Core;
 using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.AccountRecovery;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;
@@ -20,6 +22,7 @@ using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RestoreUser.v
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.AdminConsole.Utilities.v2;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Billing.Pricing;
@@ -43,7 +46,7 @@ namespace Bit.Api.AdminConsole.Controllers;
 
 [Route("organizations/{orgId}/users")]
 [Authorize("Application")]
-public class OrganizationUsersController : Controller
+public class OrganizationUsersController : BaseAdminConsoleController
 {
     private readonly IOrganizationRepository _organizationRepository;
     private readonly IOrganizationUserRepository _organizationUserRepository;
@@ -68,6 +71,7 @@ public class OrganizationUsersController : Controller
     private readonly IFeatureService _featureService;
     private readonly IPricingClient _pricingClient;
     private readonly IResendOrganizationInviteCommand _resendOrganizationInviteCommand;
+    private readonly IAutomaticallyConfirmOrganizationUserCommand _automaticallyConfirmOrganizationUserCommand;
     private readonly IConfirmOrganizationUserCommand _confirmOrganizationUserCommand;
     private readonly IRestoreOrganizationUserCommand _restoreOrganizationUserCommand;
     private readonly IInitPendingOrganizationCommand _initPendingOrganizationCommand;
@@ -101,7 +105,8 @@ public class OrganizationUsersController : Controller
         IInitPendingOrganizationCommand initPendingOrganizationCommand,
         IRevokeOrganizationUserCommand revokeOrganizationUserCommand,
         IResendOrganizationInviteCommand resendOrganizationInviteCommand,
-        IAdminRecoverAccountCommand adminRecoverAccountCommand)
+        IAdminRecoverAccountCommand adminRecoverAccountCommand,
+        IAutomaticallyConfirmOrganizationUserCommand automaticallyConfirmOrganizationUserCommand)
     {
         _organizationRepository = organizationRepository;
         _organizationUserRepository = organizationUserRepository;
@@ -126,6 +131,7 @@ public class OrganizationUsersController : Controller
         _featureService = featureService;
         _pricingClient = pricingClient;
         _resendOrganizationInviteCommand = resendOrganizationInviteCommand;
+        _automaticallyConfirmOrganizationUserCommand = automaticallyConfirmOrganizationUserCommand;
         _confirmOrganizationUserCommand = confirmOrganizationUserCommand;
         _restoreOrganizationUserCommand = restoreOrganizationUserCommand;
         _initPendingOrganizationCommand = initPendingOrganizationCommand;
@@ -738,6 +744,31 @@ public class OrganizationUsersController : Controller
         await BulkEnableSecretsManagerAsync(orgId, model);
     }
 
+    [HttpPost("{id}/auto-confirm")]
+    [Authorize<ManageUsersRequirement>]
+    [RequireFeature(FeatureFlagKeys.AutomaticConfirmUsers)]
+    public async Task<IResult> AutomaticallyConfirmOrganizationUserAsync([FromRoute] Guid orgId,
+        [FromRoute] Guid id,
+        [FromBody] OrganizationUserConfirmRequestModel model)
+    {
+        var userId = _userService.GetProperUserId(User);
+
+        if (userId is null || userId.Value == Guid.Empty)
+        {
+            return TypedResults.Unauthorized();
+        }
+
+        return Handle(await _automaticallyConfirmOrganizationUserCommand.AutomaticallyConfirmOrganizationUserAsync(
+            new AutomaticallyConfirmOrganizationUserRequest
+            {
+                OrganizationId = orgId,
+                OrganizationUserId = id,
+                Key = model.Key,
+                DefaultUserCollectionName = model.DefaultUserCollectionName,
+                PerformedBy = new StandardUser(userId.Value, await _currentContext.OrganizationOwner(orgId)),
+            }));
+    }
+
     private async Task RestoreOrRevokeUserAsync(
         Guid orgId,
         Guid id,
diff --git a/src/Core/AdminConsole/Enums/EventType.cs b/src/Core/AdminConsole/Enums/EventType.cs
index 8073938fc5..09cda7ca0e 100644
--- a/src/Core/AdminConsole/Enums/EventType.cs
+++ b/src/Core/AdminConsole/Enums/EventType.cs
@@ -60,6 +60,7 @@ public enum EventType : int
     OrganizationUser_RejectedAuthRequest = 1514,
     OrganizationUser_Deleted = 1515, // Both user and organization user data were deleted
     OrganizationUser_Left = 1516,    // User voluntarily left the organization
+    OrganizationUser_AutomaticallyConfirmed = 1517,
 
     Organization_Updated = 1600,
     Organization_PurgedVault = 1601,
diff --git a/src/Core/AdminConsole/Models/Data/OrganizationUsers/AcceptedOrganizationUserToConfirm.cs b/src/Core/AdminConsole/Models/Data/OrganizationUsers/AcceptedOrganizationUserToConfirm.cs
new file mode 100644
index 0000000000..0dc6d1c352
--- /dev/null
+++ b/src/Core/AdminConsole/Models/Data/OrganizationUsers/AcceptedOrganizationUserToConfirm.cs
@@ -0,0 +1,8 @@
+namespace Bit.Core.AdminConsole.Models.Data.OrganizationUsers;
+
+public record AcceptedOrganizationUserToConfirm
+{
+    public required Guid OrganizationUserId { get; init; }
+    public required Guid UserId { get; init; }
+    public required string Key { get; init; }
+}
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUserCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUserCommand.cs
new file mode 100644
index 0000000000..67b5f0da80
--- /dev/null
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUserCommand.cs
@@ -0,0 +1,186 @@
+using Bit.Core.AdminConsole.Models.Data.OrganizationUsers;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data;
+using Bit.Core.Platform.Push;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Microsoft.Extensions.Logging;
+using OneOf.Types;
+using CommandResult = Bit.Core.AdminConsole.Utilities.v2.Results.CommandResult;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
+
+public class AutomaticallyConfirmOrganizationUserCommand(IOrganizationUserRepository organizationUserRepository,
+    IOrganizationRepository organizationRepository,
+    IAutomaticallyConfirmOrganizationUsersValidator validator,
+    IEventService eventService,
+    IMailService mailService,
+    IUserRepository userRepository,
+    IPushRegistrationService pushRegistrationService,
+    IDeviceRepository deviceRepository,
+    IPushNotificationService pushNotificationService,
+    IPolicyRequirementQuery policyRequirementQuery,
+    ICollectionRepository collectionRepository,
+    TimeProvider timeProvider,
+    ILogger<AutomaticallyConfirmOrganizationUserCommand> logger) : IAutomaticallyConfirmOrganizationUserCommand
+{
+    public async Task<CommandResult> AutomaticallyConfirmOrganizationUserAsync(AutomaticallyConfirmOrganizationUserRequest request)
+    {
+        var validatorRequest = await RetrieveDataAsync(request);
+
+        var validatedData = await validator.ValidateAsync(validatorRequest);
+
+        return await validatedData.Match<Task<CommandResult>>(
+            error => Task.FromResult(new CommandResult(error)),
+            async _ =>
+            {
+                var userToConfirm = new AcceptedOrganizationUserToConfirm
+                {
+                    OrganizationUserId = validatedData.Request.OrganizationUser!.Id,
+                    UserId = validatedData.Request.OrganizationUser.UserId!.Value,
+                    Key = validatedData.Request.Key
+                };
+
+                // This operation is idempotent. If false, the user is already confirmed and no additional side effects are required.
+                if (!await organizationUserRepository.ConfirmOrganizationUserAsync(userToConfirm))
+                {
+                    return new None();
+                }
+
+                await CreateDefaultCollectionsAsync(validatedData.Request);
+
+                await Task.WhenAll(
+                    LogOrganizationUserConfirmedEventAsync(validatedData.Request),
+                    SendConfirmedOrganizationUserEmailAsync(validatedData.Request),
+                    SyncOrganizationKeysAsync(validatedData.Request)
+                );
+
+                return new None();
+            }
+        );
+    }
+
+    private async Task SyncOrganizationKeysAsync(AutomaticallyConfirmOrganizationUserValidationRequest request)
+    {
+        await DeleteDeviceRegistrationAsync(request);
+        await PushSyncOrganizationKeysAsync(request);
+    }
+
+    private async Task CreateDefaultCollectionsAsync(AutomaticallyConfirmOrganizationUserValidationRequest request)
+    {
+        try
+        {
+            if (!await ShouldCreateDefaultCollectionAsync(request))
+            {
+                return;
+            }
+
+            await collectionRepository.CreateAsync(
+                new Collection
+                {
+                    OrganizationId = request.Organization!.Id,
+                    Name = request.DefaultUserCollectionName,
+                    Type = CollectionType.DefaultUserCollection
+                },
+                groups: null,
+                [new CollectionAccessSelection
+                {
+                    Id = request.OrganizationUser!.Id,
+                    Manage = true
+                }]);
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to create default collection for user.");
+        }
+    }
+
+    /// <summary>
+    /// Determines whether a default collection should be created for an organization user during the confirmation process.
+    /// </summary>
+    /// <param name="request">
+    /// The validation request containing information about the user, organization, and collection settings.
+    /// </param>
+    /// <returns>The result is a boolean value indicating whether a default collection should be created.</returns>
+    private async Task<bool> ShouldCreateDefaultCollectionAsync(AutomaticallyConfirmOrganizationUserValidationRequest request) =>
+        !string.IsNullOrWhiteSpace(request.DefaultUserCollectionName)
+        && (await policyRequirementQuery.GetAsync<OrganizationDataOwnershipPolicyRequirement>(request.OrganizationUser!.UserId!.Value))
+            .RequiresDefaultCollectionOnConfirm(request.Organization!.Id);
+
+    private async Task PushSyncOrganizationKeysAsync(AutomaticallyConfirmOrganizationUserValidationRequest request)
+    {
+        try
+        {
+            await pushNotificationService.PushSyncOrgKeysAsync(request.OrganizationUser!.UserId!.Value);
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to push organization keys.");
+        }
+    }
+
+    private async Task LogOrganizationUserConfirmedEventAsync(AutomaticallyConfirmOrganizationUserValidationRequest request)
+    {
+        try
+        {
+            await eventService.LogOrganizationUserEventAsync(request.OrganizationUser,
+                EventType.OrganizationUser_AutomaticallyConfirmed,
+                timeProvider.GetUtcNow().UtcDateTime);
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to log OrganizationUser_AutomaticallyConfirmed event.");
+        }
+    }
+
+    private async Task SendConfirmedOrganizationUserEmailAsync(AutomaticallyConfirmOrganizationUserValidationRequest request)
+    {
+        try
+        {
+            var user = await userRepository.GetByIdAsync(request.OrganizationUser!.UserId!.Value);
+
+            await mailService.SendOrganizationConfirmedEmailAsync(request.Organization!.Name,
+                user!.Email,
+                request.OrganizationUser.AccessSecretsManager);
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to send OrganizationUserConfirmed.");
+        }
+    }
+
+    private async Task DeleteDeviceRegistrationAsync(AutomaticallyConfirmOrganizationUserValidationRequest request)
+    {
+        try
+        {
+            var devices = (await deviceRepository.GetManyByUserIdAsync(request.OrganizationUser!.UserId!.Value))
+                    .Where(d => !string.IsNullOrWhiteSpace(d.PushToken))
+                    .Select(d => d.Id.ToString());
+
+            await pushRegistrationService.DeleteUserRegistrationOrganizationAsync(devices, request.Organization!.Id.ToString());
+        }
+        catch (Exception ex)
+        {
+            logger.LogError(ex, "Failed to delete device registration.");
+        }
+    }
+
+    private async Task<AutomaticallyConfirmOrganizationUserValidationRequest> RetrieveDataAsync(
+        AutomaticallyConfirmOrganizationUserRequest request)
+    {
+        return new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            OrganizationUserId = request.OrganizationUserId,
+            OrganizationId = request.OrganizationId,
+            Key = request.Key,
+            DefaultUserCollectionName = request.DefaultUserCollectionName,
+            PerformedBy = request.PerformedBy,
+            OrganizationUser = await organizationUserRepository.GetByIdAsync(request.OrganizationUserId),
+            Organization = await organizationRepository.GetByIdAsync(request.OrganizationId)
+        };
+    }
+}
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUserRequest.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUserRequest.cs
new file mode 100644
index 0000000000..fcc8dacf66
--- /dev/null
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUserRequest.cs
@@ -0,0 +1,29 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Models.Data;
+using Bit.Core.Entities;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
+
+/// <summary>
+/// Automatically Confirm User Command Request
+/// </summary>
+public record AutomaticallyConfirmOrganizationUserRequest
+{
+    public required Guid OrganizationUserId { get; init; }
+    public required Guid OrganizationId { get; init; }
+    public required string Key { get; init; }
+    public required string DefaultUserCollectionName { get; init; }
+    public required IActingUser PerformedBy { get; init; }
+}
+
+/// <summary>
+/// Automatically Confirm User Validation Request
+/// </summary>
+/// <remarks>
+/// This is used to hold retrieved data and pass it to the validator
+/// </remarks>
+public record AutomaticallyConfirmOrganizationUserValidationRequest : AutomaticallyConfirmOrganizationUserRequest
+{
+    public OrganizationUser? OrganizationUser { get; set; }
+    public Organization? Organization { get; set; }
+}
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUsersValidator.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUsersValidator.cs
new file mode 100644
index 0000000000..11b89de680
--- /dev/null
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/AutomaticallyConfirmOrganizationUsersValidator.cs
@@ -0,0 +1,116 @@
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.AdminConsole.Utilities.v2;
+using Bit.Core.AdminConsole.Utilities.v2.Validation;
+using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
+using Bit.Core.Enums;
+using Bit.Core.Repositories;
+using static Bit.Core.AdminConsole.Utilities.v2.Validation.ValidationResultHelpers;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
+
+public class AutomaticallyConfirmOrganizationUsersValidator(
+    IOrganizationUserRepository organizationUserRepository,
+    ITwoFactorIsEnabledQuery twoFactorIsEnabledQuery,
+    IPolicyRequirementQuery policyRequirementQuery,
+    IPolicyRepository policyRepository) : IAutomaticallyConfirmOrganizationUsersValidator
+{
+    public async Task<ValidationResult<AutomaticallyConfirmOrganizationUserValidationRequest>> ValidateAsync(
+        AutomaticallyConfirmOrganizationUserValidationRequest request)
+    {
+        // User must exist
+        if (request is { OrganizationUser: null } || request.OrganizationUser is { UserId: null })
+        {
+            return Invalid(request, new UserNotFoundError());
+        }
+
+        // Organization must exist
+        if (request is { Organization: null })
+        {
+            return Invalid(request, new OrganizationNotFound());
+        }
+
+        // User must belong to the organization
+        if (request.OrganizationUser.OrganizationId != request.Organization.Id)
+        {
+            return Invalid(request, new OrganizationUserIdIsInvalid());
+        }
+
+        // User must be accepted
+        if (request is { OrganizationUser.Status: not OrganizationUserStatusType.Accepted })
+        {
+            return Invalid(request, new UserIsNotAccepted());
+        }
+
+        // User must be of type User
+        if (request is { OrganizationUser.Type: not OrganizationUserType.User })
+        {
+            return Invalid(request, new UserIsNotUserType());
+        }
+
+        if (!await OrganizationHasAutomaticallyConfirmUsersPolicyEnabledAsync(request))
+        {
+            return Invalid(request, new AutomaticallyConfirmUsersPolicyIsNotEnabled());
+        }
+
+        if (!await OrganizationUserConformsToTwoFactorRequiredPolicyAsync(request))
+        {
+            return Invalid(request, new UserDoesNotHaveTwoFactorEnabled());
+        }
+
+        if (await OrganizationUserConformsToSingleOrgPolicyAsync(request) is { } error)
+        {
+            return Invalid(request, error);
+        }
+
+        return Valid(request);
+    }
+
+    private async Task<bool> OrganizationHasAutomaticallyConfirmUsersPolicyEnabledAsync(
+            AutomaticallyConfirmOrganizationUserValidationRequest request) =>
+        await policyRepository.GetByOrganizationIdTypeAsync(request.OrganizationId,
+            PolicyType.AutomaticUserConfirmation) is { Enabled: true }
+        && request.Organization is { UseAutomaticUserConfirmation: true };
+
+    private async Task<bool> OrganizationUserConformsToTwoFactorRequiredPolicyAsync(AutomaticallyConfirmOrganizationUserValidationRequest request)
+    {
+        if ((await twoFactorIsEnabledQuery.TwoFactorIsEnabledAsync([request.OrganizationUser!.UserId!.Value]))
+            .Any(x => x.userId == request.OrganizationUser.UserId && x.twoFactorIsEnabled))
+        {
+            return true;
+        }
+
+        return !(await policyRequirementQuery.GetAsync<RequireTwoFactorPolicyRequirement>(request.OrganizationUser.UserId!.Value))
+            .IsTwoFactorRequiredForOrganization(request.Organization!.Id);
+    }
+
+    private async Task<Error?> OrganizationUserConformsToSingleOrgPolicyAsync(
+        AutomaticallyConfirmOrganizationUserValidationRequest request)
+    {
+        var allOrganizationUsersForUser = await organizationUserRepository
+            .GetManyByUserAsync(request.OrganizationUser!.UserId!.Value);
+
+        if (allOrganizationUsersForUser.Count == 1)
+        {
+            return null;
+        }
+
+        var policyRequirement = await policyRequirementQuery
+            .GetAsync<SingleOrganizationPolicyRequirement>(request.OrganizationUser!.UserId!.Value);
+
+        if (policyRequirement.IsSingleOrgEnabledForThisOrganization(request.Organization!.Id))
+        {
+            return new OrganizationEnforcesSingleOrgPolicy();
+        }
+
+        if (policyRequirement.IsSingleOrgEnabledForOrganizationsOtherThan(request.Organization.Id))
+        {
+            return new OtherOrganizationEnforcesSingleOrgPolicy();
+        }
+
+        return null;
+    }
+}
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/Errors.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/Errors.cs
new file mode 100644
index 0000000000..1564daca6c
--- /dev/null
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/Errors.cs
@@ -0,0 +1,13 @@
+using Bit.Core.AdminConsole.Utilities.v2;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
+
+public record OrganizationNotFound() : NotFoundError("Invalid organization");
+public record FailedToWriteToEventLog() : InternalError("Failed to write to event log");
+public record UserIsNotUserType() : BadRequestError("Only organization users with the User role can be automatically confirmed");
+public record UserIsNotAccepted() : BadRequestError("Cannot confirm user that has not accepted the invitation.");
+public record OrganizationUserIdIsInvalid() : BadRequestError("Invalid organization user id.");
+public record UserDoesNotHaveTwoFactorEnabled() : BadRequestError("User does not have two-step login enabled.");
+public record OrganizationEnforcesSingleOrgPolicy() : BadRequestError("Cannot confirm this member to the organization until they leave or remove all other organizations");
+public record OtherOrganizationEnforcesSingleOrgPolicy() : BadRequestError("Cannot confirm this member to the organization because they are in another organization which forbids it.");
+public record AutomaticallyConfirmUsersPolicyIsNotEnabled() : BadRequestError("Cannot confirm this member because the Automatically Confirm Users policy is not enabled.");
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/IAutomaticallyConfirmOrganizationUsersValidator.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/IAutomaticallyConfirmOrganizationUsersValidator.cs
new file mode 100644
index 0000000000..544b65b53f
--- /dev/null
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUser/IAutomaticallyConfirmOrganizationUsersValidator.cs
@@ -0,0 +1,9 @@
+using Bit.Core.AdminConsole.Utilities.v2.Validation;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
+
+public interface IAutomaticallyConfirmOrganizationUsersValidator
+{
+    Task<ValidationResult<AutomaticallyConfirmOrganizationUserValidationRequest>> ValidateAsync(
+        AutomaticallyConfirmOrganizationUserValidationRequest request);
+}
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/DeleteClaimedOrganizationUserAccountCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/DeleteClaimedOrganizationUserAccountCommand.cs
index 87c24c3ab4..c5c423f2bb 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/DeleteClaimedOrganizationUserAccountCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/DeleteClaimedOrganizationUserAccountCommand.cs
@@ -1,4 +1,6 @@
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.AdminConsole.Utilities.v2.Results;
+using Bit.Core.AdminConsole.Utilities.v2.Validation;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/DeleteClaimedOrganizationUserAccountValidator.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/DeleteClaimedOrganizationUserAccountValidator.cs
index 315d45ea69..71eff3ae69 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/DeleteClaimedOrganizationUserAccountValidator.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/DeleteClaimedOrganizationUserAccountValidator.cs
@@ -1,8 +1,9 @@
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.AdminConsole.Utilities.v2.Validation;
 using Bit.Core.Context;
 using Bit.Core.Enums;
 using Bit.Core.Repositories;
-using static Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount.ValidationResultHelpers;
+using static Bit.Core.AdminConsole.Utilities.v2.Validation.ValidationResultHelpers;
 
 namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
 
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/Errors.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/Errors.cs
index 6c8f7ee00c..a76104cc88 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/Errors.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/Errors.cs
@@ -1,15 +1,6 @@
-namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
+using Bit.Core.AdminConsole.Utilities.v2;
 
-/// <summary>
-/// A strongly typed error containing a reason that an action failed.
-/// This is used for business logic validation and other expected errors, not exceptions.
-/// </summary>
-public abstract record Error(string Message);
-/// <summary>
-/// An <see cref="Error"/> type that maps to a NotFoundResult at the api layer.
-/// </summary>
-/// <param name="Message"></param>
-public abstract record NotFoundError(string Message) : Error(Message);
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
 
 public record UserNotFoundError() : NotFoundError("Invalid user.");
 public record UserNotClaimedError() : Error("Member is not claimed by the organization.");
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/IDeleteClaimedOrganizationUserAccountCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/IDeleteClaimedOrganizationUserAccountCommand.cs
index 983a3a4f21..408d3e8bcd 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/IDeleteClaimedOrganizationUserAccountCommand.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/IDeleteClaimedOrganizationUserAccountCommand.cs
@@ -1,4 +1,6 @@
-namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
+using Bit.Core.AdminConsole.Utilities.v2.Results;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
 
 public interface IDeleteClaimedOrganizationUserAccountCommand
 {
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/IDeleteClaimedOrganizationUserAccountValidator.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/IDeleteClaimedOrganizationUserAccountValidator.cs
index f1a2c71b1b..05e97e896a 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/IDeleteClaimedOrganizationUserAccountValidator.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/IDeleteClaimedOrganizationUserAccountValidator.cs
@@ -1,4 +1,6 @@
-namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
+using Bit.Core.AdminConsole.Utilities.v2.Validation;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
 
 public interface IDeleteClaimedOrganizationUserAccountValidator
 {
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/Interfaces/IAutomaticallyConfirmOrganizationUserCommand.cs b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/Interfaces/IAutomaticallyConfirmOrganizationUserCommand.cs
new file mode 100644
index 0000000000..a1776416ae
--- /dev/null
+++ b/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/Interfaces/IAutomaticallyConfirmOrganizationUserCommand.cs
@@ -0,0 +1,40 @@
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
+using Bit.Core.AdminConsole.Utilities.v2.Results;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+
+/// <summary>
+/// Command to automatically confirm an organization user.
+/// </summary>
+/// <remarks>
+/// The auto-confirm feature enables eligible client apps to confirm OrganizationUsers
+/// automatically via push notifications, eliminating the need for manual administrator
+/// intervention. Client apps receive a push notification, perform the required key exchange,
+/// and submit an auto-confirm request to the server. This command processes those
+/// client-initiated requests and should only be used in that specific context.
+/// </remarks>
+public interface IAutomaticallyConfirmOrganizationUserCommand
+{
+    /// <summary>
+    /// Automatically confirms the organization user based on the provided request data.
+    /// </summary>
+    /// <param name="request">The request containing necessary information to confirm the organization user.</param>
+    /// <remarks>
+    /// This action has side effects. The side effects are
+    /// <ul>
+    ///   <li>Creating an event log entry.</li>
+    ///   <li>Syncing organization keys with the user.</li>
+    ///   <li>Deleting any registered user devices for the organization.</li>
+    ///   <li>Sending an email to the confirmed user.</li>
+    ///   <li>Creating the default collection if applicable.</li>
+    /// </ul>
+    ///
+    /// Each of these actions is performed independently of each other and not guaranteed to be performed in any order.
+    /// Errors will be reported back for the actions that failed in a consolidated error message.
+    /// </remarks>
+    /// <returns>
+    /// The result of the command. If there was an error, the result will contain a typed error describing the problem
+    /// that occurred.
+    /// </returns>
+    Task<CommandResult> AutomaticallyConfirmOrganizationUserAsync(AutomaticallyConfirmOrganizationUserRequest request);
+}
diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/SingleOrganizationPolicyRequirement.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/SingleOrganizationPolicyRequirement.cs
new file mode 100644
index 0000000000..d1e1efafd9
--- /dev/null
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyRequirements/SingleOrganizationPolicyRequirement.cs
@@ -0,0 +1,21 @@
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+
+namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+
+public class SingleOrganizationPolicyRequirement(IEnumerable<PolicyDetails> policyDetails) : IPolicyRequirement
+{
+    public bool IsSingleOrgEnabledForThisOrganization(Guid organizationId) =>
+        policyDetails.Any(p => p.OrganizationId == organizationId);
+
+    public bool IsSingleOrgEnabledForOrganizationsOtherThan(Guid organizationId) =>
+        policyDetails.Any(p => p.OrganizationId != organizationId);
+}
+
+public class SingleOrganizationPolicyRequirementFactory : BasePolicyRequirementFactory<SingleOrganizationPolicyRequirement>
+{
+    public override PolicyType PolicyType => PolicyType.SingleOrg;
+
+    public override SingleOrganizationPolicyRequirement Create(IEnumerable<PolicyDetails> policyDetails) =>
+        new(policyDetails);
+}
diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs
index 7c1987865a..e0ca8d6f90 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyServiceCollectionExtensions.cs
@@ -65,5 +65,6 @@ public static class PolicyServiceCollectionExtensions
         services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, RequireSsoPolicyRequirementFactory>();
         services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, RequireTwoFactorPolicyRequirementFactory>();
         services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, MasterPasswordPolicyRequirementFactory>();
+        services.AddScoped<IPolicyRequirementFactory<IPolicyRequirement>, SingleOrganizationPolicyRequirementFactory>();
     }
 }
diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidator.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidator.cs
index c0378bf5f9..d24c61e258 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidator.cs
+++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidator.cs
@@ -1,6 +1,4 @@
-#nullable enable
-
-using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
@@ -29,8 +27,6 @@ public class SingleOrgPolicyValidator : IPolicyValidator, IPolicyValidationEvent
     private readonly IOrganizationRepository _organizationRepository;
     private readonly ISsoConfigRepository _ssoConfigRepository;
     private readonly ICurrentContext _currentContext;
-    private readonly IFeatureService _featureService;
-    private readonly IRemoveOrganizationUserCommand _removeOrganizationUserCommand;
     private readonly IOrganizationHasVerifiedDomainsQuery _organizationHasVerifiedDomainsQuery;
     private readonly IRevokeNonCompliantOrganizationUserCommand _revokeNonCompliantOrganizationUserCommand;
 
@@ -40,8 +36,6 @@ public class SingleOrgPolicyValidator : IPolicyValidator, IPolicyValidationEvent
         IOrganizationRepository organizationRepository,
         ISsoConfigRepository ssoConfigRepository,
         ICurrentContext currentContext,
-        IFeatureService featureService,
-        IRemoveOrganizationUserCommand removeOrganizationUserCommand,
         IOrganizationHasVerifiedDomainsQuery organizationHasVerifiedDomainsQuery,
         IRevokeNonCompliantOrganizationUserCommand revokeNonCompliantOrganizationUserCommand)
     {
@@ -50,8 +44,6 @@ public class SingleOrgPolicyValidator : IPolicyValidator, IPolicyValidationEvent
         _organizationRepository = organizationRepository;
         _ssoConfigRepository = ssoConfigRepository;
         _currentContext = currentContext;
-        _featureService = featureService;
-        _removeOrganizationUserCommand = removeOrganizationUserCommand;
         _organizationHasVerifiedDomainsQuery = organizationHasVerifiedDomainsQuery;
         _revokeNonCompliantOrganizationUserCommand = revokeNonCompliantOrganizationUserCommand;
     }
diff --git a/src/Core/AdminConsole/Repositories/IOrganizationUserRepository.cs b/src/Core/AdminConsole/Repositories/IOrganizationUserRepository.cs
index b17de3c51d..bedb9d49ee 100644
--- a/src/Core/AdminConsole/Repositories/IOrganizationUserRepository.cs
+++ b/src/Core/AdminConsole/Repositories/IOrganizationUserRepository.cs
@@ -1,4 +1,5 @@
 using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.OrganizationUsers;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
@@ -93,7 +94,7 @@ public interface IOrganizationUserRepository : IRepository<OrganizationUser, Gui
     ///
     /// This is an idempotent operation.
     /// </summary>
-    /// <param name="organizationUser">Accepted OrganizationUser to confirm</param>
+    /// <param name="organizationUserToConfirm">Accepted OrganizationUser to confirm</param>
     /// <returns>True, if the user was updated. False, if not performed.</returns>
-    Task<bool> ConfirmOrganizationUserAsync(OrganizationUser organizationUser);
+    Task<bool> ConfirmOrganizationUserAsync(AcceptedOrganizationUserToConfirm organizationUserToConfirm);
 }
diff --git a/src/Core/AdminConsole/Utilities/v2/Errors.cs b/src/Core/AdminConsole/Utilities/v2/Errors.cs
new file mode 100644
index 0000000000..c1c66b2630
--- /dev/null
+++ b/src/Core/AdminConsole/Utilities/v2/Errors.cs
@@ -0,0 +1,15 @@
+namespace Bit.Core.AdminConsole.Utilities.v2;
+
+/// <summary>
+/// A strongly typed error containing a reason that an action failed.
+/// This is used for business logic validation and other expected errors, not exceptions.
+/// </summary>
+public abstract record Error(string Message);
+/// <summary>
+/// An <see cref="Error"/> type that maps to a NotFoundResult at the api layer.
+/// </summary>
+/// <param name="Message"></param>
+public abstract record NotFoundError(string Message) : Error(Message);
+
+public abstract record BadRequestError(string Message) : Error(Message);
+public abstract record InternalError(string Message) : Error(Message);
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/CommandResult.cs b/src/Core/AdminConsole/Utilities/v2/Results/CommandResult.cs
similarity index 94%
rename from src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/CommandResult.cs
rename to src/Core/AdminConsole/Utilities/v2/Results/CommandResult.cs
index fbb00a908a..fb1bd16b2d 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/CommandResult.cs
+++ b/src/Core/AdminConsole/Utilities/v2/Results/CommandResult.cs
@@ -1,7 +1,7 @@
 using OneOf;
 using OneOf.Types;
 
-namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
+namespace Bit.Core.AdminConsole.Utilities.v2.Results;
 
 /// <summary>
 /// Represents the result of a command.
@@ -39,4 +39,3 @@ public record BulkCommandResult<T>(Guid Id, CommandResult<T> Result);
 /// A wrapper for <see cref="CommandResult"/> with an ID, to identify the result in bulk operations.
 /// </summary>
 public record BulkCommandResult(Guid Id, CommandResult Result);
-
diff --git a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/ValidationResult.cs b/src/Core/AdminConsole/Utilities/v2/Validation/ValidationResult.cs
similarity index 94%
rename from src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/ValidationResult.cs
rename to src/Core/AdminConsole/Utilities/v2/Validation/ValidationResult.cs
index c84a0aeda1..e28eac9a1c 100644
--- a/src/Core/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccount/ValidationResult.cs
+++ b/src/Core/AdminConsole/Utilities/v2/Validation/ValidationResult.cs
@@ -1,7 +1,7 @@
 using OneOf;
 using OneOf.Types;
 
-namespace Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
+namespace Bit.Core.AdminConsole.Utilities.v2.Validation;
 
 /// <summary>
 /// Represents the result of validating a request.
diff --git a/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs b/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs
index 8cfd0a8df1..91504b0b9b 100644
--- a/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs
+++ b/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs
@@ -14,6 +14,7 @@ using Bit.Core.AdminConsole.OrganizationFeatures.Organizations;
 using Bit.Core.AdminConsole.OrganizationFeatures.Organizations.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Authorization;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;
@@ -135,6 +136,8 @@ public static class OrganizationServiceCollectionExtensions
         services.AddScoped<IUpdateOrganizationUserGroupsCommand, UpdateOrganizationUserGroupsCommand>();
         services.AddScoped<IConfirmOrganizationUserCommand, ConfirmOrganizationUserCommand>();
         services.AddScoped<IAdminRecoverAccountCommand, AdminRecoverAccountCommand>();
+        services.AddScoped<IAutomaticallyConfirmOrganizationUserCommand, AutomaticallyConfirmOrganizationUserCommand>();
+        services.AddScoped<IAutomaticallyConfirmOrganizationUsersValidator, AutomaticallyConfirmOrganizationUsersValidator>();
 
         services.AddScoped<IDeleteClaimedOrganizationUserAccountCommand, DeleteClaimedOrganizationUserAccountCommand>();
         services.AddScoped<IDeleteClaimedOrganizationUserAccountValidator, DeleteClaimedOrganizationUserAccountValidator>();
diff --git a/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationUserRepository.cs b/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationUserRepository.cs
index ed5708844d..af52021ca7 100644
--- a/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationUserRepository.cs
+++ b/src/Infrastructure.Dapper/AdminConsole/Repositories/OrganizationUserRepository.cs
@@ -2,6 +2,7 @@
 using System.Text.Json;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.OrganizationUsers;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
 using Bit.Core.AdminConsole.Utilities.DebuggingInstruments;
 using Bit.Core.Entities;
@@ -671,7 +672,7 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO
             commandType: CommandType.StoredProcedure);
     }
 
-    public async Task<bool> ConfirmOrganizationUserAsync(OrganizationUser organizationUser)
+    public async Task<bool> ConfirmOrganizationUserAsync(AcceptedOrganizationUserToConfirm organizationUserToConfirm)
     {
         await using var connection = new SqlConnection(_marsConnectionString);
 
@@ -679,10 +680,10 @@ public class OrganizationUserRepository : Repository<OrganizationUser, Guid>, IO
             $"[{Schema}].[OrganizationUser_ConfirmById]",
             new
             {
-                organizationUser.Id,
-                organizationUser.UserId,
+                Id = organizationUserToConfirm.OrganizationUserId,
+                UserId = organizationUserToConfirm.UserId,
                 RevisionDate = DateTime.UtcNow.Date,
-                Key = organizationUser.Key
+                Key = organizationUserToConfirm.Key
             });
 
         return rowCount > 0;
diff --git a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationUserRepository.cs b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationUserRepository.cs
index e5016a20d4..fd31b1f0dc 100644
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationUserRepository.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationUserRepository.cs
@@ -3,6 +3,7 @@
 
 using AutoMapper;
 using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data.OrganizationUsers;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
@@ -943,23 +944,24 @@ public class OrganizationUserRepository : Repository<Core.Entities.OrganizationU
         await dbContext.SaveChangesAsync();
     }
 
-    public async Task<bool> ConfirmOrganizationUserAsync(Core.Entities.OrganizationUser organizationUser)
+    public async Task<bool> ConfirmOrganizationUserAsync(AcceptedOrganizationUserToConfirm organizationUserToConfirm)
     {
         using var scope = ServiceScopeFactory.CreateScope();
         await using var dbContext = GetDatabaseContext(scope);
 
         var result = await dbContext.OrganizationUsers
-            .Where(ou => ou.Id == organizationUser.Id && ou.Status == OrganizationUserStatusType.Accepted)
+            .Where(ou => ou.Id == organizationUserToConfirm.OrganizationUserId
+                         && ou.Status == OrganizationUserStatusType.Accepted)
             .ExecuteUpdateAsync(x => x
                 .SetProperty(y => y.Status, OrganizationUserStatusType.Confirmed)
-                .SetProperty(y => y.Key, organizationUser.Key));
+                .SetProperty(y => y.Key, organizationUserToConfirm.Key));
 
         if (result <= 0)
         {
             return false;
         }
 
-        await dbContext.UserBumpAccountRevisionDateByOrganizationUserIdAsync(organizationUser.Id);
+        await dbContext.UserBumpAccountRevisionDateByOrganizationUserIdAsync(organizationUserToConfirm.OrganizationUserId);
         return true;
 
     }
diff --git a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/PolicyRepository.cs b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/PolicyRepository.cs
index 1cca7a9bbb..894fb255be 100644
--- a/src/Infrastructure.EntityFramework/AdminConsole/Repositories/PolicyRepository.cs
+++ b/src/Infrastructure.EntityFramework/AdminConsole/Repositories/PolicyRepository.cs
@@ -217,7 +217,7 @@ public class PolicyRepository : Repository<AdminConsoleEntities.Policy, Policy,
                                       UserId = u.Id
                                   }).ToListAsync();
 
-        // Combine results with provder lookup
+        // Combine results with the provider lookup
         var allResults = acceptedUsers.Concat(invitedUsers)
             .Select(item => new OrganizationPolicyDetails
             {
diff --git a/test/Api.IntegrationTest/AdminConsole/Controllers/OrganizationUserControllerAutoConfirmTests.cs b/test/Api.IntegrationTest/AdminConsole/Controllers/OrganizationUserControllerAutoConfirmTests.cs
new file mode 100644
index 0000000000..02103c7040
--- /dev/null
+++ b/test/Api.IntegrationTest/AdminConsole/Controllers/OrganizationUserControllerAutoConfirmTests.cs
@@ -0,0 +1,225 @@
+using System.Net;
+using Bit.Api.AdminConsole.Models.Request.Organizations;
+using Bit.Api.IntegrationTest.Factories;
+using Bit.Api.IntegrationTest.Helpers;
+using Bit.Core;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Billing.Enums;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Api.IntegrationTest.AdminConsole.Controllers;
+
+public class OrganizationUserControllerAutoConfirmTests : IClassFixture<ApiApplicationFactory>, IAsyncLifetime
+{
+    private const string _mockEncryptedString = "2.AOs41Hd8OQiCPXjyJKCiDA==|O6OHgt2U2hJGBSNGnimJmg==|iD33s8B69C8JhYYhSa4V1tArjvLr8eEaGqOV7BRo5Jk=";
+
+    private readonly HttpClient _client;
+    private readonly ApiApplicationFactory _factory;
+    private readonly LoginHelper _loginHelper;
+
+    private string _ownerEmail = null!;
+
+    public OrganizationUserControllerAutoConfirmTests(ApiApplicationFactory apiFactory)
+    {
+        _factory = apiFactory;
+        _factory.SubstituteService<IFeatureService>(featureService =>
+        {
+            featureService
+                .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+                .Returns(true);
+        });
+        _client = _factory.CreateClient();
+        _loginHelper = new LoginHelper(_factory, _client);
+    }
+
+    public async Task InitializeAsync()
+    {
+        _ownerEmail = $"org-owner-{Guid.NewGuid()}@example.com";
+        await _factory.LoginWithNewAccount(_ownerEmail);
+    }
+
+    [Fact]
+    public async Task AutoConfirm_WhenUserCannotManageOtherUsers_ThenShouldReturnForbidden()
+    {
+        var (organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, plan: PlanType.EnterpriseAnnually2023,
+            ownerEmail: _ownerEmail, passwordManagerSeats: 5, paymentMethod: PaymentMethodType.Card);
+
+        organization.UseAutomaticUserConfirmation = true;
+
+        await _factory.GetService<IOrganizationRepository>()
+            .UpsertAsync(organization);
+
+        var testKey = $"test-key-{Guid.NewGuid()}";
+
+        var userToConfirmEmail = $"org-user-to-confirm-{Guid.NewGuid()}@example.com";
+        await _factory.LoginWithNewAccount(userToConfirmEmail);
+
+        var (confirmingUserEmail, _) = await OrganizationTestHelpers.CreateNewUserWithAccountAsync(_factory, organization.Id, OrganizationUserType.User);
+        await _loginHelper.LoginAsync(confirmingUserEmail);
+
+        var organizationUser = await OrganizationTestHelpers.CreateUserAsync(
+            _factory,
+            organization.Id,
+            userToConfirmEmail,
+            OrganizationUserType.User,
+            false,
+            new Permissions { ManageUsers = false },
+            OrganizationUserStatusType.Accepted);
+
+        var result = await _client.PostAsJsonAsync($"organizations/{organization.Id}/users/{organizationUser.Id}/auto-confirm",
+            new OrganizationUserConfirmRequestModel
+            {
+                Key = testKey,
+                DefaultUserCollectionName = _mockEncryptedString
+            });
+
+        Assert.Equal(HttpStatusCode.Forbidden, result.StatusCode);
+
+        await _factory.GetService<IOrganizationRepository>().DeleteAsync(organization);
+    }
+
+    [Fact]
+    public async Task AutoConfirm_WhenOwnerConfirmsValidUser_ThenShouldReturnNoContent()
+    {
+        var (organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, plan: PlanType.EnterpriseAnnually2023,
+            ownerEmail: _ownerEmail, passwordManagerSeats: 5, paymentMethod: PaymentMethodType.Card);
+
+        organization.UseAutomaticUserConfirmation = true;
+
+        await _factory.GetService<IOrganizationRepository>()
+            .UpsertAsync(organization);
+
+        var testKey = $"test-key-{Guid.NewGuid()}";
+
+        await _factory.GetService<IPolicyRepository>().CreateAsync(new Policy
+        {
+            OrganizationId = organization.Id,
+            Type = PolicyType.AutomaticUserConfirmation,
+            Enabled = true
+        });
+
+        await _factory.GetService<IPolicyRepository>().CreateAsync(new Policy
+        {
+            OrganizationId = organization.Id,
+            Type = PolicyType.OrganizationDataOwnership,
+            Enabled = true
+        });
+
+        var userToConfirmEmail = $"org-user-to-confirm-{Guid.NewGuid()}@example.com";
+        await _factory.LoginWithNewAccount(userToConfirmEmail);
+
+        await _loginHelper.LoginAsync(_ownerEmail);
+        var organizationUser = await OrganizationTestHelpers.CreateUserAsync(
+            _factory,
+            organization.Id,
+            userToConfirmEmail,
+            OrganizationUserType.User,
+            false,
+            new Permissions(),
+            OrganizationUserStatusType.Accepted);
+
+        var result = await _client.PostAsJsonAsync($"organizations/{organization.Id}/users/{organizationUser.Id}/auto-confirm",
+            new OrganizationUserConfirmRequestModel
+            {
+                Key = testKey,
+                DefaultUserCollectionName = _mockEncryptedString
+            });
+
+        Assert.Equal(HttpStatusCode.NoContent, result.StatusCode);
+
+        var orgUserRepository = _factory.GetService<IOrganizationUserRepository>();
+        var confirmedUser = await orgUserRepository.GetByIdAsync(organizationUser.Id);
+        Assert.NotNull(confirmedUser);
+        Assert.Equal(OrganizationUserStatusType.Confirmed, confirmedUser.Status);
+        Assert.Equal(testKey, confirmedUser.Key);
+
+        var collectionRepository = _factory.GetService<ICollectionRepository>();
+        var collections = await collectionRepository.GetManyByUserIdAsync(organizationUser.UserId!.Value);
+
+        Assert.NotEmpty(collections);
+        Assert.Single(collections.Where(c => c.Type == CollectionType.DefaultUserCollection));
+
+        await _factory.GetService<IOrganizationRepository>().DeleteAsync(organization);
+    }
+
+    [Fact]
+    public async Task AutoConfirm_WhenUserIsConfirmedMultipleTimes_ThenShouldSuccessAndOnlyConfirmOneUser()
+    {
+        var (organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, plan: PlanType.EnterpriseAnnually2023,
+            ownerEmail: _ownerEmail, passwordManagerSeats: 5, paymentMethod: PaymentMethodType.Card);
+
+        organization.UseAutomaticUserConfirmation = true;
+
+        await _factory.GetService<IOrganizationRepository>()
+            .UpsertAsync(organization);
+
+        var testKey = $"test-key-{Guid.NewGuid()}";
+
+        var userToConfirmEmail = $"org-user-to-confirm-{Guid.NewGuid()}@example.com";
+        await _factory.LoginWithNewAccount(userToConfirmEmail);
+
+        await _factory.GetService<IPolicyRepository>().CreateAsync(new Policy
+        {
+            OrganizationId = organization.Id,
+            Type = PolicyType.AutomaticUserConfirmation,
+            Enabled = true
+        });
+
+        await _factory.GetService<IPolicyRepository>().CreateAsync(new Policy
+        {
+            OrganizationId = organization.Id,
+            Type = PolicyType.OrganizationDataOwnership,
+            Enabled = true
+        });
+
+        await _loginHelper.LoginAsync(_ownerEmail);
+
+        var organizationUser = await OrganizationTestHelpers.CreateUserAsync(
+            _factory,
+            organization.Id,
+            userToConfirmEmail,
+            OrganizationUserType.User,
+            false,
+            new Permissions(),
+            OrganizationUserStatusType.Accepted);
+
+        var tenRequests = Enumerable.Range(0, 10)
+            .Select(_ => _client.PostAsJsonAsync($"organizations/{organization.Id}/users/{organizationUser.Id}/auto-confirm",
+                new OrganizationUserConfirmRequestModel
+                {
+                    Key = testKey,
+                    DefaultUserCollectionName = _mockEncryptedString
+                })).ToList();
+
+        var results = await Task.WhenAll(tenRequests);
+
+        Assert.Contains(results, r => r.StatusCode == HttpStatusCode.NoContent);
+
+        var orgUserRepository = _factory.GetService<IOrganizationUserRepository>();
+        var confirmedUser = await orgUserRepository.GetByIdAsync(organizationUser.Id);
+        Assert.NotNull(confirmedUser);
+        Assert.Equal(OrganizationUserStatusType.Confirmed, confirmedUser.Status);
+        Assert.Equal(testKey, confirmedUser.Key);
+
+        var collections = await _factory.GetService<ICollectionRepository>()
+            .GetManyByUserIdAsync(organizationUser.UserId!.Value);
+        Assert.NotEmpty(collections);
+        // validates user only received one default collection
+        Assert.Single(collections.Where(c => c.Type == CollectionType.DefaultUserCollection));
+
+        await _factory.GetService<IOrganizationRepository>().DeleteAsync(organization);
+    }
+
+    public Task DisposeAsync()
+    {
+        _client.Dispose();
+        return Task.CompletedTask;
+    }
+}
diff --git a/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs b/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs
index 5875cda05a..ae14001223 100644
--- a/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs
+++ b/test/Api.Test/AdminConsole/Controllers/OrganizationUsersControllerTests.cs
@@ -9,10 +9,12 @@ using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.AccountRecovery;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.AdminConsole.Utilities.v2.Results;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Context;
@@ -33,9 +35,11 @@ using Bit.Test.Common.AutoFixture.Attributes;
 using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
 using Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Requests;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.HttpResults;
 using Microsoft.AspNetCore.Mvc.ModelBinding;
 using NSubstitute;
+using OneOf.Types;
 using Xunit;
 
 namespace Bit.Api.Test.AdminConsole.Controllers;
@@ -476,7 +480,7 @@ public class OrganizationUsersControllerTests
 
         var result = await sutProvider.Sut.PutResetPassword(orgId, orgUserId, model);
 
-        Assert.IsType<NotFound>(result);
+        Assert.IsType<Microsoft.AspNetCore.Http.HttpResults.NotFound>(result);
     }
 
     [Theory]
@@ -506,7 +510,7 @@ public class OrganizationUsersControllerTests
 
         var result = await sutProvider.Sut.PutResetPassword(orgId, orgUserId, model);
 
-        Assert.IsType<NotFound>(result);
+        Assert.IsType<Microsoft.AspNetCore.Http.HttpResults.NotFound>(result);
     }
 
     [Theory]
@@ -521,7 +525,7 @@ public class OrganizationUsersControllerTests
 
         var result = await sutProvider.Sut.PutResetPassword(orgId, orgUserId, model);
 
-        Assert.IsType<NotFound>(result);
+        Assert.IsType<Microsoft.AspNetCore.Http.HttpResults.NotFound>(result);
     }
 
     [Theory]
@@ -594,4 +598,190 @@ public class OrganizationUsersControllerTests
 
         Assert.IsType<BadRequest<ModelStateDictionary>>(result);
     }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_UserIdNull_ReturnsUnauthorized(
+        Guid orgId,
+        Guid orgUserId,
+        OrganizationUserConfirmRequestModel model,
+        SutProvider<OrganizationUsersController> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IUserService>()
+            .GetProperUserId(Arg.Any<ClaimsPrincipal>())
+            .Returns((Guid?)null);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(orgId, orgUserId, model);
+
+        // Assert
+        Assert.IsType<UnauthorizedHttpResult>(result);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_UserIdEmpty_ReturnsUnauthorized(
+        Guid orgId,
+        Guid orgUserId,
+        OrganizationUserConfirmRequestModel model,
+        SutProvider<OrganizationUsersController> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IUserService>()
+            .GetProperUserId(Arg.Any<ClaimsPrincipal>())
+            .Returns(Guid.Empty);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(orgId, orgUserId, model);
+
+        // Assert
+        Assert.IsType<UnauthorizedHttpResult>(result);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_Success_ReturnsOk(
+        Guid orgId,
+        Guid orgUserId,
+        Guid userId,
+        OrganizationUserConfirmRequestModel model,
+        SutProvider<OrganizationUsersController> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IUserService>()
+            .GetProperUserId(Arg.Any<ClaimsPrincipal>())
+            .Returns(userId);
+
+        sutProvider.GetDependency<ICurrentContext>()
+            .OrganizationOwner(orgId)
+            .Returns(true);
+
+        sutProvider.GetDependency<IAutomaticallyConfirmOrganizationUserCommand>()
+            .AutomaticallyConfirmOrganizationUserAsync(Arg.Any<AutomaticallyConfirmOrganizationUserRequest>())
+            .Returns(new CommandResult(new None()));
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(orgId, orgUserId, model);
+
+        // Assert
+        Assert.IsType<NoContent>(result);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_NotFoundError_ReturnsNotFound(
+        Guid orgId,
+        Guid orgUserId,
+        Guid userId,
+        OrganizationUserConfirmRequestModel model,
+        SutProvider<OrganizationUsersController> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IUserService>()
+            .GetProperUserId(Arg.Any<ClaimsPrincipal>())
+            .Returns(userId);
+
+        sutProvider.GetDependency<ICurrentContext>()
+            .OrganizationOwner(orgId)
+            .Returns(false);
+
+        var notFoundError = new OrganizationNotFound();
+        sutProvider.GetDependency<IAutomaticallyConfirmOrganizationUserCommand>()
+            .AutomaticallyConfirmOrganizationUserAsync(Arg.Any<AutomaticallyConfirmOrganizationUserRequest>())
+            .Returns(new CommandResult(notFoundError));
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(orgId, orgUserId, model);
+
+        // Assert
+        var notFoundResult = Assert.IsType<NotFound<ErrorResponseModel>>(result);
+        Assert.Equal(notFoundError.Message, notFoundResult.Value.Message);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_BadRequestError_ReturnsBadRequest(
+        Guid orgId,
+        Guid orgUserId,
+        Guid userId,
+        OrganizationUserConfirmRequestModel model,
+        SutProvider<OrganizationUsersController> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IUserService>()
+            .GetProperUserId(Arg.Any<ClaimsPrincipal>())
+            .Returns(userId);
+
+        sutProvider.GetDependency<ICurrentContext>()
+            .OrganizationOwner(orgId)
+            .Returns(true);
+
+        var badRequestError = new UserIsNotAccepted();
+        sutProvider.GetDependency<IAutomaticallyConfirmOrganizationUserCommand>()
+            .AutomaticallyConfirmOrganizationUserAsync(Arg.Any<AutomaticallyConfirmOrganizationUserRequest>())
+            .Returns(new CommandResult(badRequestError));
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(orgId, orgUserId, model);
+
+        // Assert
+        var badRequestResult = Assert.IsType<BadRequest<ErrorResponseModel>>(result);
+        Assert.Equal(badRequestError.Message, badRequestResult.Value.Message);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_InternalError_ReturnsProblem(
+        Guid orgId,
+        Guid orgUserId,
+        Guid userId,
+        OrganizationUserConfirmRequestModel model,
+        SutProvider<OrganizationUsersController> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.AutomaticConfirmUsers)
+            .Returns(true);
+
+        sutProvider.GetDependency<IUserService>()
+            .GetProperUserId(Arg.Any<ClaimsPrincipal>())
+            .Returns(userId);
+
+        sutProvider.GetDependency<ICurrentContext>()
+            .OrganizationOwner(orgId)
+            .Returns(true);
+
+        var internalError = new FailedToWriteToEventLog();
+        sutProvider.GetDependency<IAutomaticallyConfirmOrganizationUserCommand>()
+            .AutomaticallyConfirmOrganizationUserAsync(Arg.Any<AutomaticallyConfirmOrganizationUserRequest>())
+            .Returns(new CommandResult(internalError));
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(orgId, orgUserId, model);
+
+        // Assert
+        var problemResult = Assert.IsType<JsonHttpResult<ErrorResponseModel>>(result);
+        Assert.Equal(StatusCodes.Status500InternalServerError, problemResult.StatusCode);
+    }
 }
diff --git a/test/Core.Test/AdminConsole/AutoFixture/OrganizationFixtures.cs b/test/Core.Test/AdminConsole/AutoFixture/OrganizationFixtures.cs
index e906862e3f..5cc1db4d37 100644
--- a/test/Core.Test/AdminConsole/AutoFixture/OrganizationFixtures.cs
+++ b/test/Core.Test/AdminConsole/AutoFixture/OrganizationFixtures.cs
@@ -1,6 +1,8 @@
-using System.Text.Json;
+using System.Reflection;
+using System.Text.Json;
 using AutoFixture;
 using AutoFixture.Kernel;
+using AutoFixture.Xunit2;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models;
@@ -20,6 +22,18 @@ public class OrganizationCustomization : ICustomization
 {
     public bool UseGroups { get; set; }
     public PlanType PlanType { get; set; }
+    public bool UseAutomaticUserConfirmation { get; set; }
+
+    public OrganizationCustomization()
+    {
+
+    }
+
+    public OrganizationCustomization(bool useAutomaticUserConfirmation, PlanType planType)
+    {
+        UseAutomaticUserConfirmation = useAutomaticUserConfirmation;
+        PlanType = planType;
+    }
 
     public void Customize(IFixture fixture)
     {
@@ -37,7 +51,8 @@ public class OrganizationCustomization : ICustomization
             .With(o => o.UseGroups, UseGroups)
             .With(o => o.PlanType, PlanType)
             .With(o => o.Seats, seats)
-            .With(o => o.SmSeats, smSeats));
+            .With(o => o.SmSeats, smSeats)
+            .With(o => o.UseAutomaticUserConfirmation, UseAutomaticUserConfirmation));
 
         fixture.Customize<Collection>(composer =>
             composer
@@ -277,3 +292,9 @@ internal class EphemeralDataProtectionAutoDataAttribute : CustomAutoDataAttribut
     public EphemeralDataProtectionAutoDataAttribute() : base(new SutProviderCustomization(), new EphemeralDataProtectionCustomization())
     { }
 }
+
+internal class OrganizationAttribute(bool useAutomaticUserConfirmation = false, PlanType planType = PlanType.Free) : CustomizeAttribute
+{
+    public override ICustomization GetCustomization(ParameterInfo parameter) =>
+        new OrganizationCustomization(useAutomaticUserConfirmation, planType);
+}
diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUsers/AutomaticallyConfirmOrganizationUsersValidatorTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUsers/AutomaticallyConfirmOrganizationUsersValidatorTests.cs
new file mode 100644
index 0000000000..eb377a8d08
--- /dev/null
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUsers/AutomaticallyConfirmOrganizationUsersValidatorTests.cs
@@ -0,0 +1,696 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.Models.Data;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Auth.UserFeatures.TwoFactorAuth.Interfaces;
+using Bit.Core.Billing.Enums;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Repositories;
+using Bit.Core.Test.AdminConsole.AutoFixture;
+using Bit.Core.Test.AutoFixture.OrganizationFixtures;
+using Bit.Core.Test.AutoFixture.OrganizationUserFixtures;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUsers;
+
+[SutProviderCustomize]
+public class AutomaticallyConfirmOrganizationUsersValidatorTests
+{
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithNullOrganizationUser_ReturnsUserNotFoundError(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        Organization organization)
+    {
+        // Arrange
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = null,
+            OrganizationUserId = Guid.NewGuid(),
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<UserNotFoundError>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithNullUserId_ReturnsUserNotFoundError(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser)
+    {
+        // Arrange
+        organizationUser.UserId = null;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<UserNotFoundError>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithNullOrganization_ReturnsOrganizationNotFoundError(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        Guid userId)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = null,
+            OrganizationId = organizationUser.OrganizationId,
+            Key = "test-key"
+        };
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<OrganizationNotFound>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithValidAcceptedUser_ReturnsValidResult(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        [Organization(useAutomaticUserConfirmation: true, planType: PlanType.EnterpriseAnnually)] Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        Guid userId,
+        [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
+            .Returns(autoConfirmPolicy);
+
+        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
+            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([(userId, true)]);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser]);
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsValid);
+        Assert.Equal(request, result.Request);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithMismatchedOrganizationId_ReturnsOrganizationUserIdIsInvalidError(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        Guid userId)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = Guid.NewGuid(); // Different from organization.Id
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser]);
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<OrganizationUserIdIsInvalid>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData(OrganizationUserStatusType.Invited)]
+    [BitAutoData(OrganizationUserStatusType.Revoked)]
+    [BitAutoData(OrganizationUserStatusType.Confirmed)]
+    public async Task ValidateAsync_WithNotAcceptedStatus_ReturnsUserIsNotAcceptedError(
+        OrganizationUserStatusType statusType,
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Revoked)] OrganizationUser organizationUser,
+        Guid userId)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+        organizationUser.Status = statusType;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<UserIsNotAccepted>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData(OrganizationUserType.Owner)]
+    [BitAutoData(OrganizationUserType.Custom)]
+    [BitAutoData(OrganizationUserType.Admin)]
+    public async Task ValidateAsync_WithNonUserType_ReturnsUserIsNotUserTypeError(
+        OrganizationUserType userType,
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        Guid userId)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+        organizationUser.Type = userType;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<UserIsNotUserType>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_UserWithout2FA_And2FARequired_ReturnsError(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        [Organization(useAutomaticUserConfirmation: true)] Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        Guid userId,
+        [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        var twoFactorPolicyDetails = new PolicyDetails
+        {
+            OrganizationId = organization.Id,
+            PolicyType = PolicyType.TwoFactorAuthentication
+        };
+
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
+            .Returns(autoConfirmPolicy);
+
+        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
+            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([(userId, false)]);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<RequireTwoFactorPolicyRequirement>(userId)
+            .Returns(new RequireTwoFactorPolicyRequirement([twoFactorPolicyDetails]));
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser]);
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<UserDoesNotHaveTwoFactorEnabled>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_UserWith2FA_ReturnsValidResult(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        [Organization(useAutomaticUserConfirmation: true)] Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        Guid userId,
+        [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
+            .Returns(autoConfirmPolicy);
+
+        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
+            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([(userId, true)]);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser]);
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsValid);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_UserWithout2FA_And2FANotRequired_ReturnsValidResult(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        [Organization(useAutomaticUserConfirmation: true)] Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        Guid userId,
+        [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
+            .Returns(autoConfirmPolicy);
+
+        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
+            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([(userId, false)]);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<RequireTwoFactorPolicyRequirement>(userId)
+            .Returns(new RequireTwoFactorPolicyRequirement([])); // No 2FA policy
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser]);
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsValid);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_UserInMultipleOrgs_WithSingleOrgPolicyOnThisOrg_ReturnsError(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        [Organization(useAutomaticUserConfirmation: true)] Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        OrganizationUser otherOrgUser,
+        Guid userId,
+        [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        var singleOrgPolicyDetails = new PolicyDetails
+        {
+            OrganizationId = organization.Id,
+            PolicyType = PolicyType.SingleOrg
+        };
+
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
+            .Returns(autoConfirmPolicy);
+
+        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
+            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([(userId, true)]);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser, otherOrgUser]);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<SingleOrganizationPolicyRequirement>(userId)
+            .Returns(new SingleOrganizationPolicyRequirement([singleOrgPolicyDetails]));
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<OrganizationEnforcesSingleOrgPolicy>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_UserInMultipleOrgs_WithSingleOrgPolicyOnOtherOrg_ReturnsError(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        [Organization(useAutomaticUserConfirmation: true)] Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        OrganizationUser otherOrgUser,
+        Guid userId,
+        [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        var otherOrgId = Guid.NewGuid(); // Different org
+        var singleOrgPolicyDetails = new PolicyDetails
+        {
+            OrganizationId = otherOrgId,
+            PolicyType = PolicyType.SingleOrg,
+        };
+
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
+            .Returns(autoConfirmPolicy);
+
+        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
+            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([(userId, true)]);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser, otherOrgUser]);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<SingleOrganizationPolicyRequirement>(userId)
+            .Returns(new SingleOrganizationPolicyRequirement([singleOrgPolicyDetails]));
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<OtherOrganizationEnforcesSingleOrgPolicy>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_UserInSingleOrg_ReturnsValidResult(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        [Organization(useAutomaticUserConfirmation: true)] Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        Guid userId,
+        [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
+            .Returns(autoConfirmPolicy);
+
+        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
+            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([(userId, true)]);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser]); // Single org
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsValid);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_UserInMultipleOrgs_WithNoSingleOrgPolicy_ReturnsValidResult(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        [Organization(useAutomaticUserConfirmation: true)] Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        OrganizationUser otherOrgUser,
+        Guid userId,
+        Policy autoConfirmPolicy)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+        autoConfirmPolicy.Type = PolicyType.AutomaticUserConfirmation;
+        autoConfirmPolicy.Enabled = true;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
+            .Returns(autoConfirmPolicy);
+
+        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
+            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([(userId, true)]);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser, otherOrgUser]);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<SingleOrganizationPolicyRequirement>(userId)
+            .Returns(new SingleOrganizationPolicyRequirement([]));
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsValid);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithAutoConfirmPolicyDisabled_ReturnsAutoConfirmPolicyNotEnabledError(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        Guid userId)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
+            .Returns((Policy)null);
+
+        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
+            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([(userId, true)]);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser]);
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<AutomaticallyConfirmUsersPolicyIsNotEnabled>(result.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithOrganizationUseAutomaticUserConfirmationDisabled_ReturnsAutoConfirmPolicyNotEnabledError(
+        SutProvider<AutomaticallyConfirmOrganizationUsersValidator> sutProvider,
+        [Organization(useAutomaticUserConfirmation: false)] Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        Guid userId,
+        [Policy(PolicyType.AutomaticUserConfirmation)] Policy autoConfirmPolicy)
+    {
+        // Arrange
+        organizationUser.UserId = userId;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = Substitute.For<IActingUser>(),
+            DefaultUserCollectionName = "test-collection",
+            OrganizationUser = organizationUser,
+            OrganizationUserId = organizationUser.Id,
+            Organization = organization,
+            OrganizationId = organization.Id,
+            Key = "test-key"
+        };
+
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(organization.Id, PolicyType.AutomaticUserConfirmation)
+            .Returns(autoConfirmPolicy);
+
+        sutProvider.GetDependency<ITwoFactorIsEnabledQuery>()
+            .TwoFactorIsEnabledAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([(userId, true)]);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByUserAsync(userId)
+            .Returns([organizationUser]);
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<AutomaticallyConfirmUsersPolicyIsNotEnabled>(result.AsError);
+    }
+}
diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUsers/AutomaticallyConfirmUsersCommandTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUsers/AutomaticallyConfirmUsersCommandTests.cs
new file mode 100644
index 0000000000..1035d5c578
--- /dev/null
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/AutoConfirmUsers/AutomaticallyConfirmUsersCommandTests.cs
@@ -0,0 +1,730 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Models.Data;
+using Bit.Core.AdminConsole.Models.Data.Organizations.Policies;
+using Bit.Core.AdminConsole.Models.Data.OrganizationUsers;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUser;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyRequirements;
+using Bit.Core.AdminConsole.Utilities.v2;
+using Bit.Core.AdminConsole.Utilities.v2.Validation;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data;
+using Bit.Core.Platform.Push;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Bit.Core.Test.AutoFixture.OrganizationUserFixtures;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Microsoft.Extensions.Logging;
+using NSubstitute;
+using NSubstitute.ExceptionExtensions;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.AutoConfirmUsers;
+
+[SutProviderCustomize]
+public class AutomaticallyConfirmUsersCommandTests
+{
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WithValidRequest_ConfirmsUserSuccessfully(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key,
+        string defaultCollectionName)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = defaultCollectionName,
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, true);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(o =>
+                o.OrganizationUserId == organizationUser.Id && o.Key == request.Key))
+            .Returns(true);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert
+        Assert.True(result.IsSuccess);
+
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(o =>
+                o.OrganizationUserId == organizationUser.Id && o.Key == request.Key));
+
+        await AssertSuccessfulOperationsAsync(sutProvider, organizationUser, organization, user, key);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WithInvalidUserOrgId_ReturnsOrganizationUserIdIsInvalidError(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key,
+        string defaultCollectionName)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = Guid.NewGuid(); // User belongs to another organization
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = defaultCollectionName,
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, false, new OrganizationUserIdIsInvalid());
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert
+        Assert.True(result.IsError);
+        Assert.IsType<OrganizationUserIdIsInvalid>(result.AsError);
+
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .DidNotReceive()
+            .ConfirmOrganizationUserAsync(Arg.Any<AcceptedOrganizationUserToConfirm>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WhenAlreadyConfirmed_ReturnsNoneSuccess(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key,
+        string defaultCollectionName)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = defaultCollectionName,
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, true);
+
+        // Return false to indicate the user is already confirmed
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(x =>
+                x.OrganizationUserId == organizationUser.Id && x.Key == request.Key))
+            .Returns(false);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert
+        Assert.True(result.IsSuccess);
+
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(x =>
+                x.OrganizationUserId == organizationUser.Id && x.Key == request.Key));
+
+        // Verify no side effects occurred
+        await sutProvider.GetDependency<IEventService>()
+            .DidNotReceive()
+            .LogOrganizationUserEventAsync(Arg.Any<OrganizationUser>(), Arg.Any<EventType>(), Arg.Any<DateTime?>());
+
+        await sutProvider.GetDependency<IPushNotificationService>()
+            .DidNotReceive()
+            .PushSyncOrgKeysAsync(Arg.Any<Guid>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WithDefaultCollectionEnabled_CreatesDefaultCollection(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key,
+        string defaultCollectionName)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = defaultCollectionName, // Non-empty to trigger creation
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, true);
+        SetupPolicyRequirementMock(sutProvider, user.Id, organization.Id, true); // Policy requires collection
+
+        sutProvider.GetDependency<IOrganizationUserRepository>().ConfirmOrganizationUserAsync(
+                Arg.Is<AcceptedOrganizationUserToConfirm>(o =>
+                    o.OrganizationUserId == organizationUser.Id && o.Key == request.Key))
+            .Returns(true);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert
+        Assert.True(result.IsSuccess);
+
+        await sutProvider.GetDependency<ICollectionRepository>()
+            .Received(1)
+            .CreateAsync(
+                Arg.Is<Collection>(c =>
+                    c.OrganizationId == organization.Id &&
+                    c.Name == defaultCollectionName &&
+                    c.Type == CollectionType.DefaultUserCollection),
+                Arg.Is<IEnumerable<CollectionAccessSelection>>(groups => groups == null),
+                Arg.Is<IEnumerable<CollectionAccessSelection>>(access =>
+                    access.FirstOrDefault(x => x.Id == organizationUser.Id && x.Manage) != null));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WithDefaultCollectionDisabled_DoesNotCreateCollection(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = string.Empty, // Empty, so the collection won't be created
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, true);
+        SetupPolicyRequirementMock(sutProvider, user.Id, organization.Id, false); // Policy doesn't require
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(o =>
+                o.OrganizationUserId == organizationUser.Id && o.Key == request.Key))
+            .Returns(true);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert
+        Assert.True(result.IsSuccess);
+
+        await sutProvider.GetDependency<ICollectionRepository>()
+            .DidNotReceive()
+            .CreateAsync(Arg.Any<Collection>(),
+                Arg.Any<IEnumerable<CollectionAccessSelection>>(),
+                Arg.Any<IEnumerable<CollectionAccessSelection>>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WhenCreateDefaultCollectionFails_LogsErrorButReturnsSuccess(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key,
+        string defaultCollectionName)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = defaultCollectionName, // Non-empty to trigger creation
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, true);
+        SetupPolicyRequirementMock(sutProvider, user.Id, organization.Id, true);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(o =>
+                o.OrganizationUserId == organizationUser.Id && o.Key == request.Key)).Returns(true);
+
+        var collectionException = new Exception("Collection creation failed");
+        sutProvider.GetDependency<ICollectionRepository>()
+            .CreateAsync(Arg.Any<Collection>(),
+                Arg.Any<IEnumerable<CollectionAccessSelection>>(),
+                Arg.Any<IEnumerable<CollectionAccessSelection>>())
+            .ThrowsAsync(collectionException);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert - side effects are fire-and-forget, so command returns success even if collection creation fails
+        Assert.True(result.IsSuccess);
+
+        sutProvider.GetDependency<ILogger<AutomaticallyConfirmOrganizationUserCommand>>()
+            .Received(1)
+            .Log(
+                LogLevel.Error,
+                Arg.Any<EventId>(),
+                Arg.Is<object>(o => o.ToString()!.Contains("Failed to create default collection for user")),
+                collectionException,
+                Arg.Any<Func<object, Exception?, string>>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WhenEventLogFails_LogsErrorButReturnsSuccess(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key,
+        string defaultCollectionName)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = defaultCollectionName,
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, true);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(o =>
+                o.OrganizationUserId == organizationUser.Id && o.Key == request.Key))
+            .Returns(true);
+
+        var eventException = new Exception("Event logging failed");
+        sutProvider.GetDependency<IEventService>()
+            .LogOrganizationUserEventAsync(Arg.Any<OrganizationUser>(),
+                EventType.OrganizationUser_AutomaticallyConfirmed,
+                Arg.Any<DateTime?>())
+            .ThrowsAsync(eventException);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert - side effects are fire-and-forget, so command returns success even if event log fails
+        Assert.True(result.IsSuccess);
+
+        sutProvider.GetDependency<ILogger<AutomaticallyConfirmOrganizationUserCommand>>()
+            .Received(1)
+            .Log(
+                LogLevel.Error,
+                Arg.Any<EventId>(),
+                Arg.Is<object>(o => o.ToString()!.Contains("Failed to log OrganizationUser_AutomaticallyConfirmed event")),
+                eventException,
+                Arg.Any<Func<object, Exception?, string>>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WhenSendEmailFails_LogsErrorButReturnsSuccess(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key,
+        string defaultCollectionName)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = defaultCollectionName,
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, true);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(o =>
+                o.OrganizationUserId == organizationUser.Id && o.Key == request.Key))
+            .Returns(true);
+
+        var emailException = new Exception("Email sending failed");
+        sutProvider.GetDependency<IMailService>()
+            .SendOrganizationConfirmedEmailAsync(organization.Name, user.Email, organizationUser.AccessSecretsManager)
+            .ThrowsAsync(emailException);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert - side effects are fire-and-forget, so command returns success even if email fails
+        Assert.True(result.IsSuccess);
+
+        sutProvider.GetDependency<ILogger<AutomaticallyConfirmOrganizationUserCommand>>()
+            .Received(1)
+            .Log(
+                LogLevel.Error,
+                Arg.Any<EventId>(),
+                Arg.Is<object>(o => o.ToString()!.Contains("Failed to send OrganizationUserConfirmed")),
+                emailException,
+                Arg.Any<Func<object, Exception?, string>>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WhenUserNotFoundForEmail_LogsErrorButReturnsSuccess(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key,
+        string defaultCollectionName)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = defaultCollectionName,
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, true);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(o =>
+                o.OrganizationUserId == organizationUser.Id && o.Key == request.Key))
+            .Returns(true);
+
+        // Return null when retrieving user for email
+        sutProvider.GetDependency<IUserRepository>()
+            .GetByIdAsync(user.Id)
+            .Returns((User)null!);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert - side effects are fire-and-forget, so command returns success even if user not found for email
+        Assert.True(result.IsSuccess);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WhenDeleteDeviceRegistrationFails_LogsErrorButReturnsSuccess(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key,
+        string defaultCollectionName,
+        Device device)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+        device.UserId = user.Id;
+        device.PushToken = "test-push-token";
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = defaultCollectionName,
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, true);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(o =>
+                o.OrganizationUserId == organizationUser.Id && o.Key == request.Key))
+            .Returns(true);
+
+        sutProvider.GetDependency<IDeviceRepository>()
+            .GetManyByUserIdAsync(user.Id)
+            .Returns(new List<Device> { device });
+
+        var deviceException = new Exception("Device registration deletion failed");
+        sutProvider.GetDependency<IPushRegistrationService>()
+            .DeleteUserRegistrationOrganizationAsync(Arg.Any<IEnumerable<string>>(), organization.Id.ToString())
+            .ThrowsAsync(deviceException);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert - side effects are fire-and-forget, so command returns success even if device registration deletion fails
+        Assert.True(result.IsSuccess);
+
+        sutProvider.GetDependency<ILogger<AutomaticallyConfirmOrganizationUserCommand>>()
+            .Received(1)
+            .Log(
+                LogLevel.Error,
+                Arg.Any<EventId>(),
+                Arg.Is<object>(o => o.ToString()!.Contains("Failed to delete device registration")),
+                deviceException,
+                Arg.Any<Func<object, Exception?, string>>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WhenPushSyncOrgKeysFails_LogsErrorButReturnsSuccess(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key,
+        string defaultCollectionName)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = defaultCollectionName,
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, true);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(o =>
+                o.OrganizationUserId == organizationUser.Id && o.Key == request.Key))
+            .Returns(true);
+
+        var pushException = new Exception("Push sync failed");
+        sutProvider.GetDependency<IPushNotificationService>()
+            .PushSyncOrgKeysAsync(user.Id)
+            .ThrowsAsync(pushException);
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert - side effects are fire-and-forget, so command returns success even if push sync fails
+        Assert.True(result.IsSuccess);
+
+        sutProvider.GetDependency<ILogger<AutomaticallyConfirmOrganizationUserCommand>>()
+            .Received(1)
+            .Log(
+                LogLevel.Error,
+                Arg.Any<EventId>(),
+                Arg.Is<object>(o => o.ToString()!.Contains("Failed to push organization keys")),
+                pushException,
+                Arg.Any<Func<object, Exception?, string>>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task AutomaticallyConfirmOrganizationUserAsync_WithDevicesWithoutPushToken_FiltersCorrectly(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Organization organization,
+        [OrganizationUser(OrganizationUserStatusType.Accepted)] OrganizationUser organizationUser,
+        User user,
+        Guid performingUserId,
+        string key,
+        string defaultCollectionName,
+        Device deviceWithToken,
+        Device deviceWithoutToken)
+    {
+        // Arrange
+        organizationUser.UserId = user.Id;
+        organizationUser.OrganizationId = organization.Id;
+        deviceWithToken.UserId = user.Id;
+        deviceWithToken.PushToken = "test-token";
+        deviceWithoutToken.UserId = user.Id;
+        deviceWithoutToken.PushToken = null;
+        var request = new AutomaticallyConfirmOrganizationUserRequest
+        {
+            OrganizationUserId = organizationUser.Id,
+            OrganizationId = organization.Id,
+            Key = key,
+            DefaultUserCollectionName = defaultCollectionName,
+            PerformedBy = new StandardUser(performingUserId, true)
+        };
+
+        SetupRepositoryMocks(sutProvider, organizationUser, organization, user);
+        SetupValidatorMock(sutProvider, request, organizationUser, organization, true);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .ConfirmOrganizationUserAsync(Arg.Is<AcceptedOrganizationUserToConfirm>(o =>
+                o.OrganizationUserId == organizationUser.Id && o.Key == request.Key))
+            .Returns(true);
+
+        sutProvider.GetDependency<IDeviceRepository>()
+            .GetManyByUserIdAsync(user.Id)
+            .Returns(new List<Device> { deviceWithToken, deviceWithoutToken });
+
+        // Act
+        var result = await sutProvider.Sut.AutomaticallyConfirmOrganizationUserAsync(request);
+
+        // Assert
+        Assert.True(result.IsSuccess);
+
+        await sutProvider.GetDependency<IPushRegistrationService>()
+            .Received(1)
+            .DeleteUserRegistrationOrganizationAsync(
+                Arg.Is<IEnumerable<string>>(devices =>
+                    devices.Count(d => deviceWithToken.Id.ToString() == d) == 1),
+                organization.Id.ToString());
+    }
+
+    private static void SetupRepositoryMocks(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        OrganizationUser organizationUser,
+        Organization organization,
+        User user)
+    {
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetByIdAsync(organizationUser.Id)
+            .Returns(organizationUser);
+
+        sutProvider.GetDependency<IOrganizationRepository>()
+            .GetByIdAsync(organization.Id)
+            .Returns(organization);
+
+        sutProvider.GetDependency<IUserRepository>()
+            .GetByIdAsync(user.Id)
+            .Returns(user);
+
+        sutProvider.GetDependency<IDeviceRepository>()
+            .GetManyByUserIdAsync(user.Id)
+            .Returns(new List<Device>());
+    }
+
+    private static void SetupValidatorMock(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        AutomaticallyConfirmOrganizationUserRequest originalRequest,
+        OrganizationUser organizationUser,
+        Organization organization,
+        bool isValid,
+        Error? error = null)
+    {
+        var validationRequest = new AutomaticallyConfirmOrganizationUserValidationRequest
+        {
+            PerformedBy = originalRequest.PerformedBy,
+            DefaultUserCollectionName = originalRequest.DefaultUserCollectionName,
+            OrganizationUserId = originalRequest.OrganizationUserId,
+            OrganizationUser = organizationUser,
+            OrganizationId = originalRequest.OrganizationId,
+            Organization = organization,
+            Key = originalRequest.Key
+        };
+
+        var validationResult = isValid
+            ? ValidationResultHelpers.Valid(validationRequest)
+            : ValidationResultHelpers.Invalid(validationRequest, error ?? new UserIsNotAccepted());
+
+        sutProvider.GetDependency<IAutomaticallyConfirmOrganizationUsersValidator>()
+            .ValidateAsync(Arg.Any<AutomaticallyConfirmOrganizationUserValidationRequest>())
+            .Returns(validationResult);
+    }
+
+    private static void SetupPolicyRequirementMock(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        Guid userId,
+        Guid organizationId,
+        bool requiresDefaultCollection)
+    {
+        var policyDetails = requiresDefaultCollection
+            ? new List<PolicyDetails> { new() { OrganizationId = organizationId } }
+            : new List<PolicyDetails>();
+
+        var policyRequirement = new OrganizationDataOwnershipPolicyRequirement(
+            requiresDefaultCollection ? OrganizationDataOwnershipState.Enabled : OrganizationDataOwnershipState.Disabled,
+            policyDetails);
+
+        sutProvider.GetDependency<IPolicyRequirementQuery>()
+            .GetAsync<OrganizationDataOwnershipPolicyRequirement>(userId)
+            .Returns(policyRequirement);
+    }
+
+    private static async Task AssertSuccessfulOperationsAsync(
+        SutProvider<AutomaticallyConfirmOrganizationUserCommand> sutProvider,
+        OrganizationUser organizationUser,
+        Organization organization,
+        User user,
+        string key)
+    {
+        await sutProvider.GetDependency<IEventService>()
+            .Received(1)
+            .LogOrganizationUserEventAsync(
+                Arg.Is<OrganizationUser>(x => x.Id == organizationUser.Id),
+                EventType.OrganizationUser_AutomaticallyConfirmed,
+                Arg.Any<DateTime?>());
+
+        await sutProvider.GetDependency<IMailService>()
+            .Received(1)
+            .SendOrganizationConfirmedEmailAsync(
+                organization.Name,
+                user.Email,
+                organizationUser.AccessSecretsManager);
+
+        await sutProvider.GetDependency<IPushNotificationService>()
+            .Received(1)
+            .PushSyncOrgKeysAsync(user.Id);
+
+        await sutProvider.GetDependency<IPushRegistrationService>()
+            .Received(1)
+            .DeleteUserRegistrationOrganizationAsync(
+                Arg.Any<IEnumerable<string>>(),
+                organization.Id.ToString());
+    }
+}
diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccountvNext/DeleteClaimedOrganizationUserAccountCommandTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccountvNext/DeleteClaimedOrganizationUserAccountCommandTests.cs
index c223520a04..dfb1b35be0 100644
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccountvNext/DeleteClaimedOrganizationUserAccountCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/DeleteClaimedAccountvNext/DeleteClaimedOrganizationUserAccountCommandTests.cs
@@ -1,5 +1,7 @@
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.DeleteClaimedAccount;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.AdminConsole.Utilities.v2;
+using Bit.Core.AdminConsole.Utilities.v2.Validation;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
diff --git a/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs b/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs
index 157d6a2589..1e1e512b27 100644
--- a/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs
+++ b/test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs
@@ -1,4 +1,5 @@
 using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Models.Data.OrganizationUsers;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
 using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Auth.Entities;
@@ -1487,8 +1488,15 @@ public class OrganizationUserRepositoryTests
         const string key = "test-key";
         orgUser.Key = key;
 
+        var acceptedOrganizationUser = new AcceptedOrganizationUserToConfirm
+        {
+            OrganizationUserId = orgUser.Id,
+            UserId = user.Id,
+            Key = key
+        };
+
         // Act
-        var result = await organizationUserRepository.ConfirmOrganizationUserAsync(orgUser);
+        var result = await organizationUserRepository.ConfirmOrganizationUserAsync(acceptedOrganizationUser);
 
         // Assert
         Assert.True(result);
@@ -1502,27 +1510,6 @@ public class OrganizationUserRepositoryTests
         await userRepository.DeleteAsync(user);
     }
 
-    [Theory, DatabaseData]
-    public async Task ConfirmOrganizationUserAsync_WhenUserIsInvited_ReturnsFalse(IOrganizationUserRepository organizationUserRepository,
-        IOrganizationRepository organizationRepository)
-    {
-        // Arrange
-        var organization = await organizationRepository.CreateTestOrganizationAsync();
-        var orgUser = await organizationUserRepository.CreateTestOrganizationUserInviteAsync(organization);
-
-        // Act
-        var result = await organizationUserRepository.ConfirmOrganizationUserAsync(orgUser);
-
-        // Assert
-        Assert.False(result);
-        var unchangedUser = await organizationUserRepository.GetByIdAsync(orgUser.Id);
-        Assert.NotNull(unchangedUser);
-        Assert.Equal(OrganizationUserStatusType.Invited, unchangedUser.Status);
-
-        // Annul
-        await organizationRepository.DeleteAsync(organization);
-    }
-
     [Theory, DatabaseData]
     public async Task ConfirmOrganizationUserAsync_WhenUserIsAlreadyConfirmed_ReturnsFalse(IOrganizationUserRepository organizationUserRepository,
         IOrganizationRepository organizationRepository,
@@ -1533,8 +1520,17 @@ public class OrganizationUserRepositoryTests
         var user = await userRepository.CreateTestUserAsync();
         var orgUser = await organizationUserRepository.CreateConfirmedTestOrganizationUserAsync(organization, user);
 
+        orgUser.Status = OrganizationUserStatusType.Accepted; // To simulate a second call to ConfirmOrganizationUserAsync
+
+        var acceptedOrganizationUser = new AcceptedOrganizationUserToConfirm
+        {
+            OrganizationUserId = orgUser.Id,
+            UserId = user.Id,
+            Key = "test-key"
+        };
+
         // Act
-        var result = await organizationUserRepository.ConfirmOrganizationUserAsync(orgUser);
+        var result = await organizationUserRepository.ConfirmOrganizationUserAsync(acceptedOrganizationUser);
 
         // Assert
         Assert.False(result);
@@ -1547,30 +1543,6 @@ public class OrganizationUserRepositoryTests
         await userRepository.DeleteAsync(user);
     }
 
-    [Theory, DatabaseData]
-    public async Task ConfirmOrganizationUserAsync_WhenUserIsRevoked_ReturnsFalse(IOrganizationUserRepository organizationUserRepository,
-        IOrganizationRepository organizationRepository,
-        IUserRepository userRepository)
-    {
-        // Arrange
-        var organization = await organizationRepository.CreateTestOrganizationAsync();
-        var user = await userRepository.CreateTestUserAsync();
-        var orgUser = await organizationUserRepository.CreateRevokedTestOrganizationUserAsync(organization, user);
-
-        // Act
-        var result = await organizationUserRepository.ConfirmOrganizationUserAsync(orgUser);
-
-        // Assert
-        Assert.False(result);
-        var unchangedUser = await organizationUserRepository.GetByIdAsync(orgUser.Id);
-        Assert.NotNull(unchangedUser);
-        Assert.Equal(OrganizationUserStatusType.Revoked, unchangedUser.Status);
-
-        // Annul
-        await organizationRepository.DeleteAsync(organization);
-        await userRepository.DeleteAsync(user);
-    }
-
     [Theory, DatabaseData]
     public async Task ConfirmOrganizationUserAsync_IsIdempotent_WhenCalledMultipleTimes(
         IOrganizationUserRepository organizationUserRepository,
@@ -1582,9 +1554,16 @@ public class OrganizationUserRepositoryTests
         var user = await userRepository.CreateTestUserAsync();
         var orgUser = await organizationUserRepository.CreateAcceptedTestOrganizationUserAsync(organization, user);
 
+        var acceptedOrganizationUser = new AcceptedOrganizationUserToConfirm
+        {
+            OrganizationUserId = orgUser.Id,
+            UserId = user.Id,
+            Key = "test-key"
+        };
+
         // Act - First call should confirm
-        var firstResult = await organizationUserRepository.ConfirmOrganizationUserAsync(orgUser);
-        var secondResult = await organizationUserRepository.ConfirmOrganizationUserAsync(orgUser);
+        var firstResult = await organizationUserRepository.ConfirmOrganizationUserAsync(acceptedOrganizationUser);
+        var secondResult = await organizationUserRepository.ConfirmOrganizationUserAsync(acceptedOrganizationUser);
 
         // Assert
         Assert.True(firstResult);
@@ -1603,14 +1582,11 @@ public class OrganizationUserRepositoryTests
         IOrganizationUserRepository organizationUserRepository)
     {
         // Arrange
-        var nonExistentUser = new OrganizationUser
+        var nonExistentUser = new AcceptedOrganizationUserToConfirm
         {
-            Id = Guid.NewGuid(),
-            OrganizationId = Guid.NewGuid(),
+            OrganizationUserId = Guid.NewGuid(),
             UserId = Guid.NewGuid(),
-            Email = "nonexistent@bitwarden.com",
-            Status = OrganizationUserStatusType.Accepted,
-            Type = OrganizationUserType.Owner
+            Key = "test-key"
         };
 
         // Act