Merge remote-tracking branch 'origin/main' into xunit-v3-full-upgrade

2026-01-19 08:53:57 +00:00 · 2025-12-12 16:00:18 -05:00
parent b855e1fc18 5ac8536855
commit 8b21b1dff8
523 changed files with 34986 additions and 7245 deletions
--- a/test/Core.Test/AdminConsole/AutoFixture/OrganizationFixtures.cs
+++ b/test/Core.Test/AdminConsole/AutoFixture/OrganizationFixtures.cs
@@ -11,7 +11,7 @@ using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Business;
 using Bit.Core.Models.Data;
-using Bit.Core.Utilities;
+using Bit.Core.Test.Billing.Mocks;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Microsoft.AspNetCore.DataProtection;
@@ -39,7 +39,7 @@ public class OrganizationCustomization : ICustomization
    {
        var organizationId = Guid.NewGuid();
        var maxCollections = (short)new Random().Next(10, short.MaxValue);
-        var plan = StaticStore.Plans.FirstOrDefault(p => p.Type == PlanType);
+        var plan = MockPlans.Plans.FirstOrDefault(p => p.Type == PlanType);
        var seats = (short)new Random().Next(plan.PasswordManager.BaseSeats, plan.PasswordManager.MaxSeats ?? short.MaxValue);
        var smSeats = plan.SupportsSecretsManager
            ? (short?)new Random().Next(plan.SecretsManager.BaseSeats, plan.SecretsManager.MaxSeats ?? short.MaxValue)
@@ -92,7 +92,7 @@ internal class PaidOrganization : ICustomization
    public PlanType CheckedPlanType { get; set; }
    public void Customize(IFixture fixture)
    {
-        var validUpgradePlans = StaticStore.Plans.Where(p => p.Type != PlanType.Free && p.LegacyYear == null).OrderBy(p => p.UpgradeSortOrder).Select(p => p.Type).ToList();
+        var validUpgradePlans = MockPlans.Plans.Where(p => p.Type != PlanType.Free && p.LegacyYear == null).OrderBy(p => p.UpgradeSortOrder).Select(p => p.Type).ToList();
        var lowestActivePaidPlan = validUpgradePlans.First();
        CheckedPlanType = CheckedPlanType.Equals(PlanType.Free) ? lowestActivePaidPlan : CheckedPlanType;
        validUpgradePlans.Remove(lowestActivePaidPlan);
@@ -120,7 +120,7 @@ internal class FreeOrganizationUpgrade : ICustomization
            .With(o => o.PlanType, PlanType.Free));

        var plansToIgnore = new List<PlanType> { PlanType.Free, PlanType.Custom };
-        var selectedPlan = StaticStore.Plans.Last(p => !plansToIgnore.Contains(p.Type) && !p.Disabled);
+        var selectedPlan = MockPlans.Plans.Last(p => !plansToIgnore.Contains(p.Type) && !p.Disabled);

        fixture.Customize<OrganizationUpgrade>(composer => composer
            .With(ou => ou.Plan, selectedPlan.Type)
@@ -168,7 +168,7 @@ public class SecretsManagerOrganizationCustomization : ICustomization
            .With(o => o.Id, organizationId)
            .With(o => o.UseSecretsManager, true)
            .With(o => o.PlanType, planType)
-            .With(o => o.Plan, StaticStore.GetPlan(planType).Name)
+            .With(o => o.Plan, MockPlans.Get(planType).Name)
            .With(o => o.MaxAutoscaleSmSeats, (int?)null)
            .With(o => o.MaxAutoscaleSmServiceAccounts, (int?)null));
    }
--- a/test/Core.Test/AdminConsole/EventIntegrations/EventIntegrationServiceCollectionExtensionsTests.cs
+++ b/test/Core.Test/AdminConsole/EventIntegrations/EventIntegrationServiceCollectionExtensionsTests.cs
@@ -0,0 +1,198 @@
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations.Interfaces;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrations.Interfaces;
+using Bit.Core.AdminConsole.Services;
+using Bit.Core.Repositories;
+using Bit.Core.Settings;
+using Bit.Core.Utilities;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using NSubstitute;
+using StackExchange.Redis;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations;
+
+public class EventIntegrationServiceCollectionExtensionsTests
+{
+    private readonly IServiceCollection _services;
+    private readonly GlobalSettings _globalSettings;
+
+    public EventIntegrationServiceCollectionExtensionsTests()
+    {
+        _services = new ServiceCollection();
+        _globalSettings = CreateGlobalSettings([]);
+
+        // Add required infrastructure services
+        _services.TryAddSingleton(_globalSettings);
+        _services.TryAddSingleton<IGlobalSettings>(_globalSettings);
+        _services.AddLogging();
+
+        // Mock Redis connection for cache
+        _services.AddSingleton(Substitute.For<IConnectionMultiplexer>());
+
+        // Mock required repository dependencies for commands
+        _services.TryAddScoped(_ => Substitute.For<IOrganizationIntegrationRepository>());
+        _services.TryAddScoped(_ => Substitute.For<IOrganizationIntegrationConfigurationRepository>());
+        _services.TryAddScoped(_ => Substitute.For<IOrganizationRepository>());
+    }
+
+    [Fact]
+    public void AddEventIntegrationsCommandsQueries_RegistersAllServices()
+    {
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+
+        using var provider = _services.BuildServiceProvider();
+
+        var cache = provider.GetRequiredKeyedService<IFusionCache>(EventIntegrationsCacheConstants.CacheName);
+        Assert.NotNull(cache);
+
+        var validator = provider.GetRequiredService<IOrganizationIntegrationConfigurationValidator>();
+        Assert.NotNull(validator);
+
+        using var scope = provider.CreateScope();
+        var sp = scope.ServiceProvider;
+
+        Assert.NotNull(sp.GetService<ICreateOrganizationIntegrationCommand>());
+        Assert.NotNull(sp.GetService<IUpdateOrganizationIntegrationCommand>());
+        Assert.NotNull(sp.GetService<IDeleteOrganizationIntegrationCommand>());
+        Assert.NotNull(sp.GetService<IGetOrganizationIntegrationsQuery>());
+
+        Assert.NotNull(sp.GetService<ICreateOrganizationIntegrationConfigurationCommand>());
+        Assert.NotNull(sp.GetService<IUpdateOrganizationIntegrationConfigurationCommand>());
+        Assert.NotNull(sp.GetService<IDeleteOrganizationIntegrationConfigurationCommand>());
+        Assert.NotNull(sp.GetService<IGetOrganizationIntegrationConfigurationsQuery>());
+    }
+
+    [Fact]
+    public void AddEventIntegrationsCommandsQueries_CommandsQueries_AreRegisteredAsScoped()
+    {
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+
+        var createIntegrationDescriptor = _services.First(s =>
+            s.ServiceType == typeof(ICreateOrganizationIntegrationCommand));
+        var createConfigDescriptor = _services.First(s =>
+            s.ServiceType == typeof(ICreateOrganizationIntegrationConfigurationCommand));
+
+        Assert.Equal(ServiceLifetime.Scoped, createIntegrationDescriptor.Lifetime);
+        Assert.Equal(ServiceLifetime.Scoped, createConfigDescriptor.Lifetime);
+    }
+
+    [Fact]
+    public void AddEventIntegrationsCommandsQueries_CommandsQueries_DifferentInstancesPerScope()
+    {
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+
+        var provider = _services.BuildServiceProvider();
+
+        ICreateOrganizationIntegrationCommand? instance1, instance2, instance3;
+        using (var scope1 = provider.CreateScope())
+        {
+            instance1 = scope1.ServiceProvider.GetService<ICreateOrganizationIntegrationCommand>();
+        }
+        using (var scope2 = provider.CreateScope())
+        {
+            instance2 = scope2.ServiceProvider.GetService<ICreateOrganizationIntegrationCommand>();
+        }
+        using (var scope3 = provider.CreateScope())
+        {
+            instance3 = scope3.ServiceProvider.GetService<ICreateOrganizationIntegrationCommand>();
+        }
+
+        Assert.NotNull(instance1);
+        Assert.NotNull(instance2);
+        Assert.NotNull(instance3);
+        Assert.NotSame(instance1, instance2);
+        Assert.NotSame(instance2, instance3);
+        Assert.NotSame(instance1, instance3);
+    }
+
+    [Fact]
+    public void AddEventIntegrationsCommandsQueries_CommandsQueries__SameInstanceWithinScope()
+    {
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+        var provider = _services.BuildServiceProvider();
+
+        using var scope = provider.CreateScope();
+        var instance1 = scope.ServiceProvider.GetService<ICreateOrganizationIntegrationCommand>();
+        var instance2 = scope.ServiceProvider.GetService<ICreateOrganizationIntegrationCommand>();
+
+        Assert.NotNull(instance1);
+        Assert.NotNull(instance2);
+        Assert.Same(instance1, instance2);
+    }
+
+    [Fact]
+    public void AddEventIntegrationsCommandsQueries_MultipleCalls_IsIdempotent()
+    {
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+        _services.AddEventIntegrationsCommandsQueries(_globalSettings);
+
+        var createConfigCmdDescriptors = _services.Where(s =>
+            s.ServiceType == typeof(ICreateOrganizationIntegrationConfigurationCommand)).ToList();
+        Assert.Single(createConfigCmdDescriptors);
+
+        var updateIntegrationCmdDescriptors = _services.Where(s =>
+            s.ServiceType == typeof(IUpdateOrganizationIntegrationCommand)).ToList();
+        Assert.Single(updateIntegrationCmdDescriptors);
+    }
+
+    [Fact]
+    public void AddOrganizationIntegrationCommandsQueries_RegistersAllIntegrationServices()
+    {
+        _services.AddOrganizationIntegrationCommandsQueries();
+
+        Assert.Contains(_services, s => s.ServiceType == typeof(ICreateOrganizationIntegrationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IUpdateOrganizationIntegrationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IDeleteOrganizationIntegrationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IGetOrganizationIntegrationsQuery));
+    }
+
+    [Fact]
+    public void AddOrganizationIntegrationCommandsQueries_MultipleCalls_IsIdempotent()
+    {
+        _services.AddOrganizationIntegrationCommandsQueries();
+        _services.AddOrganizationIntegrationCommandsQueries();
+        _services.AddOrganizationIntegrationCommandsQueries();
+
+        var createCmdDescriptors = _services.Where(s =>
+            s.ServiceType == typeof(ICreateOrganizationIntegrationCommand)).ToList();
+        Assert.Single(createCmdDescriptors);
+    }
+
+    [Fact]
+    public void AddOrganizationIntegrationConfigurationCommandsQueries_RegistersAllConfigurationServices()
+    {
+        _services.AddOrganizationIntegrationConfigurationCommandsQueries();
+
+        Assert.Contains(_services, s => s.ServiceType == typeof(ICreateOrganizationIntegrationConfigurationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IUpdateOrganizationIntegrationConfigurationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IDeleteOrganizationIntegrationConfigurationCommand));
+        Assert.Contains(_services, s => s.ServiceType == typeof(IGetOrganizationIntegrationConfigurationsQuery));
+    }
+
+    [Fact]
+    public void AddOrganizationIntegrationConfigurationCommandsQueries_MultipleCalls_IsIdempotent()
+    {
+        _services.AddOrganizationIntegrationConfigurationCommandsQueries();
+        _services.AddOrganizationIntegrationConfigurationCommandsQueries();
+        _services.AddOrganizationIntegrationConfigurationCommandsQueries();
+
+        var createCmdDescriptors = _services.Where(s =>
+            s.ServiceType == typeof(ICreateOrganizationIntegrationConfigurationCommand)).ToList();
+        Assert.Single(createCmdDescriptors);
+    }
+
+    private static GlobalSettings CreateGlobalSettings(Dictionary<string, string?> data)
+    {
+        var config = new ConfigurationBuilder()
+            .AddInMemoryCollection(data)
+            .Build();
+
+        var settings = new GlobalSettings();
+        config.GetSection("GlobalSettings").Bind(settings);
+        return settings;
+    }
+}
--- a/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/CreateOrganizationIntegrationConfigurationCommandTests.cs
+++ b/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/CreateOrganizationIntegrationConfigurationCommandTests.cs
@@ -0,0 +1,179 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+using Bit.Core.AdminConsole.Services;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+
+[SutProviderCustomize]
+public class CreateOrganizationIntegrationConfigurationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task CreateAsync_Success_CreatesConfigurationAndInvalidatesCache(
+        SutProvider<CreateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        configuration.OrganizationIntegrationId = integrationId;
+        configuration.EventType = EventType.User_LoggedIn;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .CreateAsync(configuration)
+            .Returns(configuration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        var result = await sutProvider.Sut.CreateAsync(organizationId, integrationId, configuration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .CreateAsync(configuration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveAsync(EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+                organizationId,
+                integration.Type,
+                configuration.EventType.Value));
+        // Also verify RemoveByTagAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+        Assert.Equal(configuration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_WildcardSuccess_CreatesConfigurationAndInvalidatesCache(
+        SutProvider<CreateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        configuration.OrganizationIntegrationId = integrationId;
+        configuration.EventType = null;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .CreateAsync(configuration)
+            .Returns(configuration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        var result = await sutProvider.Sut.CreateAsync(organizationId, integrationId, configuration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .CreateAsync(configuration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+        // Also verify RemoveAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        Assert.Equal(configuration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<CreateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.CreateAsync(organizationId, integrationId, configuration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .CreateAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<CreateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.CreateAsync(organizationId, integrationId, configuration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .CreateAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_ValidationFails_ThrowsBadRequest(
+        SutProvider<CreateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(false);
+
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        configuration.OrganizationIntegrationId = integrationId;
+        configuration.Template = "template";
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<BadRequestException>(
+            () => sutProvider.Sut.CreateAsync(organizationId, integrationId, configuration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .CreateAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+}
--- a/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/DeleteOrganizationIntegrationConfigurationCommandTests.cs
+++ b/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/DeleteOrganizationIntegrationConfigurationCommandTests.cs
@@ -0,0 +1,211 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+
+[SutProviderCustomize]
+public class DeleteOrganizationIntegrationConfigurationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_Success_DeletesConfigurationAndInvalidatesCache(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        configuration.Id = configurationId;
+        configuration.OrganizationIntegrationId = integrationId;
+        configuration.EventType = EventType.User_LoggedIn;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(configuration);
+
+        await sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetByIdAsync(configurationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .DeleteAsync(configuration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveAsync(EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+                organizationId,
+                integration.Type,
+                configuration.EventType.Value));
+        // Also verify RemoveByTagAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_WildcardSuccess_DeletesConfigurationAndInvalidatesCache(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        configuration.Id = configurationId;
+        configuration.OrganizationIntegrationId = integrationId;
+        configuration.EventType = null;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(configuration);
+
+        await sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetByIdAsync(configurationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .DeleteAsync(configuration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+        // Also verify RemoveAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetByIdAsync(Arg.Any<Guid>());
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetByIdAsync(Arg.Any<Guid>());
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_ConfigurationDoesNotExist_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns((OrganizationIntegrationConfiguration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_ConfigurationDoesNotBelongToIntegration_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration configuration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        configuration.Id = configurationId;
+        configuration.OrganizationIntegrationId = Guid.NewGuid(); // Different integration
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(configuration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId, configurationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+}
--- a/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/GetOrganizationIntegrationConfigurationsQueryTests.cs
+++ b/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/GetOrganizationIntegrationConfigurationsQueryTests.cs
@@ -0,0 +1,101 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+
+[SutProviderCustomize]
+public class GetOrganizationIntegrationConfigurationsQueryTests
+{
+    [Theory, BitAutoData]
+    public async Task GetManyByIntegrationAsync_Success_ReturnsConfigurations(
+        SutProvider<GetOrganizationIntegrationConfigurationsQuery> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        List<OrganizationIntegrationConfiguration> configurations)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetManyByIntegrationAsync(integrationId)
+            .Returns(configurations);
+
+        var result = await sutProvider.Sut.GetManyByIntegrationAsync(organizationId, integrationId);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetManyByIntegrationAsync(integrationId);
+        Assert.Equal(configurations.Count, result.Count);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetManyByIntegrationAsync_NoConfigurations_ReturnsEmptyList(
+        SutProvider<GetOrganizationIntegrationConfigurationsQuery> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetManyByIntegrationAsync(integrationId)
+            .Returns([]);
+
+        var result = await sutProvider.Sut.GetManyByIntegrationAsync(organizationId, integrationId);
+
+        Assert.Empty(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetManyByIntegrationAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<GetOrganizationIntegrationConfigurationsQuery> sutProvider,
+        Guid organizationId,
+        Guid integrationId)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.GetManyByIntegrationAsync(organizationId, integrationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetManyByIntegrationAsync(Arg.Any<Guid>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetManyByIntegrationAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<GetOrganizationIntegrationConfigurationsQuery> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.GetManyByIntegrationAsync(organizationId, integrationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetManyByIntegrationAsync(Arg.Any<Guid>());
+    }
+}
--- a/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/UpdateOrganizationIntegrationConfigurationCommandTests.cs
+++ b/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrationConfigurations/UpdateOrganizationIntegrationConfigurationCommandTests.cs
@@ -0,0 +1,390 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+using Bit.Core.AdminConsole.Services;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrationConfigurations;
+
+[SutProviderCustomize]
+public class UpdateOrganizationIntegrationConfigurationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_Success_UpdatesConfigurationAndInvalidatesCache(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        existingConfiguration.Id = configurationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = EventType.User_LoggedIn;
+        updatedConfiguration.Id = configurationId;
+        updatedConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = EventType.User_LoggedIn;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(existingConfiguration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        var result = await sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetByIdAsync(configurationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .ReplaceAsync(updatedConfiguration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveAsync(EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+                organizationId,
+                integration.Type,
+                existingConfiguration.EventType.Value));
+        // Also verify RemoveByTagAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+        Assert.Equal(updatedConfiguration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_WildcardSuccess_UpdatesConfigurationAndInvalidatesCache(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        existingConfiguration.Id = configurationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = null;
+        updatedConfiguration.Id = configurationId;
+        updatedConfiguration.OrganizationIntegrationId = integrationId;
+        updatedConfiguration.EventType = null;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(existingConfiguration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        var result = await sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetByIdAsync(configurationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .ReplaceAsync(updatedConfiguration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+        // Also verify RemoveAsync was NOT called
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        Assert.Equal(updatedConfiguration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ChangedEventType_UpdatesConfigurationAndInvalidatesCacheForBothTypes(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+        existingConfiguration.Id = configurationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = EventType.User_LoggedIn;
+        updatedConfiguration.Id = configurationId;
+        updatedConfiguration.OrganizationIntegrationId = integrationId;
+        updatedConfiguration.EventType = EventType.Cipher_Created;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(existingConfiguration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        var result = await sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .GetByIdAsync(configurationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().Received(1)
+            .ReplaceAsync(updatedConfiguration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveAsync(EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+                organizationId,
+                integration.Type,
+                existingConfiguration.EventType.Value));
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveAsync(EventIntegrationsCacheConstants.BuildCacheKeyForOrganizationIntegrationConfigurationDetails(
+                organizationId,
+                integration.Type,
+                updatedConfiguration.EventType.Value));
+        // Verify RemoveByTagAsync was NOT called since both are specific event types
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+        Assert.Equal(updatedConfiguration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetByIdAsync(Arg.Any<Guid>());
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .GetByIdAsync(Arg.Any<Guid>());
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ConfigurationDoesNotExist_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns((OrganizationIntegrationConfiguration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ConfigurationDoesNotBelongToIntegration_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        existingConfiguration.Id = configurationId;
+        existingConfiguration.OrganizationIntegrationId = Guid.NewGuid(); // Different integration
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(existingConfiguration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ValidationFails_ThrowsBadRequest(
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        Guid configurationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(false);
+
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        existingConfiguration.Id = configurationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        updatedConfiguration.Id = configurationId;
+        updatedConfiguration.OrganizationIntegrationId = integrationId;
+        updatedConfiguration.Template = "template";
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(configurationId)
+            .Returns(existingConfiguration);
+
+        await Assert.ThrowsAsync<BadRequestException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, configurationId, updatedConfiguration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegrationConfiguration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ChangedFromWildcardToSpecific_InvalidatesAllCaches(
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration,
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider)
+    {
+        integration.OrganizationId = organizationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = null; // Wildcard
+        updatedConfiguration.EventType = EventType.User_LoggedIn; // Specific
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId).Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(existingConfiguration.Id).Returns(existingConfiguration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        await sutProvider.Sut.UpdateAsync(organizationId, integrationId, existingConfiguration.Id, updatedConfiguration);
+
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_ChangedFromSpecificToWildcard_InvalidatesAllCaches(
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration,
+        OrganizationIntegrationConfiguration existingConfiguration,
+        OrganizationIntegrationConfiguration updatedConfiguration,
+        SutProvider<UpdateOrganizationIntegrationConfigurationCommand> sutProvider)
+    {
+        integration.OrganizationId = organizationId;
+        existingConfiguration.OrganizationIntegrationId = integrationId;
+        existingConfiguration.EventType = EventType.User_LoggedIn; // Specific
+        updatedConfiguration.EventType = null; // Wildcard
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId).Returns(integration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>()
+            .GetByIdAsync(existingConfiguration.Id).Returns(existingConfiguration);
+        sutProvider.GetDependency<IOrganizationIntegrationConfigurationValidator>()
+            .ValidateConfiguration(Arg.Any<IntegrationType>(), Arg.Any<OrganizationIntegrationConfiguration>())
+            .Returns(true);
+
+        await sutProvider.Sut.UpdateAsync(organizationId, integrationId, existingConfiguration.Id, updatedConfiguration);
+
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveAsync(Arg.Any<string>());
+    }
+}
--- a/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/CreateOrganizationIntegrationCommandTests.cs
+++ b/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/CreateOrganizationIntegrationCommandTests.cs
@@ -0,0 +1,92 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrations;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrations;
+
+[SutProviderCustomize]
+public class CreateOrganizationIntegrationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task CreateAsync_Success_CreatesIntegrationAndInvalidatesCache(
+        SutProvider<CreateOrganizationIntegrationCommand> sutProvider,
+        OrganizationIntegration integration)
+    {
+        integration.Type = IntegrationType.Webhook;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetManyByOrganizationAsync(integration.OrganizationId)
+            .Returns([]);
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .CreateAsync(integration)
+            .Returns(integration);
+
+        var result = await sutProvider.Sut.CreateAsync(integration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetManyByOrganizationAsync(integration.OrganizationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .CreateAsync(integration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                integration.OrganizationId,
+                integration.Type));
+        Assert.Equal(integration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_DuplicateType_ThrowsBadRequest(
+        SutProvider<CreateOrganizationIntegrationCommand> sutProvider,
+        OrganizationIntegration integration,
+        OrganizationIntegration existingIntegration)
+    {
+        integration.Type = IntegrationType.Webhook;
+        existingIntegration.Type = IntegrationType.Webhook;
+        existingIntegration.OrganizationId = integration.OrganizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetManyByOrganizationAsync(integration.OrganizationId)
+            .Returns([existingIntegration]);
+
+        var exception = await Assert.ThrowsAsync<BadRequestException>(
+            () => sutProvider.Sut.CreateAsync(integration));
+
+        Assert.Contains("An integration of this type already exists", exception.Message);
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .CreateAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task CreateAsync_DifferentType_Success(
+        SutProvider<CreateOrganizationIntegrationCommand> sutProvider,
+        OrganizationIntegration integration,
+        OrganizationIntegration existingIntegration)
+    {
+        integration.Type = IntegrationType.Webhook;
+        existingIntegration.Type = IntegrationType.Slack;
+        existingIntegration.OrganizationId = integration.OrganizationId;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetManyByOrganizationAsync(integration.OrganizationId)
+            .Returns([existingIntegration]);
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .CreateAsync(integration)
+            .Returns(integration);
+
+        var result = await sutProvider.Sut.CreateAsync(integration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .CreateAsync(integration);
+        Assert.Equal(integration, result);
+    }
+}
--- a/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/DeleteOrganizationIntegrationCommandTests.cs
+++ b/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/DeleteOrganizationIntegrationCommandTests.cs
@@ -0,0 +1,86 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrations;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrations;
+
+[SutProviderCustomize]
+public class DeleteOrganizationIntegrationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_Success_DeletesIntegrationAndInvalidatesCache(
+        SutProvider<DeleteOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = organizationId;
+        integration.Type = IntegrationType.Webhook;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await sutProvider.Sut.DeleteAsync(organizationId, integrationId);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .DeleteAsync(integration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                integration.Type));
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task DeleteAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<DeleteOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration integration)
+    {
+        integration.Id = integrationId;
+        integration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(integration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.DeleteAsync(organizationId, integrationId));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .DeleteAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+}
--- a/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/GetOrganizationIntegrationsQueryTests.cs
+++ b/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/GetOrganizationIntegrationsQueryTests.cs
@@ -0,0 +1,44 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrations;
+using Bit.Core.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrations;
+
+[SutProviderCustomize]
+public class GetOrganizationIntegrationsQueryTests
+{
+    [Theory, BitAutoData]
+    public async Task GetManyByOrganizationAsync_CallsRepository(
+        SutProvider<GetOrganizationIntegrationsQuery> sutProvider,
+        Guid organizationId,
+        List<OrganizationIntegration> integrations)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetManyByOrganizationAsync(organizationId)
+            .Returns(integrations);
+
+        var result = await sutProvider.Sut.GetManyByOrganizationAsync(organizationId);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetManyByOrganizationAsync(organizationId);
+        Assert.Equal(integrations.Count, result.Count);
+    }
+
+    [Theory, BitAutoData]
+    public async Task GetManyByOrganizationAsync_NoIntegrations_ReturnsEmptyList(
+        SutProvider<GetOrganizationIntegrationsQuery> sutProvider,
+        Guid organizationId)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetManyByOrganizationAsync(organizationId)
+            .Returns([]);
+
+        var result = await sutProvider.Sut.GetManyByOrganizationAsync(organizationId);
+
+        Assert.Empty(result);
+    }
+}
--- a/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/UpdateOrganizationIntegrationCommandTests.cs
+++ b/test/Core.Test/AdminConsole/EventIntegrations/OrganizationIntegrations/UpdateOrganizationIntegrationCommandTests.cs
@@ -0,0 +1,121 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.EventIntegrations.OrganizationIntegrations;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+using ZiggyCreatures.Caching.Fusion;
+
+namespace Bit.Core.Test.AdminConsole.EventIntegrations.OrganizationIntegrations;
+
+[SutProviderCustomize]
+public class UpdateOrganizationIntegrationCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_Success_UpdatesIntegrationAndInvalidatesCache(
+        SutProvider<UpdateOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration existingIntegration,
+        OrganizationIntegration updatedIntegration)
+    {
+        existingIntegration.Id = integrationId;
+        existingIntegration.OrganizationId = organizationId;
+        existingIntegration.Type = IntegrationType.Webhook;
+        updatedIntegration.Id = integrationId;
+        updatedIntegration.OrganizationId = organizationId;
+        updatedIntegration.Type = IntegrationType.Webhook;
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(existingIntegration);
+
+        var result = await sutProvider.Sut.UpdateAsync(organizationId, integrationId, updatedIntegration);
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .GetByIdAsync(integrationId);
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().Received(1)
+            .ReplaceAsync(updatedIntegration);
+        await sutProvider.GetDependency<IFusionCache>().Received(1)
+            .RemoveByTagAsync(EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+                organizationId,
+                existingIntegration.Type));
+        Assert.Equal(updatedIntegration, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_IntegrationDoesNotExist_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration updatedIntegration)
+    {
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns((OrganizationIntegration)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, updatedIntegration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_IntegrationDoesNotBelongToOrganization_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration existingIntegration,
+        OrganizationIntegration updatedIntegration)
+    {
+        existingIntegration.Id = integrationId;
+        existingIntegration.OrganizationId = Guid.NewGuid(); // Different organization
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(existingIntegration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, updatedIntegration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_IntegrationIsDifferentType_ThrowsNotFound(
+        SutProvider<UpdateOrganizationIntegrationCommand> sutProvider,
+        Guid organizationId,
+        Guid integrationId,
+        OrganizationIntegration existingIntegration,
+        OrganizationIntegration updatedIntegration)
+    {
+        existingIntegration.Id = integrationId;
+        existingIntegration.OrganizationId = organizationId;
+        existingIntegration.Type = IntegrationType.Webhook;
+        updatedIntegration.Id = integrationId;
+        updatedIntegration.OrganizationId = organizationId;
+        updatedIntegration.Type = IntegrationType.Hec; // Different Type
+
+        sutProvider.GetDependency<IOrganizationIntegrationRepository>()
+            .GetByIdAsync(integrationId)
+            .Returns(existingIntegration);
+
+        await Assert.ThrowsAsync<NotFoundException>(
+            () => sutProvider.Sut.UpdateAsync(organizationId, integrationId, updatedIntegration));
+
+        await sutProvider.GetDependency<IOrganizationIntegrationRepository>().DidNotReceive()
+            .ReplaceAsync(Arg.Any<OrganizationIntegration>());
+        await sutProvider.GetDependency<IFusionCache>().DidNotReceive()
+            .RemoveByTagAsync(Arg.Any<string>());
+    }
+}
--- a/test/Core.Test/AdminConsole/Models/Data/EventIntegrations/IntegrationTemplateContextTests.cs
+++ b/test/Core.Test/AdminConsole/Models/Data/EventIntegrations/IntegrationTemplateContextTests.cs
@@ -2,8 +2,8 @@
 using System.Text.Json;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Models.Data.EventIntegrations;
-using Bit.Core.Entities;
 using Bit.Core.Models.Data;
+using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Xunit;

@@ -35,7 +35,7 @@ public class IntegrationTemplateContextTests
    }

    [Theory, BitAutoData]
-    public void UserName_WhenUserIsSet_ReturnsName(EventMessage eventMessage, User user)
+    public void UserName_WhenUserIsSet_ReturnsName(EventMessage eventMessage, OrganizationUserUserDetails user)
    {
        var sut = new IntegrationTemplateContext(eventMessage) { User = user };

@@ -51,7 +51,7 @@ public class IntegrationTemplateContextTests
    }

    [Theory, BitAutoData]
-    public void UserEmail_WhenUserIsSet_ReturnsEmail(EventMessage eventMessage, User user)
+    public void UserEmail_WhenUserIsSet_ReturnsEmail(EventMessage eventMessage, OrganizationUserUserDetails user)
    {
        var sut = new IntegrationTemplateContext(eventMessage) { User = user };

@@ -67,7 +67,23 @@ public class IntegrationTemplateContextTests
    }

    [Theory, BitAutoData]
-    public void ActingUserName_WhenActingUserIsSet_ReturnsName(EventMessage eventMessage, User actingUser)
+    public void UserType_WhenUserIsSet_ReturnsType(EventMessage eventMessage, OrganizationUserUserDetails user)
+    {
+        var sut = new IntegrationTemplateContext(eventMessage) { User = user };
+
+        Assert.Equal(user.Type, sut.UserType);
+    }
+
+    [Theory, BitAutoData]
+    public void UserType_WhenUserIsNull_ReturnsNull(EventMessage eventMessage)
+    {
+        var sut = new IntegrationTemplateContext(eventMessage) { User = null };
+
+        Assert.Null(sut.UserType);
+    }
+
+    [Theory, BitAutoData]
+    public void ActingUserName_WhenActingUserIsSet_ReturnsName(EventMessage eventMessage, OrganizationUserUserDetails actingUser)
    {
        var sut = new IntegrationTemplateContext(eventMessage) { ActingUser = actingUser };

@@ -83,7 +99,7 @@ public class IntegrationTemplateContextTests
    }

    [Theory, BitAutoData]
-    public void ActingUserEmail_WhenActingUserIsSet_ReturnsEmail(EventMessage eventMessage, User actingUser)
+    public void ActingUserEmail_WhenActingUserIsSet_ReturnsEmail(EventMessage eventMessage, OrganizationUserUserDetails actingUser)
    {
        var sut = new IntegrationTemplateContext(eventMessage) { ActingUser = actingUser };

@@ -98,6 +114,22 @@ public class IntegrationTemplateContextTests
        Assert.Null(sut.ActingUserEmail);
    }

+    [Theory, BitAutoData]
+    public void ActingUserType_WhenActingUserIsSet_ReturnsType(EventMessage eventMessage, OrganizationUserUserDetails actingUser)
+    {
+        var sut = new IntegrationTemplateContext(eventMessage) { ActingUser = actingUser };
+
+        Assert.Equal(actingUser.Type, sut.ActingUserType);
+    }
+
+    [Theory, BitAutoData]
+    public void ActingUserType_WhenActingUserIsNull_ReturnsNull(EventMessage eventMessage)
+    {
+        var sut = new IntegrationTemplateContext(eventMessage) { ActingUser = null };
+
+        Assert.Null(sut.ActingUserType);
+    }
+
    [Theory, BitAutoData]
    public void OrganizationName_WhenOrganizationIsSet_ReturnsDisplayName(EventMessage eventMessage, Organization organization)
    {
@@ -113,4 +145,20 @@ public class IntegrationTemplateContextTests

        Assert.Null(sut.OrganizationName);
    }
+
+    [Theory, BitAutoData]
+    public void GroupName_WhenGroupIsSet_ReturnsName(EventMessage eventMessage, Group group)
+    {
+        var sut = new IntegrationTemplateContext(eventMessage) { Group = group };
+
+        Assert.Equal(group.Name, sut.GroupName);
+    }
+
+    [Theory, BitAutoData]
+    public void GroupName_WhenGroupIsNull_ReturnsNull(EventMessage eventMessage)
+    {
+        var sut = new IntegrationTemplateContext(eventMessage) { Group = null };
+
+        Assert.Null(sut.GroupName);
+    }
 }
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationDomains/VerifyOrganizationDomainCommandTests.cs
@@ -2,7 +2,6 @@
 using Bit.Core.AdminConsole.Enums;
 using Bit.Core.AdminConsole.Models.Data;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains;
-using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces;
 using Bit.Core.Context;
@@ -183,17 +182,17 @@ public class VerifyOrganizationDomainCommandTests

        _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);

-        await sutProvider.GetDependency<ISavePolicyCommand>()
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>()
            .Received(1)
-            .SaveAsync(Arg.Is<PolicyUpdate>(x => x.Type == PolicyType.SingleOrg &&
-                x.OrganizationId == domain.OrganizationId &&
-                x.Enabled &&
+            .SaveAsync(Arg.Is<SavePolicyModel>(x => x.PolicyUpdate.Type == PolicyType.SingleOrg &&
+                                                    x.PolicyUpdate.OrganizationId == domain.OrganizationId &&
+                                                    x.PolicyUpdate.Enabled &&
                x.PerformedBy is StandardUser &&
                x.PerformedBy.UserId == userId));
    }

    [Theory, BitAutoData]
-    public async Task UserVerifyOrganizationDomainAsync_WhenPolicyValidatorsRefactorFlagEnabled_UsesVNextSavePolicyCommand(
+    public async Task UserVerifyOrganizationDomainAsync_UsesVNextSavePolicyCommand(
        OrganizationDomain domain, Guid userId, SutProvider<VerifyOrganizationDomainCommand> sutProvider)
    {
        sutProvider.GetDependency<IOrganizationDomainRepository>()
@@ -207,10 +206,6 @@ public class VerifyOrganizationDomainCommandTests
        sutProvider.GetDependency<ICurrentContext>()
            .UserId.Returns(userId);

-        sutProvider.GetDependency<IFeatureService>()
-            .IsEnabled(FeatureFlagKeys.PolicyValidatorsRefactor)
-            .Returns(true);
-
        _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);

        await sutProvider.GetDependency<IVNextSavePolicyCommand>()
@@ -240,9 +235,9 @@ public class VerifyOrganizationDomainCommandTests

        _ = await sutProvider.Sut.UserVerifyOrganizationDomainAsync(domain);

-        await sutProvider.GetDependency<ISavePolicyCommand>()
+        await sutProvider.GetDependency<IVNextSavePolicyCommand>()
            .DidNotReceive()
-            .SaveAsync(Arg.Any<PolicyUpdate>());
+            .SaveAsync(Arg.Any<SavePolicyModel>());
    }

    [Theory, BitAutoData]
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/BulkResendOrganizationInvitesCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/BulkResendOrganizationInvitesCommandTests.cs
@@ -0,0 +1,113 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;
+
+[SutProviderCustomize]
+public class BulkResendOrganizationInvitesCommandTests
+{
+    [Theory]
+    [BitAutoData]
+    public async Task BulkResendInvitesAsync_ValidatesUsersAndSendsBatchInvite(
+        Organization organization,
+        OrganizationUser validUser1,
+        OrganizationUser validUser2,
+        OrganizationUser acceptedUser,
+        OrganizationUser wrongOrgUser,
+        SutProvider<BulkResendOrganizationInvitesCommand> sutProvider)
+    {
+        validUser1.OrganizationId = organization.Id;
+        validUser1.Status = OrganizationUserStatusType.Invited;
+        validUser2.OrganizationId = organization.Id;
+        validUser2.Status = OrganizationUserStatusType.Invited;
+        acceptedUser.OrganizationId = organization.Id;
+        acceptedUser.Status = OrganizationUserStatusType.Accepted;
+        wrongOrgUser.OrganizationId = Guid.NewGuid();
+        wrongOrgUser.Status = OrganizationUserStatusType.Invited;
+
+        var users = new List<OrganizationUser> { validUser1, validUser2, acceptedUser, wrongOrgUser };
+        var userIds = users.Select(u => u.Id).ToList();
+
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyAsync(userIds).Returns(users);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
+
+        var result = (await sutProvider.Sut.BulkResendInvitesAsync(organization.Id, null, userIds)).ToList();
+
+        Assert.Equal(4, result.Count);
+        Assert.Equal(2, result.Count(r => string.IsNullOrEmpty(r.Item2)));
+        Assert.Equal(2, result.Count(r => r.Item2 == "User invalid."));
+
+        await sutProvider.GetDependency<ISendOrganizationInvitesCommand>()
+            .Received(1)
+            .SendInvitesAsync(Arg.Is<SendInvitesRequest>(req =>
+                req.Organization == organization &&
+                req.Users.Length == 2 &&
+                req.InitOrganization == false));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task BulkResendInvitesAsync_AllInvalidUsers_DoesNotSendInvites(
+        Organization organization,
+        List<OrganizationUser> organizationUsers,
+        SutProvider<BulkResendOrganizationInvitesCommand> sutProvider)
+    {
+        foreach (var user in organizationUsers)
+        {
+            user.OrganizationId = organization.Id;
+            user.Status = OrganizationUserStatusType.Confirmed;
+        }
+
+        var userIds = organizationUsers.Select(u => u.Id).ToList();
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyAsync(userIds).Returns(organizationUsers);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
+
+        var result = (await sutProvider.Sut.BulkResendInvitesAsync(organization.Id, null, userIds)).ToList();
+
+        Assert.Equal(organizationUsers.Count, result.Count);
+        Assert.All(result, r => Assert.Equal("User invalid.", r.Item2));
+        await sutProvider.GetDependency<ISendOrganizationInvitesCommand>().DidNotReceive()
+            .SendInvitesAsync(Arg.Any<SendInvitesRequest>());
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task BulkResendInvitesAsync_OrganizationNotFound_ThrowsNotFoundException(
+        Guid organizationId,
+        List<Guid> userIds,
+        List<OrganizationUser> organizationUsers,
+        SutProvider<BulkResendOrganizationInvitesCommand> sutProvider)
+    {
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyAsync(userIds).Returns(organizationUsers);
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organizationId).Returns((Organization?)null);
+
+        await Assert.ThrowsAsync<NotFoundException>(() =>
+            sutProvider.Sut.BulkResendInvitesAsync(organizationId, null, userIds));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task BulkResendInvitesAsync_EmptyUserList_ReturnsEmpty(
+        Organization organization,
+        SutProvider<BulkResendOrganizationInvitesCommand> sutProvider)
+    {
+        var emptyUserIds = new List<Guid>();
+        sutProvider.GetDependency<IOrganizationUserRepository>().GetManyAsync(emptyUserIds).Returns(new List<OrganizationUser>());
+        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);
+
+        var result = await sutProvider.Sut.BulkResendInvitesAsync(organization.Id, null, emptyUserIds);
+
+        Assert.Empty(result);
+        await sutProvider.GetDependency<ISendOrganizationInvitesCommand>().DidNotReceive()
+            .SendInvitesAsync(Arg.Any<SendInvitesRequest>());
+    }
+}
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/InviteOrganizationUserCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/InviteOrganizationUserCommandTests.cs
@@ -13,7 +13,6 @@ using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.AdminConsole.Utilities.Commands;
 using Bit.Core.AdminConsole.Utilities.Errors;
 using Bit.Core.AdminConsole.Utilities.Validation;
-using Bit.Core.Billing.Models.StaticStore.Plans;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.Models.Business;
@@ -22,6 +21,7 @@ using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
+using Bit.Core.Test.Billing.Mocks.Plans;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Microsoft.Extensions.Time.Testing;
@@ -29,6 +29,7 @@ using NSubstitute;
 using NSubstitute.ExceptionExtensions;
 using Xunit;
 using static Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Helpers.InviteUserOrganizationValidationRequestHelpers;
+using Enterprise2019Plan = Bit.Core.Test.Billing.Mocks.Plans.Enterprise2019Plan;

 namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers;

--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/InviteOrganizationUsersValidatorTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/InviteOrganizationUsersValidatorTests.cs
@@ -3,12 +3,12 @@ using Bit.Core.AdminConsole.Models.Business;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Models;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Validation;
 using Bit.Core.AdminConsole.Utilities.Validation;
-using Bit.Core.Billing.Models.StaticStore.Plans;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
+using Bit.Core.Test.Billing.Mocks.Plans;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/InviteUserOrganizationValidationTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/InviteUserOrganizationValidationTests.cs
@@ -2,7 +2,7 @@
 using Bit.Core.AdminConsole.Models.Business;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Validation.Organization;
 using Bit.Core.AdminConsole.Utilities.Validation;
-using Bit.Core.Billing.Models.StaticStore.Plans;
+using Bit.Core.Test.Billing.Mocks.Plans;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Xunit;
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/InviteUserPaymentValidationTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/InviteUserPaymentValidationTests.cs
@@ -5,7 +5,7 @@ using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.V
 using Bit.Core.AdminConsole.Utilities.Validation;
 using Bit.Core.Billing.Constants;
 using Bit.Core.Billing.Enums;
-using Bit.Core.Billing.Models.StaticStore.Plans;
+using Bit.Core.Test.Billing.Mocks.Plans;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Xunit;

--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/PasswordManagerInviteUserValidatorTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/InviteUsers/Validation/PasswordManagerInviteUserValidatorTests.cs
@@ -3,7 +3,7 @@ using Bit.Core.AdminConsole.Models.Business;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.InviteUsers.Validation.PasswordManager;
 using Bit.Core.AdminConsole.Utilities.Validation;
 using Bit.Core.Billing.Enums;
-using Bit.Core.Billing.Models.StaticStore.Plans;
+using Bit.Core.Test.Billing.Mocks.Plans;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Xunit;
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RevokeOrganizationUserCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RevokeOrganizationUserCommandTests.cs
@@ -1,6 +1,6 @@
 using Bit.Core.AdminConsole.Entities;
-using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers;
 using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v1;
 using Bit.Core.Context;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RevokeUser/v2/RevokeOrganizationUserCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RevokeUser/v2/RevokeOrganizationUserCommandTests.cs
@@ -0,0 +1,215 @@
+using Bit.Core.AdminConsole.Models.Data;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v2;
+using Bit.Core.AdminConsole.Utilities.v2.Validation;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Platform.Push;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Bit.Core.Test.AutoFixture.OrganizationUserFixtures;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Microsoft.Extensions.Logging;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v2;
+
+[SutProviderCustomize]
+public class RevokeOrganizationUserCommandTests
+{
+    [Theory]
+    [BitAutoData]
+    public async Task RevokeUsersAsync_WithValidUsers_RevokesUsersAndLogsEvents(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser1,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser2)
+    {
+        // Arrange
+        orgUser1.OrganizationId = orgUser2.OrganizationId = organizationId;
+        orgUser1.UserId = Guid.NewGuid();
+        orgUser2.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = new RevokeOrganizationUsersRequest(
+            organizationId,
+            [orgUser1.Id, orgUser2.Id],
+            actingUser);
+
+        SetupRepositoryMocks(sutProvider, [orgUser1, orgUser2]);
+        SetupValidatorMock(sutProvider, [
+            ValidationResultHelpers.Valid(orgUser1),
+            ValidationResultHelpers.Valid(orgUser2)
+        ]);
+
+        // Act
+        var results = (await sutProvider.Sut.RevokeUsersAsync(request)).ToList();
+
+        // Assert
+        Assert.Equal(2, results.Count);
+        Assert.All(results, r => Assert.True(r.Result.IsSuccess));
+
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .RevokeManyByIdAsync(Arg.Is<IEnumerable<Guid>>(ids =>
+                ids.Contains(orgUser1.Id) && ids.Contains(orgUser2.Id)));
+
+        await sutProvider.GetDependency<IEventService>()
+            .Received(1)
+            .LogOrganizationUserEventsAsync(Arg.Is<IEnumerable<(OrganizationUser, EventType, DateTime?)>>(
+                events => events.Count() == 2));
+
+        await sutProvider.GetDependency<IPushNotificationService>()
+            .Received(1)
+            .PushSyncOrgKeysAsync(orgUser1.UserId!.Value);
+
+        await sutProvider.GetDependency<IPushNotificationService>()
+            .Received(1)
+            .PushSyncOrgKeysAsync(orgUser2.UserId!.Value);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task RevokeUsersAsync_WithSystemUser_LogsEventsWithSystemUserType(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        Guid organizationId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser)
+    {
+        // Arrange
+        orgUser.OrganizationId = organizationId;
+        orgUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(null, false, EventSystemUser.SCIM);
+
+        var request = new RevokeOrganizationUsersRequest(
+            organizationId,
+            [orgUser.Id],
+            actingUser);
+
+        SetupRepositoryMocks(sutProvider, [orgUser]);
+        SetupValidatorMock(sutProvider, [ValidationResultHelpers.Valid(orgUser)]);
+
+        // Act
+        await sutProvider.Sut.RevokeUsersAsync(request);
+
+        // Assert
+        await sutProvider.GetDependency<IEventService>()
+            .Received(1)
+            .LogOrganizationUserEventsAsync(Arg.Is<IEnumerable<(OrganizationUser, EventType, EventSystemUser, DateTime?)>>(
+                events => events.All(e => e.Item3 == EventSystemUser.SCIM)));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task RevokeUsersAsync_WithValidationErrors_ReturnsErrorResults(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Revoked, OrganizationUserType.User)] OrganizationUser orgUser1,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser2)
+    {
+        // Arrange
+        orgUser1.OrganizationId = orgUser2.OrganizationId = organizationId;
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+
+        var request = new RevokeOrganizationUsersRequest(
+            organizationId,
+            [orgUser1.Id, orgUser2.Id],
+            actingUser);
+
+        SetupRepositoryMocks(sutProvider, [orgUser1, orgUser2]);
+        SetupValidatorMock(sutProvider, [
+            ValidationResultHelpers.Invalid(orgUser1, new UserAlreadyRevoked()),
+            ValidationResultHelpers.Valid(orgUser2)
+        ]);
+
+        // Act
+        var results = (await sutProvider.Sut.RevokeUsersAsync(request)).ToList();
+
+        // Assert
+        Assert.Equal(2, results.Count);
+        var result1 = results.Single(r => r.Id == orgUser1.Id);
+        var result2 = results.Single(r => r.Id == orgUser2.Id);
+
+        Assert.True(result1.Result.IsError);
+        Assert.True(result2.Result.IsSuccess);
+
+        // Only the valid user should be revoked
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
+            .Received(1)
+            .RevokeManyByIdAsync(Arg.Is<IEnumerable<Guid>>(ids =>
+                ids.Count() == 1 && ids.Contains(orgUser2.Id)));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task RevokeUsersAsync_WhenPushNotificationFails_ContinuesProcessing(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser)
+    {
+        // Arrange
+        orgUser.OrganizationId = organizationId;
+        orgUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+
+        var request = new RevokeOrganizationUsersRequest(
+            organizationId,
+            [orgUser.Id],
+            actingUser);
+
+        SetupRepositoryMocks(sutProvider, [orgUser]);
+        SetupValidatorMock(sutProvider, [ValidationResultHelpers.Valid(orgUser)]);
+
+        sutProvider.GetDependency<IPushNotificationService>()
+            .PushSyncOrgKeysAsync(orgUser.UserId!.Value)
+            .Returns(Task.FromException(new Exception("Push notification failed")));
+
+        // Act
+        var results = (await sutProvider.Sut.RevokeUsersAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results[0].Result.IsSuccess);
+
+        // Should log warning but continue
+        sutProvider.GetDependency<ILogger<RevokeOrganizationUserCommand>>()
+            .Received()
+            .Log(
+                LogLevel.Warning,
+                Arg.Any<EventId>(),
+                Arg.Any<object>(),
+                Arg.Any<Exception>(),
+                Arg.Any<Func<object, Exception?, string>>());
+    }
+
+    private static IActingUser CreateActingUser(Guid? userId, bool isOwnerOrProvider, EventSystemUser? systemUserType) =>
+        (userId, systemUserType) switch
+        {
+            ({ } id, _) => new StandardUser(id, isOwnerOrProvider),
+            (null, { } type) => new SystemUser(type)
+        };
+
+    private static void SetupRepositoryMocks(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        ICollection<OrganizationUser> organizationUsers)
+    {
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns(organizationUsers);
+    }
+
+    private static void SetupValidatorMock(
+        SutProvider<RevokeOrganizationUserCommand> sutProvider,
+        ICollection<ValidationResult<OrganizationUser>> validationResults)
+    {
+        sutProvider.GetDependency<IRevokeOrganizationUserValidator>()
+            .ValidateAsync(Arg.Any<RevokeOrganizationUsersValidationRequest>())
+            .Returns(validationResults);
+    }
+}
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RevokeUser/v2/RevokeOrganizationUsersValidatorTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/OrganizationUsers/RevokeUser/v2/RevokeOrganizationUsersValidatorTests.cs
@@ -0,0 +1,325 @@
+using Bit.Core.AdminConsole.Models.Data;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.Interfaces;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v2;
+using Bit.Core.Entities;
+using Bit.Core.Enums;
+using Bit.Core.Test.AutoFixture.OrganizationUserFixtures;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.OrganizationUsers.RevokeUser.v2;
+
+[SutProviderCustomize]
+public class RevokeOrganizationUsersValidatorTests
+{
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithValidUsers_ReturnsSuccess(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser1,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser2)
+    {
+        // Arrange
+        orgUser1.OrganizationId = orgUser2.OrganizationId = organizationId;
+        orgUser1.UserId = Guid.NewGuid();
+        orgUser2.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [orgUser1, orgUser2],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Equal(2, results.Count);
+        Assert.All(results, r => Assert.True(r.IsValid));
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithRevokedUser_ReturnsErrorForThatUser(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Revoked, OrganizationUserType.User)] OrganizationUser revokedUser)
+    {
+        // Arrange
+        revokedUser.OrganizationId = organizationId;
+        revokedUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [revokedUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsError);
+        Assert.IsType<UserAlreadyRevoked>(results.First().AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WhenRevokingSelf_ReturnsErrorForThatUser(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser)
+    {
+        // Arrange
+        orgUser.OrganizationId = organizationId;
+        orgUser.UserId = actingUserId;
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [orgUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsError);
+        Assert.IsType<CannotRevokeYourself>(results.First().AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WhenNonOwnerRevokesOwner_ReturnsErrorForThatUser(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser ownerUser)
+    {
+        // Arrange
+        ownerUser.OrganizationId = organizationId;
+        ownerUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [ownerUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsError);
+        Assert.IsType<OnlyOwnersCanRevokeOwners>(results.First().AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WhenOwnerRevokesOwner_ReturnsSuccess(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser ownerUser)
+    {
+        // Arrange
+        ownerUser.OrganizationId = organizationId;
+        ownerUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, true, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [ownerUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsValid);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithMultipleUsers_SomeValid_ReturnsMixedResults(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser validUser,
+        [OrganizationUser(OrganizationUserStatusType.Revoked, OrganizationUserType.User)] OrganizationUser revokedUser)
+    {
+        // Arrange
+        validUser.OrganizationId = revokedUser.OrganizationId = organizationId;
+        validUser.UserId = Guid.NewGuid();
+        revokedUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null);
+        var request = CreateValidationRequest(
+            organizationId,
+            [validUser, revokedUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Equal(2, results.Count);
+
+        var validResult = results.Single(r => r.Request.Id == validUser.Id);
+        var errorResult = results.Single(r => r.Request.Id == revokedUser.Id);
+
+        Assert.True(validResult.IsValid);
+        Assert.True(errorResult.IsError);
+        Assert.IsType<UserAlreadyRevoked>(errorResult.AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithSystemUser_DoesNotRequireActingUserId(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.User)] OrganizationUser orgUser)
+    {
+        // Arrange
+        orgUser.OrganizationId = organizationId;
+        orgUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(null, false, EventSystemUser.SCIM);
+        var request = CreateValidationRequest(
+            organizationId,
+            [orgUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsValid);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WhenRevokingLastOwner_ReturnsErrorForThatUser(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser lastOwner)
+    {
+        // Arrange
+        lastOwner.OrganizationId = organizationId;
+        lastOwner.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, true, null); // Is an owner
+        var request = CreateValidationRequest(
+            organizationId,
+            [lastOwner],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(false);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Single(results);
+        Assert.True(results.First().IsError);
+        Assert.IsType<MustHaveConfirmedOwner>(results.First().AsError);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task ValidateAsync_WithMultipleValidationErrors_ReturnsAllErrors(
+        SutProvider<RevokeOrganizationUsersValidator> sutProvider,
+        Guid organizationId,
+        Guid actingUserId,
+        [OrganizationUser(OrganizationUserStatusType.Revoked, OrganizationUserType.User)] OrganizationUser revokedUser,
+        [OrganizationUser(OrganizationUserStatusType.Confirmed, OrganizationUserType.Owner)] OrganizationUser ownerUser)
+    {
+        // Arrange
+        revokedUser.OrganizationId = ownerUser.OrganizationId = organizationId;
+        revokedUser.UserId = Guid.NewGuid();
+        ownerUser.UserId = Guid.NewGuid();
+
+        var actingUser = CreateActingUser(actingUserId, false, null); // Not an owner
+        var request = CreateValidationRequest(
+            organizationId,
+            [revokedUser, ownerUser],
+            actingUser);
+
+        sutProvider.GetDependency<IHasConfirmedOwnersExceptQuery>()
+            .HasConfirmedOwnersExceptAsync(organizationId, Arg.Any<IEnumerable<Guid>>())
+            .Returns(true);
+
+        // Act
+        var results = (await sutProvider.Sut.ValidateAsync(request)).ToList();
+
+        // Assert
+        Assert.Equal(2, results.Count);
+        Assert.All(results, r => Assert.True(r.IsError));
+
+        Assert.Contains(results, r => r.AsError is UserAlreadyRevoked);
+        Assert.Contains(results, r => r.AsError is OnlyOwnersCanRevokeOwners);
+    }
+
+    private static IActingUser CreateActingUser(Guid? userId, bool isOwnerOrProvider, EventSystemUser? systemUserType) =>
+        (userId, systemUserType) switch
+        {
+            ({ } id, _) => new StandardUser(id, isOwnerOrProvider),
+            (null, { } type) => new SystemUser(type)
+        };
+
+
+    private static RevokeOrganizationUsersValidationRequest CreateValidationRequest(
+        Guid organizationId,
+        ICollection<OrganizationUser> organizationUsers,
+        IActingUser actingUser)
+    {
+        return new RevokeOrganizationUsersValidationRequest(
+            organizationId,
+            organizationUsers.Select(u => u.Id).ToList(),
+            actingUser,
+            organizationUsers
+        );
+    }
+}
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/GetOrganizationSubscriptionsToUpdateQueryTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/GetOrganizationSubscriptionsToUpdateQueryTests.cs
@@ -1,9 +1,9 @@
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.OrganizationFeatures.Organizations;
 using Bit.Core.Billing.Enums;
-using Bit.Core.Billing.Models.StaticStore.Plans;
 using Bit.Core.Billing.Pricing;
 using Bit.Core.Repositories;
+using Bit.Core.Test.Billing.Mocks.Plans;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationSignUp/CloudOrganizationSignUpCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationSignUp/CloudOrganizationSignUpCommandTests.cs
@@ -10,7 +10,7 @@ using Bit.Core.Exceptions;
 using Bit.Core.Models.Business;
 using Bit.Core.Models.Data;
 using Bit.Core.Repositories;
-using Bit.Core.Utilities;
+using Bit.Core.Test.Billing.Mocks;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
@@ -28,7 +28,7 @@ public class CloudICloudOrganizationSignUpCommandTests
    {
        signup.Plan = planType;

-        var plan = StaticStore.GetPlan(signup.Plan);
+        var plan = MockPlans.Get(signup.Plan);

        signup.AdditionalSeats = 0;
        signup.PaymentMethodType = PaymentMethodType.Card;
@@ -37,7 +37,7 @@ public class CloudICloudOrganizationSignUpCommandTests
        signup.IsFromSecretsManagerTrial = false;
        signup.IsFromProvider = false;

-        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(StaticStore.GetPlan(signup.Plan));
+        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan));

        var result = await sutProvider.Sut.SignUpOrganizationAsync(signup);

@@ -77,7 +77,7 @@ public class CloudICloudOrganizationSignUpCommandTests
        signup.UseSecretsManager = false;
        signup.IsFromProvider = false;

-        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(StaticStore.GetPlan(signup.Plan));
+        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan));

        // Extract orgUserId when created
        Guid? orgUserId = null;
@@ -112,7 +112,7 @@ public class CloudICloudOrganizationSignUpCommandTests
    {
        signup.Plan = planType;

-        var plan = StaticStore.GetPlan(signup.Plan);
+        var plan = MockPlans.Get(signup.Plan);

        signup.UseSecretsManager = true;
        signup.AdditionalSeats = 15;
@@ -123,7 +123,7 @@ public class CloudICloudOrganizationSignUpCommandTests
        signup.IsFromSecretsManagerTrial = false;
        signup.IsFromProvider = false;

-        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(StaticStore.GetPlan(signup.Plan));
+        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan));

        var result = await sutProvider.Sut.SignUpOrganizationAsync(signup);

@@ -164,7 +164,7 @@ public class CloudICloudOrganizationSignUpCommandTests
        signup.PremiumAccessAddon = false;
        signup.IsFromProvider = true;

-        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(StaticStore.GetPlan(signup.Plan));
+        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan));

        var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.SignUpOrganizationAsync(signup));
        Assert.Contains("Organizations with a Managed Service Provider do not support Secrets Manager.", exception.Message);
@@ -184,7 +184,7 @@ public class CloudICloudOrganizationSignUpCommandTests
        signup.AdditionalStorageGb = 0;
        signup.IsFromProvider = false;

-        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(StaticStore.GetPlan(signup.Plan));
+        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan));

        var exception = await Assert.ThrowsAsync<BadRequestException>(
            () => sutProvider.Sut.SignUpOrganizationAsync(signup));
@@ -204,7 +204,7 @@ public class CloudICloudOrganizationSignUpCommandTests
        signup.AdditionalServiceAccounts = 10;
        signup.IsFromProvider = false;

-        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(StaticStore.GetPlan(signup.Plan));
+        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan));

        var exception = await Assert.ThrowsAsync<BadRequestException>(
           () => sutProvider.Sut.SignUpOrganizationAsync(signup));
@@ -224,7 +224,7 @@ public class CloudICloudOrganizationSignUpCommandTests
        signup.AdditionalServiceAccounts = -10;
        signup.IsFromProvider = false;

-        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(StaticStore.GetPlan(signup.Plan));
+        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan));

        var exception = await Assert.ThrowsAsync<BadRequestException>(
            () => sutProvider.Sut.SignUpOrganizationAsync(signup));
@@ -244,7 +244,7 @@ public class CloudICloudOrganizationSignUpCommandTests
            Owner = new User { Id = Guid.NewGuid() }
        };

-        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(StaticStore.GetPlan(signup.Plan));
+        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(signup.Plan).Returns(MockPlans.Get(signup.Plan));

        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetCountByFreeOrganizationAdminUserAsync(signup.Owner.Id)
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationSignUp/ProviderClientOrganizationSignUpCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationSignUp/ProviderClientOrganizationSignUpCommandTests.cs
@@ -10,7 +10,7 @@ using Bit.Core.Models.Data;
 using Bit.Core.Models.StaticStore;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
-using Bit.Core.Utilities;
+using Bit.Core.Test.Billing.Mocks;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
@@ -36,7 +36,7 @@ public class ProviderClientOrganizationSignUpCommandTests
        signup.AdditionalSeats = 15;
        signup.CollectionName = collectionName;

-        var plan = StaticStore.GetPlan(signup.Plan);
+        var plan = MockPlans.Get(signup.Plan);
        sutProvider.GetDependency<IPricingClient>()
            .GetPlanOrThrow(signup.Plan)
            .Returns(plan);
@@ -112,7 +112,7 @@ public class ProviderClientOrganizationSignUpCommandTests
        signup.Plan = PlanType.TeamsMonthly;
        signup.AdditionalSeats = -5;

-        var plan = StaticStore.GetPlan(signup.Plan);
+        var plan = MockPlans.Get(signup.Plan);
        sutProvider.GetDependency<IPricingClient>()
            .GetPlanOrThrow(signup.Plan)
            .Returns(plan);
@@ -132,7 +132,7 @@ public class ProviderClientOrganizationSignUpCommandTests
    {
        signup.Plan = planType;

-        var plan = StaticStore.GetPlan(signup.Plan);
+        var plan = MockPlans.Get(signup.Plan);
        sutProvider.GetDependency<IPricingClient>()
            .GetPlanOrThrow(signup.Plan)
            .Returns(plan);
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationUpdateCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/OrganizationUpdateCommandTests.cs
@@ -0,0 +1,414 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.OrganizationFeatures.Organizations.Update;
+using Bit.Core.Billing.Organizations.Services;
+using Bit.Core.Enums;
+using Bit.Core.Exceptions;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Bit.Core.Settings;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Organizations;
+
+[SutProviderCustomize]
+public class OrganizationUpdateCommandTests
+{
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_WhenValidOrganization_UpdatesOrganization(
+        Guid organizationId,
+        string name,
+        string billingEmail,
+        Organization organization,
+        SutProvider<OrganizationUpdateCommand> sutProvider)
+    {
+        // Arrange
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+        var organizationService = sutProvider.GetDependency<IOrganizationService>();
+        var organizationBillingService = sutProvider.GetDependency<IOrganizationBillingService>();
+
+        organization.Id = organizationId;
+        organization.GatewayCustomerId = null; // No Stripe customer, so no billing update
+
+        organizationRepository
+            .GetByIdAsync(organizationId)
+            .Returns(organization);
+
+        var request = new OrganizationUpdateRequest
+        {
+            OrganizationId = organizationId,
+            Name = name,
+            BillingEmail = billingEmail
+        };
+
+        // Act
+        var result = await sutProvider.Sut.UpdateAsync(request);
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Equal(organizationId, result.Id);
+        Assert.Equal(name, result.Name);
+        Assert.Equal(billingEmail.ToLowerInvariant().Trim(), result.BillingEmail);
+
+        await organizationRepository
+            .Received(1)
+            .GetByIdAsync(Arg.Is<Guid>(id => id == organizationId));
+        await organizationService
+            .Received(1)
+            .ReplaceAndUpdateCacheAsync(
+                result,
+                EventType.Organization_Updated);
+        await organizationBillingService
+            .DidNotReceiveWithAnyArgs()
+            .UpdateOrganizationNameAndEmail(Arg.Any<Organization>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_WhenOrganizationNotFound_ThrowsNotFoundException(
+        Guid organizationId,
+        string name,
+        string billingEmail,
+        SutProvider<OrganizationUpdateCommand> sutProvider)
+    {
+        // Arrange
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+
+        organizationRepository
+            .GetByIdAsync(organizationId)
+            .Returns((Organization)null);
+
+        var request = new OrganizationUpdateRequest
+        {
+            OrganizationId = organizationId,
+            Name = name,
+            BillingEmail = billingEmail
+        };
+
+        // Act/Assert
+        await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.UpdateAsync(request));
+    }
+
+    [Theory]
+    [BitAutoData("")]
+    [BitAutoData((string)null)]
+    public async Task UpdateAsync_WhenGatewayCustomerIdIsNullOrEmpty_SkipsBillingUpdate(
+        string gatewayCustomerId,
+        Guid organizationId,
+        Organization organization,
+        SutProvider<OrganizationUpdateCommand> sutProvider)
+    {
+        // Arrange
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+        var organizationService = sutProvider.GetDependency<IOrganizationService>();
+        var organizationBillingService = sutProvider.GetDependency<IOrganizationBillingService>();
+
+        organization.Id = organizationId;
+        organization.Name = "Old Name";
+        organization.GatewayCustomerId = gatewayCustomerId;
+
+        organizationRepository
+            .GetByIdAsync(organizationId)
+            .Returns(organization);
+
+        var request = new OrganizationUpdateRequest
+        {
+            OrganizationId = organizationId,
+            Name = "New Name",
+            BillingEmail = organization.BillingEmail
+        };
+
+        // Act
+        var result = await sutProvider.Sut.UpdateAsync(request);
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Equal(organizationId, result.Id);
+        Assert.Equal("New Name", result.Name);
+
+        await organizationService
+            .Received(1)
+            .ReplaceAndUpdateCacheAsync(
+                result,
+                EventType.Organization_Updated);
+        await organizationBillingService
+            .DidNotReceiveWithAnyArgs()
+            .UpdateOrganizationNameAndEmail(Arg.Any<Organization>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_WhenKeysProvided_AndNotAlreadySet_SetsKeys(
+        Guid organizationId,
+        string publicKey,
+        string encryptedPrivateKey,
+        Organization organization,
+        SutProvider<OrganizationUpdateCommand> sutProvider)
+    {
+        // Arrange
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+        var organizationService = sutProvider.GetDependency<IOrganizationService>();
+
+        organization.Id = organizationId;
+        organization.PublicKey = null;
+        organization.PrivateKey = null;
+
+        organizationRepository
+            .GetByIdAsync(organizationId)
+            .Returns(organization);
+
+        var request = new OrganizationUpdateRequest
+        {
+            OrganizationId = organizationId,
+            Name = organization.Name,
+            BillingEmail = organization.BillingEmail,
+            PublicKey = publicKey,
+            EncryptedPrivateKey = encryptedPrivateKey
+        };
+
+        // Act
+        var result = await sutProvider.Sut.UpdateAsync(request);
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Equal(organizationId, result.Id);
+        Assert.Equal(publicKey, result.PublicKey);
+        Assert.Equal(encryptedPrivateKey, result.PrivateKey);
+
+        await organizationService
+            .Received(1)
+            .ReplaceAndUpdateCacheAsync(
+                result,
+                EventType.Organization_Updated);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_WhenKeysProvided_AndAlreadySet_DoesNotOverwriteKeys(
+        Guid organizationId,
+        string newPublicKey,
+        string newEncryptedPrivateKey,
+        Organization organization,
+        SutProvider<OrganizationUpdateCommand> sutProvider)
+    {
+        // Arrange
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+        var organizationService = sutProvider.GetDependency<IOrganizationService>();
+
+        organization.Id = organizationId;
+        var existingPublicKey = organization.PublicKey;
+        var existingPrivateKey = organization.PrivateKey;
+
+        organizationRepository
+            .GetByIdAsync(organizationId)
+            .Returns(organization);
+
+        var request = new OrganizationUpdateRequest
+        {
+            OrganizationId = organizationId,
+            Name = organization.Name,
+            BillingEmail = organization.BillingEmail,
+            PublicKey = newPublicKey,
+            EncryptedPrivateKey = newEncryptedPrivateKey
+        };
+
+        // Act
+        var result = await sutProvider.Sut.UpdateAsync(request);
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Equal(organizationId, result.Id);
+        Assert.Equal(existingPublicKey, result.PublicKey);
+        Assert.Equal(existingPrivateKey, result.PrivateKey);
+
+        await organizationService
+            .Received(1)
+            .ReplaceAndUpdateCacheAsync(
+                result,
+                EventType.Organization_Updated);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_UpdatingNameOnly_UpdatesNameAndNotBillingEmail(
+        Guid organizationId,
+        string newName,
+        Organization organization,
+        SutProvider<OrganizationUpdateCommand> sutProvider)
+    {
+        // Arrange
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+        var organizationService = sutProvider.GetDependency<IOrganizationService>();
+        var organizationBillingService = sutProvider.GetDependency<IOrganizationBillingService>();
+
+        organization.Id = organizationId;
+        organization.Name = "Old Name";
+        var originalBillingEmail = organization.BillingEmail;
+
+        organizationRepository
+            .GetByIdAsync(organizationId)
+            .Returns(organization);
+
+        var request = new OrganizationUpdateRequest
+        {
+            OrganizationId = organizationId,
+            Name = newName,
+            BillingEmail = null
+        };
+
+        // Act
+        var result = await sutProvider.Sut.UpdateAsync(request);
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Equal(organizationId, result.Id);
+        Assert.Equal(newName, result.Name);
+        Assert.Equal(originalBillingEmail, result.BillingEmail);
+
+        await organizationService
+            .Received(1)
+            .ReplaceAndUpdateCacheAsync(
+                result,
+                EventType.Organization_Updated);
+        await organizationBillingService
+            .Received(1)
+            .UpdateOrganizationNameAndEmail(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_UpdatingBillingEmailOnly_UpdatesBillingEmailAndNotName(
+        Guid organizationId,
+        string newBillingEmail,
+        Organization organization,
+        SutProvider<OrganizationUpdateCommand> sutProvider)
+    {
+        // Arrange
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+        var organizationService = sutProvider.GetDependency<IOrganizationService>();
+        var organizationBillingService = sutProvider.GetDependency<IOrganizationBillingService>();
+
+        organization.Id = organizationId;
+        organization.BillingEmail = "old@example.com";
+        var originalName = organization.Name;
+
+        organizationRepository
+            .GetByIdAsync(organizationId)
+            .Returns(organization);
+
+        var request = new OrganizationUpdateRequest
+        {
+            OrganizationId = organizationId,
+            Name = null,
+            BillingEmail = newBillingEmail
+        };
+
+        // Act
+        var result = await sutProvider.Sut.UpdateAsync(request);
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Equal(organizationId, result.Id);
+        Assert.Equal(originalName, result.Name);
+        Assert.Equal(newBillingEmail.ToLowerInvariant().Trim(), result.BillingEmail);
+
+        await organizationService
+            .Received(1)
+            .ReplaceAndUpdateCacheAsync(
+                result,
+                EventType.Organization_Updated);
+        await organizationBillingService
+            .Received(1)
+            .UpdateOrganizationNameAndEmail(result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_WhenNoChanges_PreservesBothFields(
+        Guid organizationId,
+        Organization organization,
+        SutProvider<OrganizationUpdateCommand> sutProvider)
+    {
+        // Arrange
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+        var organizationService = sutProvider.GetDependency<IOrganizationService>();
+        var organizationBillingService = sutProvider.GetDependency<IOrganizationBillingService>();
+
+        organization.Id = organizationId;
+        var originalName = organization.Name;
+        var originalBillingEmail = organization.BillingEmail;
+
+        organizationRepository
+            .GetByIdAsync(organizationId)
+            .Returns(organization);
+
+        var request = new OrganizationUpdateRequest
+        {
+            OrganizationId = organizationId,
+            Name = null,
+            BillingEmail = null
+        };
+
+        // Act
+        var result = await sutProvider.Sut.UpdateAsync(request);
+
+        // Assert
+        Assert.NotNull(result);
+        Assert.Equal(organizationId, result.Id);
+        Assert.Equal(originalName, result.Name);
+        Assert.Equal(originalBillingEmail, result.BillingEmail);
+
+        await organizationService
+            .Received(1)
+            .ReplaceAndUpdateCacheAsync(
+                result,
+                EventType.Organization_Updated);
+        await organizationBillingService
+            .DidNotReceiveWithAnyArgs()
+            .UpdateOrganizationNameAndEmail(Arg.Any<Organization>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task UpdateAsync_SelfHosted_OnlyUpdatesKeysNotOrganizationDetails(
+        Guid organizationId,
+        string newName,
+        string newBillingEmail,
+        string publicKey,
+        string encryptedPrivateKey,
+        Organization organization,
+        SutProvider<OrganizationUpdateCommand> sutProvider)
+    {
+        // Arrange
+        var organizationBillingService = sutProvider.GetDependency<IOrganizationBillingService>();
+        var globalSettings = sutProvider.GetDependency<IGlobalSettings>();
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+
+        globalSettings.SelfHosted.Returns(true);
+
+        organization.Id = organizationId;
+        organization.Name = "Original Name";
+        organization.BillingEmail = "original@example.com";
+        organization.PublicKey = null;
+        organization.PrivateKey = null;
+
+        organizationRepository.GetByIdAsync(organizationId).Returns(organization);
+
+        var request = new OrganizationUpdateRequest
+        {
+            OrganizationId = organizationId,
+            Name = newName, // Should be ignored
+            BillingEmail = newBillingEmail, // Should be ignored
+            PublicKey = publicKey,
+            EncryptedPrivateKey = encryptedPrivateKey
+        };
+
+        // Act
+        var result = await sutProvider.Sut.UpdateAsync(request);
+
+        // Assert
+        Assert.Equal("Original Name", result.Name); // Not changed
+        Assert.Equal("original@example.com", result.BillingEmail); // Not changed
+        Assert.Equal(publicKey, result.PublicKey); // Changed
+        Assert.Equal(encryptedPrivateKey, result.PrivateKey); // Changed
+
+        await organizationBillingService
+            .DidNotReceiveWithAnyArgs()
+            .UpdateOrganizationNameAndEmail(Arg.Any<Organization>());
+    }
+}
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/UpdateOrganizationSubscriptionCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Organizations/UpdateOrganizationSubscriptionCommandTests.cs
@@ -2,10 +2,10 @@
 using Bit.Core.AdminConsole.Models.Data.Organizations;
 using Bit.Core.AdminConsole.OrganizationFeatures.Organizations;
 using Bit.Core.Billing.Enums;
-using Bit.Core.Billing.Models.StaticStore.Plans;
 using Bit.Core.Models.StaticStore;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
+using Bit.Core.Test.Billing.Mocks.Plans;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using NSubstitute;
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/AutomaticUserConfirmationPolicyEventHandlerTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/AutomaticUserConfirmationPolicyEventHandlerTests.cs
@@ -21,52 +21,23 @@ namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyValidat
 public class AutomaticUserConfirmationPolicyEventHandlerTests
 {
    [Theory, BitAutoData]
-    public async Task ValidateAsync_EnablingPolicy_SingleOrgNotEnabled_ReturnsError(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
+    public void RequiredPolicies_IncludesSingleOrg(
        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
    {
-        // Arrange
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns((Policy?)null);
-
        // Act
-        var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);
+        var requiredPolicies = sutProvider.Sut.RequiredPolicies;

        // Assert
-        Assert.Contains("Single organization policy must be enabled", result, StringComparison.OrdinalIgnoreCase);
-    }
-
-    [Theory, BitAutoData]
-    public async Task ValidateAsync_EnablingPolicy_SingleOrgPolicyDisabled_ReturnsError(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg, false)] Policy singleOrgPolicy,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
-        // Act
-        var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);
-
-        // Assert
-        Assert.Contains("Single organization policy must be enabled", result, StringComparison.OrdinalIgnoreCase);
+        Assert.Contains(PolicyType.SingleOrg, requiredPolicies);
    }

    [Theory, BitAutoData]
    public async Task ValidateAsync_EnablingPolicy_UsersNotCompliantWithSingleOrg_ReturnsError(
        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
        Guid nonCompliantUserId,
        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
    {
        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
        var orgUser = new OrganizationUserUserDetails
        {
            Id = Guid.NewGuid(),
@@ -85,10 +56,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
            Status = OrganizationUserStatusType.Confirmed
        };

-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
            .Returns([orgUser]);
@@ -107,13 +74,10 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
    [Theory, BitAutoData]
    public async Task ValidateAsync_EnablingPolicy_UserWithInvitedStatusInOtherOrg_ValidationPasses(
        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
        Guid userId,
        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
    {
        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
        var orgUser = new OrganizationUserUserDetails
        {
            Id = Guid.NewGuid(),
@@ -121,7 +85,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
            Type = OrganizationUserType.User,
            Status = OrganizationUserStatusType.Confirmed,
            UserId = userId,
-            Email = "test@email.com"
        };

        var otherOrgUser = new OrganizationUser
@@ -133,10 +96,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
            Email = orgUser.Email
        };

-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
            .Returns([orgUser]);
@@ -146,7 +105,7 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
            .Returns([otherOrgUser]);

        sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
            .Returns([]);

        // Act
@@ -159,30 +118,37 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
    [Theory, BitAutoData]
    public async Task ValidateAsync_EnablingPolicy_ProviderUsersExist_ReturnsError(
        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
+        Guid userId,
        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
    {
        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
+        var orgUser = new OrganizationUserUserDetails
+        {
+            Id = Guid.NewGuid(),
+            OrganizationId = policyUpdate.OrganizationId,
+            Type = OrganizationUserType.User,
+            Status = OrganizationUserStatusType.Confirmed,
+            UserId = userId
+        };

        var providerUser = new ProviderUser
        {
            Id = Guid.NewGuid(),
            ProviderId = Guid.NewGuid(),
-            UserId = Guid.NewGuid(),
+            UserId = userId,
            Status = ProviderUserStatusType.Confirmed
        };

-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
+            .Returns([orgUser]);
+
+        sutProvider.GetDependency<IOrganizationUserRepository>()
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
            .Returns([]);

        sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
            .Returns([providerUser]);

        // Act
@@ -196,26 +162,18 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
    [Theory, BitAutoData]
    public async Task ValidateAsync_EnablingPolicy_AllValidationsPassed_ReturnsEmptyString(
        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
    {
        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
        var orgUser = new OrganizationUserUserDetails
        {
            Id = Guid.NewGuid(),
            OrganizationId = policyUpdate.OrganizationId,
            Type = OrganizationUserType.User,
            Status = OrganizationUserStatusType.Confirmed,
-            UserId = Guid.NewGuid(),
-            Email = "user@example.com"
+            UserId = Guid.NewGuid()
        };

-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
            .Returns([orgUser]);
@@ -225,7 +183,7 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
            .Returns([]);

        sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
            .Returns([]);

        // Act
@@ -249,9 +207,10 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests

        // Assert
        Assert.True(string.IsNullOrEmpty(result));
-        await sutProvider.GetDependency<IPolicyRepository>()
+
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
            .DidNotReceive()
-            .GetByOrganizationIdTypeAsync(Arg.Any<Guid>(), Arg.Any<PolicyType>());
+            .GetManyDetailsByOrganizationAsync(Arg.Any<Guid>());
    }

    [Theory, BitAutoData]
@@ -268,21 +227,18 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests

        // Assert
        Assert.True(string.IsNullOrEmpty(result));
-        await sutProvider.GetDependency<IPolicyRepository>()
+        await sutProvider.GetDependency<IOrganizationUserRepository>()
            .DidNotReceive()
-            .GetByOrganizationIdTypeAsync(Arg.Any<Guid>(), Arg.Any<PolicyType>());
+            .GetManyDetailsByOrganizationAsync(Arg.Any<Guid>());
    }

    [Theory, BitAutoData]
    public async Task ValidateAsync_EnablingPolicy_IncludesOwnersAndAdmins_InComplianceCheck(
        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
        Guid nonCompliantOwnerId,
        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
    {
        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
        var ownerUser = new OrganizationUserUserDetails
        {
            Id = Guid.NewGuid(),
@@ -290,7 +246,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
            Type = OrganizationUserType.Owner,
            Status = OrganizationUserStatusType.Confirmed,
            UserId = nonCompliantOwnerId,
-            Email = "owner@example.com"
        };

        var otherOrgUser = new OrganizationUser
@@ -301,10 +256,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
            Status = OrganizationUserStatusType.Confirmed
        };

-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
            .Returns([ownerUser]);
@@ -323,12 +274,9 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
    [Theory, BitAutoData]
    public async Task ValidateAsync_EnablingPolicy_InvitedUsersExcluded_FromComplianceCheck(
        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
    {
        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
        var invitedUser = new OrganizationUserUserDetails
        {
            Id = Guid.NewGuid(),
@@ -339,16 +287,12 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
            Email = "invited@example.com"
        };

-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
            .Returns([invitedUser]);

        sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
            .Returns([]);

        // Act
@@ -359,14 +303,11 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
    }

    [Theory, BitAutoData]
-    public async Task ValidateAsync_EnablingPolicy_RevokedUsersExcluded_FromComplianceCheck(
+    public async Task ValidateAsync_EnablingPolicy_RevokedUsersIncluded_InComplianceCheck(
        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
    {
        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
        var revokedUser = new OrganizationUserUserDetails
        {
            Id = Guid.NewGuid(),
@@ -374,38 +315,44 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
            Type = OrganizationUserType.User,
            Status = OrganizationUserStatusType.Revoked,
            UserId = Guid.NewGuid(),
-            Email = "revoked@example.com"
        };

-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
+        var additionalOrgUser = new OrganizationUser
+        {
+            Id = Guid.NewGuid(),
+            OrganizationId = Guid.NewGuid(),
+            Type = OrganizationUserType.User,
+            Status = OrganizationUserStatusType.Revoked,
+            UserId = revokedUser.UserId,
+        };

-        sutProvider.GetDependency<IOrganizationUserRepository>()
+        var orgUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
+
+        orgUserRepository
            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
            .Returns([revokedUser]);

+        orgUserRepository.GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
+            .Returns([additionalOrgUser]);
+
        sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
+            .GetManyByManyUsersAsync(Arg.Any<IEnumerable<Guid>>())
            .Returns([]);

        // Act
        var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);

        // Assert
-        Assert.True(string.IsNullOrEmpty(result));
+        Assert.Contains("compliant with the Single organization policy", result, StringComparison.OrdinalIgnoreCase);
    }

    [Theory, BitAutoData]
    public async Task ValidateAsync_EnablingPolicy_AcceptedUsersIncluded_InComplianceCheck(
        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
        Guid nonCompliantUserId,
        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
    {
        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
        var acceptedUser = new OrganizationUserUserDetails
        {
            Id = Guid.NewGuid(),
@@ -413,7 +360,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
            Type = OrganizationUserType.User,
            Status = OrganizationUserStatusType.Accepted,
            UserId = nonCompliantUserId,
-            Email = "accepted@example.com"
        };

        var otherOrgUser = new OrganizationUser
@@ -424,10 +370,6 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
            Status = OrganizationUserStatusType.Confirmed
        };

-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
            .Returns([acceptedUser]);
@@ -443,186 +385,22 @@ public class AutomaticUserConfirmationPolicyEventHandlerTests
        Assert.Contains("compliant with the Single organization policy", result, StringComparison.OrdinalIgnoreCase);
    }

-    [Theory, BitAutoData]
-    public async Task ValidateAsync_EnablingPolicy_EmptyOrganization_ReturnsEmptyString(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
-        sutProvider.GetDependency<IOrganizationUserRepository>()
-            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
-            .Returns([]);
-
-        sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
-            .Returns([]);
-
-        // Act
-        var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);
-
-        // Assert
-        Assert.True(string.IsNullOrEmpty(result));
-    }
-
    [Theory, BitAutoData]
    public async Task ValidateAsync_WithSavePolicyModel_CallsValidateWithPolicyUpdate(
        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.SingleOrg)] Policy singleOrgPolicy,
        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
    {
        // Arrange
-        singleOrgPolicy.OrganizationId = policyUpdate.OrganizationId;
-
        var savePolicyModel = new SavePolicyModel(policyUpdate);

-        sutProvider.GetDependency<IPolicyRepository>()
-            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, PolicyType.SingleOrg)
-            .Returns(singleOrgPolicy);
-
        sutProvider.GetDependency<IOrganizationUserRepository>()
            .GetManyDetailsByOrganizationAsync(policyUpdate.OrganizationId)
            .Returns([]);

-        sutProvider.GetDependency<IProviderUserRepository>()
-            .GetManyByOrganizationAsync(policyUpdate.OrganizationId)
-            .Returns([]);
-
        // Act
        var result = await sutProvider.Sut.ValidateAsync(savePolicyModel, null);

        // Assert
        Assert.True(string.IsNullOrEmpty(result));
    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_EnablingPolicy_SetsUseAutomaticUserConfirmationToTrue(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        Organization organization,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        organization.Id = policyUpdate.OrganizationId;
-        organization.UseAutomaticUserConfirmation = false;
-
-        sutProvider.GetDependency<IOrganizationRepository>()
-            .GetByIdAsync(policyUpdate.OrganizationId)
-            .Returns(organization);
-
-        // Act
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, null);
-
-        // Assert
-        await sutProvider.GetDependency<IOrganizationRepository>()
-            .Received(1)
-            .UpsertAsync(Arg.Is<Organization>(o =>
-                o.Id == organization.Id &&
-                o.UseAutomaticUserConfirmation == true &&
-                o.RevisionDate > DateTime.MinValue));
-    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_DisablingPolicy_SetsUseAutomaticUserConfirmationToFalse(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation, false)] PolicyUpdate policyUpdate,
-        Organization organization,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        organization.Id = policyUpdate.OrganizationId;
-        organization.UseAutomaticUserConfirmation = true;
-
-        sutProvider.GetDependency<IOrganizationRepository>()
-            .GetByIdAsync(policyUpdate.OrganizationId)
-            .Returns(organization);
-
-        // Act
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, null);
-
-        // Assert
-        await sutProvider.GetDependency<IOrganizationRepository>()
-            .Received(1)
-            .UpsertAsync(Arg.Is<Organization>(o =>
-                o.Id == organization.Id &&
-                o.UseAutomaticUserConfirmation == false &&
-                o.RevisionDate > DateTime.MinValue));
-    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_OrganizationNotFound_DoesNotThrowException(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        sutProvider.GetDependency<IOrganizationRepository>()
-            .GetByIdAsync(policyUpdate.OrganizationId)
-            .Returns((Organization?)null);
-
-        // Act
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, null);
-
-        // Assert
-        await sutProvider.GetDependency<IOrganizationRepository>()
-            .DidNotReceive()
-            .UpsertAsync(Arg.Any<Organization>());
-    }
-
-    [Theory, BitAutoData]
-    public async Task ExecutePreUpsertSideEffectAsync_CallsOnSaveSideEffectsAsync(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        [Policy(PolicyType.AutomaticUserConfirmation)] Policy currentPolicy,
-        Organization organization,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        organization.Id = policyUpdate.OrganizationId;
-        currentPolicy.OrganizationId = policyUpdate.OrganizationId;
-
-        var savePolicyModel = new SavePolicyModel(policyUpdate);
-
-        sutProvider.GetDependency<IOrganizationRepository>()
-            .GetByIdAsync(policyUpdate.OrganizationId)
-            .Returns(organization);
-
-        // Act
-        await sutProvider.Sut.ExecutePreUpsertSideEffectAsync(savePolicyModel, currentPolicy);
-
-        // Assert
-        await sutProvider.GetDependency<IOrganizationRepository>()
-            .Received(1)
-            .UpsertAsync(Arg.Is<Organization>(o =>
-                o.Id == organization.Id &&
-                o.UseAutomaticUserConfirmation == policyUpdate.Enabled));
-    }
-
-    [Theory, BitAutoData]
-    public async Task OnSaveSideEffectsAsync_UpdatesRevisionDate(
-        [PolicyUpdate(PolicyType.AutomaticUserConfirmation)] PolicyUpdate policyUpdate,
-        Organization organization,
-        SutProvider<AutomaticUserConfirmationPolicyEventHandler> sutProvider)
-    {
-        // Arrange
-        organization.Id = policyUpdate.OrganizationId;
-        var originalRevisionDate = DateTime.UtcNow.AddDays(-1);
-        organization.RevisionDate = originalRevisionDate;
-
-        sutProvider.GetDependency<IOrganizationRepository>()
-            .GetByIdAsync(policyUpdate.OrganizationId)
-            .Returns(organization);
-
-        // Act
-        await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, null);
-
-        // Assert
-        await sutProvider.GetDependency<IOrganizationRepository>()
-            .Received(1)
-            .UpsertAsync(Arg.Is<Organization>(o =>
-                o.Id == organization.Id &&
-                o.RevisionDate > originalRevisionDate));
-    }
 }
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/BlockClaimedDomainAccountCreationPolicyValidatorTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/BlockClaimedDomainAccountCreationPolicyValidatorTests.cs
@@ -0,0 +1,189 @@
+namespace Bit.Core.Test.AdminConsole.OrganizationFeatures.Policies.PolicyValidators;
+
+using Bit.Core.AdminConsole.Enums;
+using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
+using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyValidators;
+using Bit.Core.Services;
+using Bit.Core.Test.AdminConsole.AutoFixture;
+using Bit.Test.Common.AutoFixture;
+using Bit.Test.Common.AutoFixture.Attributes;
+using NSubstitute;
+using Xunit;
+
+[SutProviderCustomize]
+public class BlockClaimedDomainAccountCreationPolicyValidatorTests
+{
+    [Theory, BitAutoData]
+    public async Task ValidateAsync_EnablingPolicy_NoVerifiedDomains_ValidationError(
+        [PolicyUpdate(PolicyType.BlockClaimedDomainAccountCreation, true)] PolicyUpdate policyUpdate,
+        SutProvider<BlockClaimedDomainAccountCreationPolicyValidator> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)
+            .Returns(true);
+
+        sutProvider.GetDependency<IOrganizationHasVerifiedDomainsQuery>()
+            .HasVerifiedDomainsAsync(policyUpdate.OrganizationId)
+            .Returns(false);
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);
+
+        // Assert
+        Assert.Equal("You must claim at least one domain to turn on this policy", result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task ValidateAsync_EnablingPolicy_HasVerifiedDomains_Success(
+        [PolicyUpdate(PolicyType.BlockClaimedDomainAccountCreation, true)] PolicyUpdate policyUpdate,
+        SutProvider<BlockClaimedDomainAccountCreationPolicyValidator> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)
+            .Returns(true);
+
+        sutProvider.GetDependency<IOrganizationHasVerifiedDomainsQuery>()
+            .HasVerifiedDomainsAsync(policyUpdate.OrganizationId)
+            .Returns(true);
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);
+
+        // Assert
+        Assert.True(string.IsNullOrEmpty(result));
+    }
+
+    [Theory, BitAutoData]
+    public async Task ValidateAsync_DisablingPolicy_NoValidation(
+        [PolicyUpdate(PolicyType.BlockClaimedDomainAccountCreation, false)] PolicyUpdate policyUpdate,
+        SutProvider<BlockClaimedDomainAccountCreationPolicyValidator> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)
+            .Returns(true);
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);
+
+        // Assert
+        Assert.True(string.IsNullOrEmpty(result));
+        await sutProvider.GetDependency<IOrganizationHasVerifiedDomainsQuery>()
+            .DidNotReceive()
+            .HasVerifiedDomainsAsync(Arg.Any<Guid>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task ValidateAsync_WithSavePolicyModel_EnablingPolicy_NoVerifiedDomains_ValidationError(
+        [PolicyUpdate(PolicyType.BlockClaimedDomainAccountCreation, true)] PolicyUpdate policyUpdate,
+        SutProvider<BlockClaimedDomainAccountCreationPolicyValidator> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)
+            .Returns(true);
+
+        sutProvider.GetDependency<IOrganizationHasVerifiedDomainsQuery>()
+            .HasVerifiedDomainsAsync(policyUpdate.OrganizationId)
+            .Returns(false);
+
+        var savePolicyModel = new SavePolicyModel(policyUpdate, null, new EmptyMetadataModel());
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(savePolicyModel, null);
+
+        // Assert
+        Assert.Equal("You must claim at least one domain to turn on this policy", result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task ValidateAsync_WithSavePolicyModel_EnablingPolicy_HasVerifiedDomains_Success(
+        [PolicyUpdate(PolicyType.BlockClaimedDomainAccountCreation, true)] PolicyUpdate policyUpdate,
+        SutProvider<BlockClaimedDomainAccountCreationPolicyValidator> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)
+            .Returns(true);
+
+        sutProvider.GetDependency<IOrganizationHasVerifiedDomainsQuery>()
+            .HasVerifiedDomainsAsync(policyUpdate.OrganizationId)
+            .Returns(true);
+
+        var savePolicyModel = new SavePolicyModel(policyUpdate, null, new EmptyMetadataModel());
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(savePolicyModel, null);
+
+        // Assert
+        Assert.True(string.IsNullOrEmpty(result));
+    }
+
+    [Theory, BitAutoData]
+    public async Task ValidateAsync_WithSavePolicyModel_DisablingPolicy_NoValidation(
+        [PolicyUpdate(PolicyType.BlockClaimedDomainAccountCreation, false)] PolicyUpdate policyUpdate,
+        SutProvider<BlockClaimedDomainAccountCreationPolicyValidator> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)
+            .Returns(true);
+
+        var savePolicyModel = new SavePolicyModel(policyUpdate, null, new EmptyMetadataModel());
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(savePolicyModel, null);
+
+        // Assert
+        Assert.True(string.IsNullOrEmpty(result));
+        await sutProvider.GetDependency<IOrganizationHasVerifiedDomainsQuery>()
+            .DidNotReceive()
+            .HasVerifiedDomainsAsync(Arg.Any<Guid>());
+    }
+
+    [Theory, BitAutoData]
+    public async Task ValidateAsync_FeatureFlagDisabled_ReturnsError(
+        [PolicyUpdate(PolicyType.BlockClaimedDomainAccountCreation, true)] PolicyUpdate policyUpdate,
+        SutProvider<BlockClaimedDomainAccountCreationPolicyValidator> sutProvider)
+    {
+        // Arrange
+        sutProvider.GetDependency<IFeatureService>()
+            .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)
+            .Returns(false);
+
+        // Act
+        var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null);
+
+        // Assert
+        Assert.Equal("This feature is not enabled", result);
+        await sutProvider.GetDependency<IOrganizationHasVerifiedDomainsQuery>()
+            .DidNotReceive()
+            .HasVerifiedDomainsAsync(Arg.Any<Guid>());
+    }
+
+    [Fact]
+    public void Type_ReturnsBlockClaimedDomainAccountCreation()
+    {
+        // Arrange
+        var validator = new BlockClaimedDomainAccountCreationPolicyValidator(null, null);
+
+        // Act & Assert
+        Assert.Equal(PolicyType.BlockClaimedDomainAccountCreation, validator.Type);
+    }
+
+    [Fact]
+    public void RequiredPolicies_ReturnsEmpty()
+    {
+        // Arrange
+        var validator = new BlockClaimedDomainAccountCreationPolicyValidator(null, null);
+
+        // Act
+        var requiredPolicies = validator.RequiredPolicies.ToList();
+
+        // Assert
+        Assert.Empty(requiredPolicies);
+    }
+}
--- a/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/SavePolicyCommandTests.cs
+++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/SavePolicyCommandTests.cs
@@ -6,8 +6,11 @@ using Bit.Core.AdminConsole.OrganizationFeatures.Policies;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Implementations;
 using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models;
 using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Enums;
 using Bit.Core.Exceptions;
+using Bit.Core.Models;
 using Bit.Core.Models.Data.Organizations;
+using Bit.Core.Platform.Push;
 using Bit.Core.Services;
 using Bit.Core.Test.AdminConsole.AutoFixture;
 using Bit.Test.Common.AutoFixture;
@@ -95,7 +98,8 @@ public class SavePolicyCommandTests
                Substitute.For<IPolicyRepository>(),
                [new FakeSingleOrgPolicyValidator(), new FakeSingleOrgPolicyValidator()],
                Substitute.For<TimeProvider>(),
-                Substitute.For<IPostSavePolicySideEffect>()));
+                Substitute.For<IPostSavePolicySideEffect>(),
+                Substitute.For<IPushNotificationService>()));
        Assert.Contains("Duplicate PolicyValidator for SingleOrg policy", exception.Message);
    }

@@ -360,6 +364,103 @@ public class SavePolicyCommandTests
            .ExecuteSideEffectsAsync(default!, default!, default!);
    }

+    [Theory, BitAutoData]
+    public async Task VNextSaveAsync_SendsPushNotification(
+        [PolicyUpdate(PolicyType.SingleOrg)] PolicyUpdate policyUpdate,
+        [Policy(PolicyType.SingleOrg, false)] Policy currentPolicy)
+    {
+        // Arrange
+        var fakePolicyValidator = new FakeSingleOrgPolicyValidator();
+        fakePolicyValidator.ValidateAsyncMock(policyUpdate, null).Returns("");
+        var sutProvider = SutProviderFactory([fakePolicyValidator]);
+        var savePolicyModel = new SavePolicyModel(policyUpdate);
+
+        currentPolicy.OrganizationId = policyUpdate.OrganizationId;
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, policyUpdate.Type)
+            .Returns(currentPolicy);
+
+        ArrangeOrganization(sutProvider, policyUpdate);
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetManyByOrganizationIdAsync(policyUpdate.OrganizationId)
+            .Returns([currentPolicy]);
+
+        // Act
+        var result = await sutProvider.Sut.VNextSaveAsync(savePolicyModel);
+
+        // Assert
+        await sutProvider.GetDependency<IPushNotificationService>().Received(1)
+            .PushAsync(Arg.Is<PushNotification<SyncPolicyPushNotification>>(p =>
+                p.Type == PushType.PolicyChanged &&
+                p.Target == NotificationTarget.Organization &&
+                p.TargetId == policyUpdate.OrganizationId &&
+                p.ExcludeCurrentContext == false &&
+                p.Payload.OrganizationId == policyUpdate.OrganizationId &&
+                p.Payload.Policy.Id == result.Id &&
+                p.Payload.Policy.Type == policyUpdate.Type &&
+                p.Payload.Policy.Enabled == policyUpdate.Enabled &&
+                p.Payload.Policy.Data == policyUpdate.Data));
+    }
+
+    [Theory, BitAutoData]
+    public async Task SaveAsync_SendsPushNotification([PolicyUpdate(PolicyType.SingleOrg)] PolicyUpdate policyUpdate)
+    {
+        var fakePolicyValidator = new FakeSingleOrgPolicyValidator();
+        fakePolicyValidator.ValidateAsyncMock(policyUpdate, null).Returns("");
+        var sutProvider = SutProviderFactory([fakePolicyValidator]);
+
+        ArrangeOrganization(sutProvider, policyUpdate);
+        sutProvider.GetDependency<IPolicyRepository>().GetManyByOrganizationIdAsync(policyUpdate.OrganizationId).Returns([]);
+
+        var result = await sutProvider.Sut.SaveAsync(policyUpdate);
+
+        await sutProvider.GetDependency<IPushNotificationService>().Received(1)
+            .PushAsync(Arg.Is<PushNotification<SyncPolicyPushNotification>>(p =>
+                p.Type == PushType.PolicyChanged &&
+                p.Target == NotificationTarget.Organization &&
+                p.TargetId == policyUpdate.OrganizationId &&
+                p.ExcludeCurrentContext == false &&
+                p.Payload.OrganizationId == policyUpdate.OrganizationId &&
+                p.Payload.Policy.Id == result.Id &&
+                p.Payload.Policy.Type == policyUpdate.Type &&
+                p.Payload.Policy.Enabled == policyUpdate.Enabled &&
+                p.Payload.Policy.Data == policyUpdate.Data));
+    }
+
+    [Theory, BitAutoData]
+    public async Task SaveAsync_ExistingPolicy_SendsPushNotificationWithUpdatedPolicy(
+        [PolicyUpdate(PolicyType.SingleOrg)] PolicyUpdate policyUpdate,
+        [Policy(PolicyType.SingleOrg, false)] Policy currentPolicy)
+    {
+        var fakePolicyValidator = new FakeSingleOrgPolicyValidator();
+        fakePolicyValidator.ValidateAsyncMock(policyUpdate, null).Returns("");
+        var sutProvider = SutProviderFactory([fakePolicyValidator]);
+
+        currentPolicy.OrganizationId = policyUpdate.OrganizationId;
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetByOrganizationIdTypeAsync(policyUpdate.OrganizationId, policyUpdate.Type)
+            .Returns(currentPolicy);
+
+        ArrangeOrganization(sutProvider, policyUpdate);
+        sutProvider.GetDependency<IPolicyRepository>()
+            .GetManyByOrganizationIdAsync(policyUpdate.OrganizationId)
+            .Returns([currentPolicy]);
+
+        var result = await sutProvider.Sut.SaveAsync(policyUpdate);
+
+        await sutProvider.GetDependency<IPushNotificationService>().Received(1)
+            .PushAsync(Arg.Is<PushNotification<SyncPolicyPushNotification>>(p =>
+                p.Type == PushType.PolicyChanged &&
+                p.Target == NotificationTarget.Organization &&
+                p.TargetId == policyUpdate.OrganizationId &&
+                p.ExcludeCurrentContext == false &&
+                p.Payload.OrganizationId == policyUpdate.OrganizationId &&
+                p.Payload.Policy.Id == result.Id &&
+                p.Payload.Policy.Type == policyUpdate.Type &&
+                p.Payload.Policy.Enabled == policyUpdate.Enabled &&
+                p.Payload.Policy.Data == policyUpdate.Data));
+    }
+
    /// <summary>
    /// Returns a new SutProvider with the PolicyValidators registered in the Sut.
    /// </summary>
--- a/test/Core.Test/AdminConsole/Services/EventIntegrationHandlerTests.cs
+++ b/test/Core.Test/AdminConsole/Services/EventIntegrationHandlerTests.cs
@@ -1,18 +1,23 @@
-using System.Text.Json;
+#nullable enable
+
+using System.Text.Json;
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Models.Data.EventIntegrations;
-using Bit.Core.Entities;
+using Bit.Core.AdminConsole.Repositories;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations;
+using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
+using Bit.Core.Utilities;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Bit.Test.Common.Helpers;
 using Microsoft.Extensions.Logging;
 using NSubstitute;
 using Xunit;
+using ZiggyCreatures.Caching.Fusion;

 namespace Bit.Core.Test.Services;

@@ -20,9 +25,10 @@ namespace Bit.Core.Test.Services;
 public class EventIntegrationHandlerTests
 {
    private const string _templateBase = "Date: #Date#, Type: #Type#, UserId: #UserId#";
+    private const string _templateWithGroup = "Group: #GroupName#";
    private const string _templateWithOrganization = "Org: #OrganizationName#";
-    private const string _templateWithUser = "#UserName#, #UserEmail#";
-    private const string _templateWithActingUser = "#ActingUserName#, #ActingUserEmail#";
+    private const string _templateWithUser = "#UserName#, #UserEmail#, #UserType#";
+    private const string _templateWithActingUser = "#ActingUserName#, #ActingUserEmail#, #ActingUserType#";
    private static readonly Guid _organizationId = Guid.NewGuid();
    private static readonly Uri _uri = new Uri("https://localhost");
    private static readonly Uri _uri2 = new Uri("https://example.com");
@@ -33,19 +39,23 @@ public class EventIntegrationHandlerTests
    private SutProvider<EventIntegrationHandler<WebhookIntegrationConfigurationDetails>> GetSutProvider(
        List<OrganizationIntegrationConfigurationDetails> configurations)
    {
-        var configurationCache = Substitute.For<IIntegrationConfigurationDetailsCache>();
-        configurationCache.GetConfigurationDetails(Arg.Any<Guid>(),
-            IntegrationType.Webhook, Arg.Any<EventType>()).Returns(configurations);
+        var cache = Substitute.For<IFusionCache>();
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<object, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>>(),
+            options: Arg.Any<FusionCacheEntryOptions>(),
+            tags: Arg.Any<IEnumerable<string>>()
+        ).Returns(configurations);

        return new SutProvider<EventIntegrationHandler<WebhookIntegrationConfigurationDetails>>()
-            .SetDependency(configurationCache)
+            .SetDependency(cache)
            .SetDependency(_eventIntegrationPublisher)
            .SetDependency(IntegrationType.Webhook)
            .SetDependency(_logger)
            .Create();
    }

-    private static IntegrationMessage<WebhookIntegrationConfigurationDetails> expectedMessage(string template)
+    private static IntegrationMessage<WebhookIntegrationConfigurationDetails> ExpectedMessage(string template)
    {
        return new IntegrationMessage<WebhookIntegrationConfigurationDetails>()
        {
@@ -105,16 +115,363 @@ public class EventIntegrationHandlerTests
        config.Configuration = null;
        config.IntegrationConfiguration = JsonSerializer.Serialize(new { Uri = _uri });
        config.Template = _templateBase;
-        config.Filters = JsonSerializer.Serialize(new IntegrationFilterGroup() { });
+        config.Filters = JsonSerializer.Serialize(new IntegrationFilterGroup());

        return [config];
    }

+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_ActingUserIdPresent_UsesCache(EventMessage eventMessage, OrganizationUserUserDetails actingUser)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithActingUser));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+        eventMessage.ActingUserId ??= Guid.NewGuid();
+
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>()
+        ).Returns(actingUser);
+
+        var context = await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithActingUser);
+
+        await cache.Received(1).GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>()
+        );
+
+        Assert.Equal(actingUser, context.ActingUser);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_ActingUserIdNull_SkipsCache(EventMessage eventMessage)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithActingUser));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+        eventMessage.ActingUserId = null;
+
+        var context = await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithActingUser);
+
+        await cache.DidNotReceive().GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>()
+        );
+        Assert.Null(context.ActingUser);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_ActingUserOrganizationIdNull_SkipsCache(EventMessage eventMessage)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithActingUser));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        eventMessage.OrganizationId = null;
+        eventMessage.ActingUserId ??= Guid.NewGuid();
+
+        var context = await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithActingUser);
+
+        await cache.DidNotReceive().GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>()
+        );
+        Assert.Null(context.ActingUser);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_ActingUserFactory_CallsOrganizationUserRepository(EventMessage eventMessage, OrganizationUserUserDetails actingUser)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithActingUser));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
+
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+        eventMessage.ActingUserId ??= Guid.NewGuid();
+        organizationUserRepository.GetDetailsByOrganizationIdUserIdAsync(
+            eventMessage.OrganizationId.Value,
+            eventMessage.ActingUserId.Value).Returns(actingUser);
+
+        // Capture the factory function passed to the cache
+        Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>? capturedFactory = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Do<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>(f => capturedFactory = f)
+        ).Returns(actingUser);
+
+        await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithActingUser);
+
+        Assert.NotNull(capturedFactory);
+        var result = await capturedFactory(null!, CancellationToken.None);
+
+        await organizationUserRepository.Received(1).GetDetailsByOrganizationIdUserIdAsync(
+            eventMessage.OrganizationId.Value,
+            eventMessage.ActingUserId.Value);
+        Assert.Equal(actingUser, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_GroupIdPresent_UsesCache(EventMessage eventMessage, Group group)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithGroup));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        eventMessage.GroupId ??= Guid.NewGuid();
+
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<Group?>, CancellationToken, Task<Group?>>>()
+        ).Returns(group);
+
+        var context = await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithGroup);
+
+        await cache.Received(1).GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<Group?>, CancellationToken, Task<Group?>>>()
+        );
+        Assert.Equal(group, context.Group);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_GroupIdNull_SkipsCache(EventMessage eventMessage)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithGroup));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        eventMessage.GroupId = null;
+
+        var context = await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithGroup);
+
+        await cache.DidNotReceive().GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<Group?>, CancellationToken, Task<Group?>>>()
+        );
+        Assert.Null(context.Group);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_GroupFactory_CallsGroupRepository(EventMessage eventMessage, Group group)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithGroup));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        var groupRepository = sutProvider.GetDependency<IGroupRepository>();
+
+        eventMessage.GroupId ??= Guid.NewGuid();
+        groupRepository.GetByIdAsync(eventMessage.GroupId.Value).Returns(group);
+
+        // Capture the factory function passed to the cache
+        Func<FusionCacheFactoryExecutionContext<Group?>, CancellationToken, Task<Group?>>? capturedFactory = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Do<Func<FusionCacheFactoryExecutionContext<Group?>, CancellationToken, Task<Group?>>>(f => capturedFactory = f)
+        ).Returns(group);
+
+        await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithGroup);
+
+        Assert.NotNull(capturedFactory);
+        var result = await capturedFactory(null!, CancellationToken.None);
+
+        await groupRepository.Received(1).GetByIdAsync(eventMessage.GroupId.Value);
+        Assert.Equal(group, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_OrganizationIdPresent_UsesCache(EventMessage eventMessage, Organization organization)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithOrganization));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<Organization?>, CancellationToken, Task<Organization?>>>()
+        ).Returns(organization);
+
+        var context = await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithOrganization);
+
+        await cache.Received(1).GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<Organization?>, CancellationToken, Task<Organization?>>>()
+        );
+        Assert.Equal(organization, context.Organization);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_OrganizationIdNull_SkipsCache(EventMessage eventMessage)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithOrganization));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        eventMessage.OrganizationId = null;
+
+        var context = await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithOrganization);
+
+        await cache.DidNotReceive().GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<Organization?>, CancellationToken, Task<Organization?>>>()
+        );
+        Assert.Null(context.Organization);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_OrganizationFactory_CallsOrganizationRepository(EventMessage eventMessage, Organization organization)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithOrganization));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
+
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+        organizationRepository.GetByIdAsync(eventMessage.OrganizationId.Value).Returns(organization);
+
+        // Capture the factory function passed to the cache
+        Func<FusionCacheFactoryExecutionContext<Organization?>, CancellationToken, Task<Organization?>>? capturedFactory = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Do<Func<FusionCacheFactoryExecutionContext<Organization?>, CancellationToken, Task<Organization?>>>(f => capturedFactory = f)
+        ).Returns(organization);
+
+        await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithOrganization);
+
+        Assert.NotNull(capturedFactory);
+        var result = await capturedFactory(null!, CancellationToken.None);
+
+        await organizationRepository.Received(1).GetByIdAsync(eventMessage.OrganizationId.Value);
+        Assert.Equal(organization, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_UserIdPresent_UsesCache(EventMessage eventMessage, OrganizationUserUserDetails userDetails)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithUser));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+        eventMessage.UserId ??= Guid.NewGuid();
+
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>()
+        ).Returns(userDetails);
+
+        var context = await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithUser);
+
+        await cache.Received(1).GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>()
+        );
+
+        Assert.Equal(userDetails, context.User);
+    }
+
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_UserIdNull_SkipsCache(EventMessage eventMessage)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithUser));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        eventMessage.OrganizationId = null;
+        eventMessage.UserId ??= Guid.NewGuid();
+
+        var context = await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithUser);
+
+        await cache.DidNotReceive().GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>()
+        );
+
+        Assert.Null(context.User);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_OrganizationUserIdNull_SkipsCache(EventMessage eventMessage)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithUser));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+        eventMessage.UserId = null;
+
+        var context = await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithUser);
+
+        await cache.DidNotReceive().GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>()
+        );
+
+        Assert.Null(context.User);
+    }
+
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_UserFactory_CallsOrganizationUserRepository(EventMessage eventMessage, OrganizationUserUserDetails userDetails)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithUser));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        var organizationUserRepository = sutProvider.GetDependency<IOrganizationUserRepository>();
+
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+        eventMessage.UserId ??= Guid.NewGuid();
+        organizationUserRepository.GetDetailsByOrganizationIdUserIdAsync(
+            eventMessage.OrganizationId.Value,
+            eventMessage.UserId.Value).Returns(userDetails);
+
+        // Capture the factory function passed to the cache
+        Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>? capturedFactory = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Do<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>(f => capturedFactory = f)
+        ).Returns(userDetails);
+
+        await sutProvider.Sut.BuildContextAsync(eventMessage, _templateWithUser);
+
+        Assert.NotNull(capturedFactory);
+        var result = await capturedFactory(null!, CancellationToken.None);
+
+        await organizationUserRepository.Received(1).GetDetailsByOrganizationIdUserIdAsync(
+            eventMessage.OrganizationId.Value,
+            eventMessage.UserId.Value);
+        Assert.Equal(userDetails, result);
+    }
+
+    [Theory, BitAutoData]
+    public async Task BuildContextAsync_NoSpecialTokens_DoesNotCallAnyCache(EventMessage eventMessage)
+    {
+        var sutProvider = GetSutProvider(OneConfiguration(_templateWithUser));
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        eventMessage.ActingUserId ??= Guid.NewGuid();
+        eventMessage.GroupId ??= Guid.NewGuid();
+        eventMessage.OrganizationId ??= Guid.NewGuid();
+        eventMessage.UserId ??= Guid.NewGuid();
+
+        await sutProvider.Sut.BuildContextAsync(eventMessage, _templateBase);
+
+        await cache.DidNotReceive().GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<Group?>, CancellationToken, Task<Group?>>>()
+        );
+        await cache.DidNotReceive().GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<Organization?>, CancellationToken, Task<Organization?>>>()
+        );
+        await cache.DidNotReceive().GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<OrganizationUserUserDetails?>, CancellationToken, Task<OrganizationUserUserDetails?>>>()
+        );
+    }

    [Theory, BitAutoData]
    public async Task HandleEventAsync_BaseTemplateNoConfigurations_DoesNothing(EventMessage eventMessage)
    {
        var sutProvider = GetSutProvider(NoConfigurations());
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        cache.GetOrSetAsync<List<OrganizationIntegrationConfigurationDetails>>(
+            Arg.Any<string>(),
+            Arg.Any<Func<object, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>>(),
+            Arg.Any<FusionCacheEntryOptions>()
+        ).Returns(NoConfigurations());

        await sutProvider.Sut.HandleEventAsync(eventMessage);
        Assert.Empty(_eventIntegrationPublisher.ReceivedCalls());
@@ -133,31 +490,32 @@ public class EventIntegrationHandlerTests
    [Theory, BitAutoData]
    public async Task HandleEventAsync_BaseTemplateOneConfiguration_PublishesIntegrationMessage(EventMessage eventMessage)
    {
-        var sutProvider = GetSutProvider(OneConfiguration(_templateBase));
        eventMessage.OrganizationId = _organizationId;
+        var sutProvider = GetSutProvider(OneConfiguration(_templateBase));

        await sutProvider.Sut.HandleEventAsync(eventMessage);

-        var expectedMessage = EventIntegrationHandlerTests.expectedMessage(
+        var expectedMessage = EventIntegrationHandlerTests.ExpectedMessage(
            $"Date: {eventMessage.Date}, Type: {eventMessage.Type}, UserId: {eventMessage.UserId}"
        );

        Assert.Single(_eventIntegrationPublisher.ReceivedCalls());
        await _eventIntegrationPublisher.Received(1).PublishAsync(Arg.Is(
            AssertHelper.AssertPropertyEqual(expectedMessage, new[] { "MessageId" })));
+        await sutProvider.GetDependency<IGroupRepository>().DidNotReceiveWithAnyArgs().GetByIdAsync(Arg.Any<Guid>());
        await sutProvider.GetDependency<IOrganizationRepository>().DidNotReceiveWithAnyArgs().GetByIdAsync(Arg.Any<Guid>());
-        await sutProvider.GetDependency<IUserRepository>().DidNotReceiveWithAnyArgs().GetByIdAsync(Arg.Any<Guid>());
+        await sutProvider.GetDependency<IOrganizationUserRepository>().DidNotReceiveWithAnyArgs().GetDetailsByOrganizationIdUserIdAsync(Arg.Any<Guid>(), Arg.Any<Guid>());
    }

    [Theory, BitAutoData]
    public async Task HandleEventAsync_BaseTemplateTwoConfigurations_PublishesIntegrationMessages(EventMessage eventMessage)
    {
-        var sutProvider = GetSutProvider(TwoConfigurations(_templateBase));
        eventMessage.OrganizationId = _organizationId;
+        var sutProvider = GetSutProvider(TwoConfigurations(_templateBase));

        await sutProvider.Sut.HandleEventAsync(eventMessage);

-        var expectedMessage = EventIntegrationHandlerTests.expectedMessage(
+        var expectedMessage = EventIntegrationHandlerTests.ExpectedMessage(
            $"Date: {eventMessage.Date}, Type: {eventMessage.Type}, UserId: {eventMessage.UserId}"
        );
        await _eventIntegrationPublisher.Received(1).PublishAsync(Arg.Is(
@@ -167,77 +525,15 @@ public class EventIntegrationHandlerTests
        await _eventIntegrationPublisher.Received(1).PublishAsync(Arg.Is(
            AssertHelper.AssertPropertyEqual(expectedMessage, new[] { "MessageId" })));

+        await sutProvider.GetDependency<IGroupRepository>().DidNotReceiveWithAnyArgs().GetByIdAsync(Arg.Any<Guid>());
        await sutProvider.GetDependency<IOrganizationRepository>().DidNotReceiveWithAnyArgs().GetByIdAsync(Arg.Any<Guid>());
-        await sutProvider.GetDependency<IUserRepository>().DidNotReceiveWithAnyArgs().GetByIdAsync(Arg.Any<Guid>());
-    }
-
-    [Theory, BitAutoData]
-    public async Task HandleEventAsync_ActingUserTemplate_LoadsUserFromRepository(EventMessage eventMessage)
-    {
-        var sutProvider = GetSutProvider(OneConfiguration(_templateWithActingUser));
-        var user = Substitute.For<User>();
-        user.Email = "test@example.com";
-        user.Name = "Test";
-        eventMessage.OrganizationId = _organizationId;
-
-        sutProvider.GetDependency<IUserRepository>().GetByIdAsync(Arg.Any<Guid>()).Returns(user);
-        await sutProvider.Sut.HandleEventAsync(eventMessage);
-
-        var expectedMessage = EventIntegrationHandlerTests.expectedMessage($"{user.Name}, {user.Email}");
-
-        Assert.Single(_eventIntegrationPublisher.ReceivedCalls());
-        await _eventIntegrationPublisher.Received(1).PublishAsync(Arg.Is(
-            AssertHelper.AssertPropertyEqual(expectedMessage, new[] { "MessageId" })));
-        await sutProvider.GetDependency<IOrganizationRepository>().DidNotReceiveWithAnyArgs().GetByIdAsync(Arg.Any<Guid>());
-        await sutProvider.GetDependency<IUserRepository>().Received(1).GetByIdAsync(eventMessage.ActingUserId ?? Guid.Empty);
-    }
-
-    [Theory, BitAutoData]
-    public async Task HandleEventAsync_OrganizationTemplate_LoadsOrganizationFromRepository(EventMessage eventMessage)
-    {
-        var sutProvider = GetSutProvider(OneConfiguration(_templateWithOrganization));
-        var organization = Substitute.For<Organization>();
-        organization.Name = "Test";
-        eventMessage.OrganizationId = _organizationId;
-
-        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(Arg.Any<Guid>()).Returns(organization);
-        await sutProvider.Sut.HandleEventAsync(eventMessage);
-
-        Assert.Single(_eventIntegrationPublisher.ReceivedCalls());
-
-        var expectedMessage = EventIntegrationHandlerTests.expectedMessage($"Org: {organization.Name}");
-
-        Assert.Single(_eventIntegrationPublisher.ReceivedCalls());
-        await _eventIntegrationPublisher.Received(1).PublishAsync(Arg.Is(
-            AssertHelper.AssertPropertyEqual(expectedMessage, new[] { "MessageId" })));
-        await sutProvider.GetDependency<IOrganizationRepository>().Received(1).GetByIdAsync(eventMessage.OrganizationId ?? Guid.Empty);
-        await sutProvider.GetDependency<IUserRepository>().DidNotReceiveWithAnyArgs().GetByIdAsync(Arg.Any<Guid>());
-    }
-
-    [Theory, BitAutoData]
-    public async Task HandleEventAsync_UserTemplate_LoadsUserFromRepository(EventMessage eventMessage)
-    {
-        var sutProvider = GetSutProvider(OneConfiguration(_templateWithUser));
-        var user = Substitute.For<User>();
-        user.Email = "test@example.com";
-        user.Name = "Test";
-        eventMessage.OrganizationId = _organizationId;
-
-        sutProvider.GetDependency<IUserRepository>().GetByIdAsync(Arg.Any<Guid>()).Returns(user);
-        await sutProvider.Sut.HandleEventAsync(eventMessage);
-
-        var expectedMessage = EventIntegrationHandlerTests.expectedMessage($"{user.Name}, {user.Email}");
-
-        Assert.Single(_eventIntegrationPublisher.ReceivedCalls());
-        await _eventIntegrationPublisher.Received(1).PublishAsync(Arg.Is(
-            AssertHelper.AssertPropertyEqual(expectedMessage, new[] { "MessageId" })));
-        await sutProvider.GetDependency<IOrganizationRepository>().DidNotReceiveWithAnyArgs().GetByIdAsync(Arg.Any<Guid>());
-        await sutProvider.GetDependency<IUserRepository>().Received(1).GetByIdAsync(eventMessage.UserId ?? Guid.Empty);
+        await sutProvider.GetDependency<IOrganizationUserRepository>().DidNotReceiveWithAnyArgs().GetDetailsByOrganizationIdUserIdAsync(Arg.Any<Guid>(), Arg.Any<Guid>());
    }

    [Theory, BitAutoData]
    public async Task HandleEventAsync_FilterReturnsFalse_DoesNothing(EventMessage eventMessage)
    {
+        eventMessage.OrganizationId = _organizationId;
        var sutProvider = GetSutProvider(ValidFilterConfiguration());
        sutProvider.GetDependency<IIntegrationFilterService>().EvaluateFilterGroup(
            Arg.Any<IntegrationFilterGroup>(), Arg.Any<EventMessage>()).Returns(false);
@@ -249,14 +545,14 @@ public class EventIntegrationHandlerTests
    [Theory, BitAutoData]
    public async Task HandleEventAsync_FilterReturnsTrue_PublishesIntegrationMessage(EventMessage eventMessage)
    {
+        eventMessage.OrganizationId = _organizationId;
        var sutProvider = GetSutProvider(ValidFilterConfiguration());
        sutProvider.GetDependency<IIntegrationFilterService>().EvaluateFilterGroup(
            Arg.Any<IntegrationFilterGroup>(), Arg.Any<EventMessage>()).Returns(true);
-        eventMessage.OrganizationId = _organizationId;

        await sutProvider.Sut.HandleEventAsync(eventMessage);

-        var expectedMessage = EventIntegrationHandlerTests.expectedMessage(
+        var expectedMessage = EventIntegrationHandlerTests.ExpectedMessage(
            $"Date: {eventMessage.Date}, Type: {eventMessage.Type}, UserId: {eventMessage.UserId}"
        );

@@ -268,6 +564,7 @@ public class EventIntegrationHandlerTests
    [Theory, BitAutoData]
    public async Task HandleEventAsync_InvalidFilter_LogsErrorDoesNothing(EventMessage eventMessage)
    {
+        eventMessage.OrganizationId = _organizationId;
        var sutProvider = GetSutProvider(InvalidFilterConfiguration());

        await sutProvider.Sut.HandleEventAsync(eventMessage);
@@ -277,12 +574,13 @@ public class EventIntegrationHandlerTests
            Arg.Any<EventId>(),
            Arg.Any<object>(),
            Arg.Any<JsonException>(),
-            Arg.Any<Func<object, Exception, string>>());
+            Arg.Any<Func<object, Exception?, string>>());
    }

    [Theory, BitAutoData]
    public async Task HandleManyEventsAsync_BaseTemplateNoConfigurations_DoesNothing(List<EventMessage> eventMessages)
    {
+        eventMessages.ForEach(e => e.OrganizationId = _organizationId);
        var sutProvider = GetSutProvider(NoConfigurations());

        await sutProvider.Sut.HandleManyEventsAsync(eventMessages);
@@ -292,13 +590,14 @@ public class EventIntegrationHandlerTests
    [Theory, BitAutoData]
    public async Task HandleManyEventsAsync_BaseTemplateOneConfiguration_PublishesIntegrationMessages(List<EventMessage> eventMessages)
    {
+        eventMessages.ForEach(e => e.OrganizationId = _organizationId);
        var sutProvider = GetSutProvider(OneConfiguration(_templateBase));

        await sutProvider.Sut.HandleManyEventsAsync(eventMessages);

        foreach (var eventMessage in eventMessages)
        {
-            var expectedMessage = EventIntegrationHandlerTests.expectedMessage(
+            var expectedMessage = ExpectedMessage(
                $"Date: {eventMessage.Date}, Type: {eventMessage.Type}, UserId: {eventMessage.UserId}"
            );
            await _eventIntegrationPublisher.Received(1).PublishAsync(Arg.Is(
@@ -310,13 +609,14 @@ public class EventIntegrationHandlerTests
    public async Task HandleManyEventsAsync_BaseTemplateTwoConfigurations_PublishesIntegrationMessages(
        List<EventMessage> eventMessages)
    {
+        eventMessages.ForEach(e => e.OrganizationId = _organizationId);
        var sutProvider = GetSutProvider(TwoConfigurations(_templateBase));

        await sutProvider.Sut.HandleManyEventsAsync(eventMessages);

        foreach (var eventMessage in eventMessages)
        {
-            var expectedMessage = EventIntegrationHandlerTests.expectedMessage(
+            var expectedMessage = ExpectedMessage(
                $"Date: {eventMessage.Date}, Type: {eventMessage.Type}, UserId: {eventMessage.UserId}"
            );
            await _eventIntegrationPublisher.Received(1).PublishAsync(Arg.Is(AssertHelper.AssertPropertyEqual(
@@ -327,4 +627,84 @@ public class EventIntegrationHandlerTests
                expectedMessage, new[] { "MessageId", "OrganizationId" })));
        }
    }
+
+    [Theory, BitAutoData]
+    public async Task HandleEventAsync_CapturedFactories_CallConfigurationRepository(EventMessage eventMessage)
+    {
+        eventMessage.OrganizationId = _organizationId;
+        var sutProvider = GetSutProvider(NoConfigurations());
+        var cache = sutProvider.GetDependency<IFusionCache>();
+        var configurationRepository = sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>();
+
+        var configs = OneConfiguration(_templateBase);
+
+        configurationRepository.GetManyByEventTypeOrganizationIdIntegrationType(eventType: eventMessage.Type, organizationId: _organizationId, integrationType: IntegrationType.Webhook).Returns(configs);
+
+        // Capture the factory function - there will be 1 call that returns both specific and wildcard matches
+        Func<FusionCacheFactoryExecutionContext<List<OrganizationIntegrationConfigurationDetails>>, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>? capturedFactory = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Do<Func<FusionCacheFactoryExecutionContext<List<OrganizationIntegrationConfigurationDetails>>, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>>(f
+                => capturedFactory = f),
+            options: Arg.Any<FusionCacheEntryOptions>(),
+            tags: Arg.Any<IEnumerable<string>>()
+        ).Returns(new List<OrganizationIntegrationConfigurationDetails>());
+
+        await sutProvider.Sut.HandleEventAsync(eventMessage);
+
+        // Verify factory was captured
+        Assert.NotNull(capturedFactory);
+
+        // Execute the captured factory to trigger repository call
+        await capturedFactory(null!, CancellationToken.None);
+
+        await configurationRepository.Received(1).GetManyByEventTypeOrganizationIdIntegrationType(eventType: eventMessage.Type, organizationId: _organizationId, integrationType: IntegrationType.Webhook);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HandleEventAsync_ConfigurationCacheOptions_SetsDurationToConstant(EventMessage eventMessage)
+    {
+        eventMessage.OrganizationId = _organizationId;
+        var sutProvider = GetSutProvider(NoConfigurations());
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        FusionCacheEntryOptions? capturedOption = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<List<OrganizationIntegrationConfigurationDetails>>, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>>(),
+            options: Arg.Do<FusionCacheEntryOptions>(opt => capturedOption = opt),
+            tags: Arg.Any<IEnumerable<string>?>()
+        ).Returns(new List<OrganizationIntegrationConfigurationDetails>());
+
+        await sutProvider.Sut.HandleEventAsync(eventMessage);
+
+        Assert.NotNull(capturedOption);
+        Assert.Equal(EventIntegrationsCacheConstants.DurationForOrganizationIntegrationConfigurationDetails,
+                     capturedOption.Duration);
+    }
+
+    [Theory, BitAutoData]
+    public async Task HandleEventAsync_ConfigurationCache_AddsOrganizationIntegrationTag(EventMessage eventMessage)
+    {
+        eventMessage.OrganizationId = _organizationId;
+        var sutProvider = GetSutProvider(NoConfigurations());
+        var cache = sutProvider.GetDependency<IFusionCache>();
+
+        IEnumerable<string>? capturedTags = null;
+        cache.GetOrSetAsync(
+            key: Arg.Any<string>(),
+            factory: Arg.Any<Func<FusionCacheFactoryExecutionContext<List<OrganizationIntegrationConfigurationDetails>>, CancellationToken, Task<List<OrganizationIntegrationConfigurationDetails>>>>(),
+            options: Arg.Any<FusionCacheEntryOptions>(),
+            tags: Arg.Do<IEnumerable<string>>(t => capturedTags = t)
+        ).Returns(new List<OrganizationIntegrationConfigurationDetails>());
+
+        await sutProvider.Sut.HandleEventAsync(eventMessage);
+
+        var expectedTag = EventIntegrationsCacheConstants.BuildCacheTagForOrganizationIntegration(
+            _organizationId,
+            IntegrationType.Webhook
+        );
+        Assert.NotNull(capturedTags);
+        Assert.Contains(expectedTag, capturedTags);
+    }
 }
--- a/test/Core.Test/AdminConsole/Services/IntegrationConfigurationDetailsCacheServiceTests.cs
+++ b/test/Core.Test/AdminConsole/Services/IntegrationConfigurationDetailsCacheServiceTests.cs
@@ -1,173 +0,0 @@
-#nullable enable
-
-using System.Text.Json;
-using Bit.Core.Enums;
-using Bit.Core.Models.Data.Organizations;
-using Bit.Core.Repositories;
-using Bit.Core.Services;
-using Bit.Test.Common.AutoFixture;
-using Bit.Test.Common.AutoFixture.Attributes;
-using Microsoft.Extensions.Logging;
-using NSubstitute;
-using NSubstitute.ExceptionExtensions;
-using Xunit;
-
-namespace Bit.Core.Test.Services;
-
-[SutProviderCustomize]
-public class IntegrationConfigurationDetailsCacheServiceTests
-{
-    private SutProvider<IntegrationConfigurationDetailsCacheService> GetSutProvider(
-        List<OrganizationIntegrationConfigurationDetails> configurations)
-    {
-        var configurationRepository = Substitute.For<IOrganizationIntegrationConfigurationRepository>();
-        configurationRepository.GetAllConfigurationDetailsAsync().Returns(configurations);
-
-        return new SutProvider<IntegrationConfigurationDetailsCacheService>()
-            .SetDependency(configurationRepository)
-            .Create();
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetConfigurationDetails_SpecificKeyExists_ReturnsExpectedList(OrganizationIntegrationConfigurationDetails config)
-    {
-        config.EventType = EventType.Cipher_Created;
-        var sutProvider = GetSutProvider([config]);
-        await sutProvider.Sut.RefreshAsync();
-        var result = sutProvider.Sut.GetConfigurationDetails(
-            config.OrganizationId,
-            config.IntegrationType,
-            EventType.Cipher_Created);
-        Assert.Single(result);
-        Assert.Same(config, result[0]);
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetConfigurationDetails_AllEventsKeyExists_ReturnsExpectedList(OrganizationIntegrationConfigurationDetails config)
-    {
-        config.EventType = null;
-        var sutProvider = GetSutProvider([config]);
-        await sutProvider.Sut.RefreshAsync();
-        var result = sutProvider.Sut.GetConfigurationDetails(
-            config.OrganizationId,
-            config.IntegrationType,
-            EventType.Cipher_Created);
-        Assert.Single(result);
-        Assert.Same(config, result[0]);
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetConfigurationDetails_BothSpecificAndAllEventsKeyExists_ReturnsExpectedList(
-        OrganizationIntegrationConfigurationDetails specificConfig,
-        OrganizationIntegrationConfigurationDetails allKeysConfig
-        )
-    {
-        specificConfig.EventType = EventType.Cipher_Created;
-        allKeysConfig.EventType = null;
-        allKeysConfig.OrganizationId = specificConfig.OrganizationId;
-        allKeysConfig.IntegrationType = specificConfig.IntegrationType;
-
-        var sutProvider = GetSutProvider([specificConfig, allKeysConfig]);
-        await sutProvider.Sut.RefreshAsync();
-        var result = sutProvider.Sut.GetConfigurationDetails(
-            specificConfig.OrganizationId,
-            specificConfig.IntegrationType,
-            EventType.Cipher_Created);
-        Assert.Equal(2, result.Count);
-        Assert.Contains(result, r => r.Template == specificConfig.Template);
-        Assert.Contains(result, r => r.Template == allKeysConfig.Template);
-    }
-
-    [Theory, BitAutoData]
-    public async Task GetConfigurationDetails_KeyMissing_ReturnsEmptyList(OrganizationIntegrationConfigurationDetails config)
-    {
-        var sutProvider = GetSutProvider([config]);
-        await sutProvider.Sut.RefreshAsync();
-        var result = sutProvider.Sut.GetConfigurationDetails(
-            Guid.NewGuid(),
-            config.IntegrationType,
-            config.EventType ?? EventType.Cipher_Created);
-        Assert.Empty(result);
-    }
-
-
-
-    [Theory, BitAutoData]
-    public async Task GetConfigurationDetails_ReturnsCachedValue_EvenIfRepositoryChanges(OrganizationIntegrationConfigurationDetails config)
-    {
-        var sutProvider = GetSutProvider([config]);
-        await sutProvider.Sut.RefreshAsync();
-
-        var newConfig = JsonSerializer.Deserialize<OrganizationIntegrationConfigurationDetails>(JsonSerializer.Serialize(config));
-        Assert.NotNull(newConfig);
-        newConfig.Template = "Changed";
-        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().GetAllConfigurationDetailsAsync()
-            .Returns([newConfig]);
-
-        var result = sutProvider.Sut.GetConfigurationDetails(
-            config.OrganizationId,
-            config.IntegrationType,
-            config.EventType ?? EventType.Cipher_Created);
-        Assert.Single(result);
-        Assert.NotEqual("Changed", result[0].Template); // should not yet pick up change from repository
-
-        await sutProvider.Sut.RefreshAsync();  // Pick up changes
-
-        result = sutProvider.Sut.GetConfigurationDetails(
-            config.OrganizationId,
-            config.IntegrationType,
-            config.EventType ?? EventType.Cipher_Created);
-        Assert.Single(result);
-        Assert.Equal("Changed", result[0].Template); // Should have the new value
-    }
-
-    [Theory, BitAutoData]
-    public async Task RefreshAsync_GroupsByCompositeKey(OrganizationIntegrationConfigurationDetails config1)
-    {
-        var config2 = JsonSerializer.Deserialize<OrganizationIntegrationConfigurationDetails>(
-            JsonSerializer.Serialize(config1))!;
-        config2.Template = "Another";
-
-        var sutProvider = GetSutProvider([config1, config2]);
-        await sutProvider.Sut.RefreshAsync();
-
-        var results = sutProvider.Sut.GetConfigurationDetails(
-            config1.OrganizationId,
-            config1.IntegrationType,
-            config1.EventType ?? EventType.Cipher_Created);
-
-        Assert.Equal(2, results.Count);
-        Assert.Contains(results, r => r.Template == config1.Template);
-        Assert.Contains(results, r => r.Template == config2.Template);
-    }
-
-    [Theory, BitAutoData]
-    public async Task RefreshAsync_LogsInformationOnSuccess(OrganizationIntegrationConfigurationDetails config)
-    {
-        var sutProvider = GetSutProvider([config]);
-        await sutProvider.Sut.RefreshAsync();
-
-        sutProvider.GetDependency<ILogger<IntegrationConfigurationDetailsCacheService>>().Received().Log(
-            LogLevel.Information,
-            Arg.Any<EventId>(),
-            Arg.Is<object>(o => o.ToString()!.Contains("Refreshed successfully")),
-            null,
-            Arg.Any<Func<object, Exception?, string>>());
-    }
-
-    [Fact]
-    public async Task RefreshAsync_OnException_LogsError()
-    {
-        var sutProvider = GetSutProvider([]);
-        sutProvider.GetDependency<IOrganizationIntegrationConfigurationRepository>().GetAllConfigurationDetailsAsync()
-            .Throws(new Exception("Database failure"));
-        await sutProvider.Sut.RefreshAsync();
-
-        sutProvider.GetDependency<ILogger<IntegrationConfigurationDetailsCacheService>>().Received(1).Log(
-            LogLevel.Error,
-            Arg.Any<EventId>(),
-            Arg.Is<object>(o => o.ToString()!.Contains("Refresh failed")),
-            Arg.Any<Exception>(),
-            Arg.Any<Func<object, Exception?, string>>());
-    }
-}
--- a/test/Core.Test/AdminConsole/Services/OrganizationIntegrationConfigurationValidatorTests.cs
+++ b/test/Core.Test/AdminConsole/Services/OrganizationIntegrationConfigurationValidatorTests.cs
@@ -0,0 +1,244 @@
+using System.Text.Json;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Models.Data.EventIntegrations;
+using Bit.Core.AdminConsole.Services;
+using Bit.Core.Enums;
+using Xunit;
+
+namespace Bit.Core.Test.AdminConsole.Services;
+
+public class OrganizationIntegrationConfigurationValidatorTests
+{
+    private readonly OrganizationIntegrationConfigurationValidator _sut = new();
+
+    [Fact]
+    public void ValidateConfiguration_CloudBillingSyncIntegration_ReturnsFalse()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = "{}",
+            Template = "template"
+        };
+
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.CloudBillingSync, configuration));
+    }
+
+    [Theory]
+    [InlineData(null)]
+    [InlineData("")]
+    [InlineData("    ")]
+    public void ValidateConfiguration_EmptyTemplate_ReturnsFalse(string? template)
+    {
+        var config1 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new SlackIntegrationConfiguration(ChannelId: "C12345")),
+            Template = template
+        };
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Slack, config1));
+
+        var config2 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new WebhookIntegrationConfiguration(Uri: new Uri("https://example.com"))),
+            Template = template
+        };
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Webhook, config2));
+    }
+
+    [Theory]
+    [InlineData("")]
+    [InlineData("    ")]
+    public void ValidateConfiguration_EmptyNonNullConfiguration_ReturnsFalse(string? config)
+    {
+        var config1 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = config,
+            Template = "template"
+        };
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Hec, config1));
+
+        var config2 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = config,
+            Template = "template"
+        };
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Datadog, config2));
+
+        var config3 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = config,
+            Template = "template"
+        };
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Teams, config3));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_NullConfiguration_ReturnsTrue()
+    {
+        var config1 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = null,
+            Template = "template"
+        };
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Hec, config1));
+
+        var config2 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = null,
+            Template = "template"
+        };
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Datadog, config2));
+
+        var config3 = new OrganizationIntegrationConfiguration
+        {
+            Configuration = null,
+            Template = "template"
+        };
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Teams, config3));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_InvalidJsonConfiguration_ReturnsFalse()
+    {
+        var config = new OrganizationIntegrationConfiguration
+        {
+            Configuration = "{not valid json}",
+            Template = "template"
+        };
+
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Slack, config));
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Webhook, config));
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Hec, config));
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Datadog, config));
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Teams, config));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_InvalidJsonFilters_ReturnsFalse()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new WebhookIntegrationConfiguration(Uri: new Uri("https://example.com"))),
+            Template = "template",
+            Filters = "{Not valid json}"
+        };
+
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Webhook, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ScimIntegration_ReturnsFalse()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = "{}",
+            Template = "template"
+        };
+
+        Assert.False(_sut.ValidateConfiguration(IntegrationType.Scim, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ValidSlackConfiguration_ReturnsTrue()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new SlackIntegrationConfiguration(ChannelId: "C12345")),
+            Template = "template"
+        };
+
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Slack, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ValidSlackConfigurationWithFilters_ReturnsTrue()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new SlackIntegrationConfiguration("C12345")),
+            Template = "template",
+            Filters = JsonSerializer.Serialize(new IntegrationFilterGroup()
+            {
+                AndOperator = true,
+                Rules = [
+                    new IntegrationFilterRule()
+                    {
+                        Operation = IntegrationFilterOperation.Equals,
+                        Property = "CollectionId",
+                        Value = Guid.NewGuid()
+                    }
+                ],
+                Groups = []
+            })
+        };
+
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Slack, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ValidNoAuthWebhookConfiguration_ReturnsTrue()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new WebhookIntegrationConfiguration(Uri: new Uri("https://localhost"))),
+            Template = "template"
+        };
+
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Webhook, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ValidWebhookConfiguration_ReturnsTrue()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new WebhookIntegrationConfiguration(
+                Uri: new Uri("https://localhost"),
+                Scheme: "Bearer",
+                Token: "AUTH-TOKEN")),
+            Template = "template"
+        };
+
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Webhook, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_ValidWebhookConfigurationWithFilters_ReturnsTrue()
+    {
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = JsonSerializer.Serialize(new WebhookIntegrationConfiguration(
+                Uri: new Uri("https://example.com"),
+                Scheme: "Bearer",
+                Token: "AUTH-TOKEN")),
+            Template = "template",
+            Filters = JsonSerializer.Serialize(new IntegrationFilterGroup()
+            {
+                AndOperator = true,
+                Rules = [
+                    new IntegrationFilterRule()
+                    {
+                        Operation = IntegrationFilterOperation.Equals,
+                        Property = "CollectionId",
+                        Value = Guid.NewGuid()
+                    }
+                ],
+                Groups = []
+            })
+        };
+
+        Assert.True(_sut.ValidateConfiguration(IntegrationType.Webhook, configuration));
+    }
+
+    [Fact]
+    public void ValidateConfiguration_UnknownIntegrationType_ReturnsFalse()
+    {
+        var unknownType = (IntegrationType)999;
+        var configuration = new OrganizationIntegrationConfiguration
+        {
+            Configuration = "{}",
+            Template = "template"
+        };
+
+        Assert.False(_sut.ValidateConfiguration(unknownType, configuration));
+    }
+}
--- a/test/Core.Test/AdminConsole/Services/OrganizationServiceTests.cs
+++ b/test/Core.Test/AdminConsole/Services/OrganizationServiceTests.cs
@@ -21,8 +21,8 @@ using Bit.Core.Services;
 using Bit.Core.Settings;
 using Bit.Core.Test.AutoFixture.OrganizationFixtures;
 using Bit.Core.Test.AutoFixture.OrganizationUserFixtures;
+using Bit.Core.Test.Billing.Mocks;
 using Bit.Core.Tokens;
-using Bit.Core.Utilities;
 using Bit.Test.Common.AutoFixture;
 using Bit.Test.Common.AutoFixture.Attributes;
 using Bit.Test.Common.Fakes;
@@ -618,7 +618,7 @@ public class OrganizationServiceTests
        SetupOrgUserRepositoryCreateManyAsyncMock(organizationUserRepository);
        SetupOrgUserRepositoryCreateAsyncMock(organizationUserRepository);

-        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(organization.PlanType).Returns(StaticStore.GetPlan(organization.PlanType));
+        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(organization.PlanType).Returns(MockPlans.Get(organization.PlanType));

        await sutProvider.Sut.InviteUsersAsync(organization.Id, savingUser.Id, systemUser: null, invites);

@@ -666,7 +666,7 @@ public class OrganizationServiceTests
            .SendInvitesAsync(Arg.Any<SendInvitesRequest>()).ThrowsAsync<Exception>();

        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(organization.PlanType)
-            .Returns(StaticStore.GetPlan(organization.PlanType));
+            .Returns(MockPlans.Get(organization.PlanType));

        await Assert.ThrowsAsync<AggregateException>(async () =>
            await sutProvider.Sut.InviteUsersAsync(organization.Id, savingUser.Id, systemUser: null, invites));
@@ -732,7 +732,7 @@ public class OrganizationServiceTests
        sutProvider.GetDependency<IOrganizationRepository>().GetByIdAsync(organization.Id).Returns(organization);

        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(organization.PlanType)
-            .Returns(StaticStore.GetPlan(organization.PlanType));
+            .Returns(MockPlans.Get(organization.PlanType));

        var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.UpdateSubscription(organization.Id,
            seatAdjustment, maxAutoscaleSeats));
@@ -757,7 +757,7 @@ public class OrganizationServiceTests
        organization.SmSeats = 100;

        sutProvider.GetDependency<IPricingClient>().GetPlanOrThrow(organization.PlanType)
-            .Returns(StaticStore.GetPlan(organization.PlanType));
+            .Returns(MockPlans.Get(organization.PlanType));
        sutProvider.GetDependency<IOrganizationRepository>()
            .GetOccupiedSeatCountByOrganizationIdAsync(organization.Id).Returns(new OrganizationSeatCounts
            {
@@ -837,7 +837,7 @@ public class OrganizationServiceTests
    [BitAutoData(PlanType.EnterpriseMonthly)]
    public void ValidateSecretsManagerPlan_ThrowsException_WhenNoSecretsManagerSeats(PlanType planType, SutProvider<OrganizationService> sutProvider)
    {
-        var plan = StaticStore.GetPlan(planType);
+        var plan = MockPlans.Get(planType);
        var signup = new OrganizationUpgrade
        {
            UseSecretsManager = true,
@@ -854,7 +854,7 @@ public class OrganizationServiceTests
    [BitAutoData(PlanType.Free)]
    public void ValidateSecretsManagerPlan_ThrowsException_WhenSubtractingSeats(PlanType planType, SutProvider<OrganizationService> sutProvider)
    {
-        var plan = StaticStore.GetPlan(planType);
+        var plan = MockPlans.Get(planType);
        var signup = new OrganizationUpgrade
        {
            UseSecretsManager = true,
@@ -871,7 +871,7 @@ public class OrganizationServiceTests
        PlanType planType,
        SutProvider<OrganizationService> sutProvider)
    {
-        var plan = StaticStore.GetPlan(planType);
+        var plan = MockPlans.Get(planType);
        var signup = new OrganizationUpgrade
        {
            UseSecretsManager = true,
@@ -890,7 +890,7 @@ public class OrganizationServiceTests
    [BitAutoData(PlanType.EnterpriseMonthly)]
    public void ValidateSecretsManagerPlan_ThrowsException_WhenMoreSeatsThanPasswordManagerSeats(PlanType planType, SutProvider<OrganizationService> sutProvider)
    {
-        var plan = StaticStore.GetPlan(planType);
+        var plan = MockPlans.Get(planType);
        var signup = new OrganizationUpgrade
        {
            UseSecretsManager = true,
@@ -912,7 +912,7 @@ public class OrganizationServiceTests
        PlanType planType,
        SutProvider<OrganizationService> sutProvider)
    {
-        var plan = StaticStore.GetPlan(planType);
+        var plan = MockPlans.Get(planType);
        var signup = new OrganizationUpgrade
        {
            UseSecretsManager = true,
@@ -930,7 +930,7 @@ public class OrganizationServiceTests
        PlanType planType,
        SutProvider<OrganizationService> sutProvider)
    {
-        var plan = StaticStore.GetPlan(planType);
+        var plan = MockPlans.Get(planType);
        var signup = new OrganizationUpgrade
        {
            UseSecretsManager = true,
@@ -952,7 +952,7 @@ public class OrganizationServiceTests
        PlanType planType,
        SutProvider<OrganizationService> sutProvider)
    {
-        var plan = StaticStore.GetPlan(planType);
+        var plan = MockPlans.Get(planType);
        var signup = new OrganizationUpgrade
        {
            UseSecretsManager = true,
--- a/test/Core.Test/AdminConsole/Utilities/IntegrationTemplateProcessorTests.cs
+++ b/test/Core.Test/AdminConsole/Utilities/IntegrationTemplateProcessorTests.cs
@@ -83,6 +83,7 @@ public class IntegrationTemplateProcessorTests
    [Theory]
    [InlineData("User name is #UserName#")]
    [InlineData("Email: #UserEmail#")]
+    [InlineData("User type = #UserType#")]
    public void TemplateRequiresUser_ContainingKeys_ReturnsTrue(string template)
    {
        var result = IntegrationTemplateProcessor.TemplateRequiresUser(template);
@@ -102,6 +103,7 @@ public class IntegrationTemplateProcessorTests
    [Theory]
    [InlineData("Acting user is #ActingUserName#")]
    [InlineData("Acting user's email is #ActingUserEmail#")]
+    [InlineData("Acting user's type is #ActingUserType#")]
    public void TemplateRequiresActingUser_ContainingKeys_ReturnsTrue(string template)
    {
        var result = IntegrationTemplateProcessor.TemplateRequiresActingUser(template);
@@ -118,6 +120,25 @@ public class IntegrationTemplateProcessorTests
        Assert.False(result);
    }

+    [Theory]
+    [InlineData("Group name is #GroupName#!")]
+    [InlineData("Group: #GroupName#")]
+    public void TemplateRequiresGroup_ContainingKeys_ReturnsTrue(string template)
+    {
+        var result = IntegrationTemplateProcessor.TemplateRequiresGroup(template);
+        Assert.True(result);
+    }
+
+    [Theory]
+    [InlineData("#GroupId#")]  // This is on the base class, not fetched, so should be false
+    [InlineData("No Group Tokens")]
+    [InlineData("")]
+    public void TemplateRequiresGroup_EmptyInputOrNoMatchingKeys_ReturnsFalse(string template)
+    {
+        var result = IntegrationTemplateProcessor.TemplateRequiresGroup(template);
+        Assert.False(result);
+    }
+
    [Theory]
    [InlineData("Organization: #OrganizationName#")]
    [InlineData("Welcome to #OrganizationName#")]