[PM-25923] Simplify and align response models for Organization members and Provider users (#6385)

* Update ProviderUserOrganizationDetailsView to include SSO configuration data

* Updated the ProviderUserOrganizationDetailsViewQuery to join with SsoConfigs and select SSO-related fields.
* Modified the SQL view to reflect the inclusion of SSO configuration data.
* Added a new migration script for the updated view structure.

* Add SSO configuration properties to ProviderUserOrganizationDetails model

* Add SSO configuration handling to ProfileProviderOrganizationResponseModel

* Introduced properties for SSO configuration, including SSO enabled status and KeyConnector details.
* Implemented deserialization of SSO configuration data to populate new fields in the response model.

* Add integration tests for ProviderUserRepository.GetManyOrganizationDetailsByUserAsync

* Add BaseUserOrganizationDetails model to encapsulate common properties

* Introduced a new abstract class to define shared properties for organization users and provider organization users

* Add BaseProfileOrganizationResponseModel to encapsulate organization response properties

* Introduced a new abstract class that ensures all properties are fully populated for profile organization responses.

* Update ProviderUserOrganizationDetailsViewQuery to include missing ProviderUserId

* Refactor OrganizationUserOrganizationDetails and ProviderUserOrganizationDetails to inherit from BaseUserOrganizationDetails

* Updated both models to extend BaseUserOrganizationDetails, promoting code reuse and ensure they have the same base properties

* Refactor ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel to inherit from BaseProfileOrganizationResponseModel

* Refactor ProviderUserRepositoryTests to improve organization detail assertions

* Consolidated assertions for organization details into a new method, AssertProviderOrganizationDetails, enhancing code readability and maintainability.
* Updated test cases to verify all relevant properties for organizations with and without SSO configurations.

* Add integration test for GetManyDetailsByUserAsync to verify SSO properties

* Implemented a new test case to ensure that the SSO properties are correctly populated for organizations with and without SSO configurations.
* The test verifies the expected behavior of the method when interacting with the user and organization repositories, including cleanup of created entities after the test execution.

* Add unit tests for ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel

* Introduced tests to validate the constructors of ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel, ensuring that all properties are populated correctly based on the provided organization details.
* Verified expected behavior for both organization and provider models, including SSO configurations and relevant properties.

* Update SyncControllerTests.Get_ProviderPlanTypeProperlyPopulated to nullify SSO configurations in provider user organization details

* Refactor BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel for null safety

Updated properties in BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel to support null safety by introducing nullable types where appropriate.

* Enhance null safety in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails

Updated properties in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails to support null safety by introducing nullable types where appropriate, ensuring better handling of potential null values.

* Move common properties from ProfileOrganizationResponseModel to BaseProfileOrganizationResponseModel

* Refactor organization details: Remove BaseUserOrganizationDetails and introduce IProfileMemberOrganizationDetails interface for improved structure and clarity in organization user data management.

* Enhance OrganizationUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface

* Refactor ProviderUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface

* Refactor ProfileOrganizationResponseModelTests and ProfileProviderOrganizationResponseModelTests: Update constructors to utilize Organization and ProviderUserOrganizationDetails, enhancing property population and test coverage.

* Enhance ProviderUserOrganizationDetails: Add UseResetPassword, UseSecretsManager, and UsePasswordManager properties to the query and SQL views

* Update BaseProfileOrganizationResponseModel documentation: Clarify purpose and usage of organization properties for OrganizationUsers and ProviderUsers.

* Rename ProfileOrganizationResponseModel to ProfileMemberOrganizationResponseModel, update references and update related test names

* Add XML documentation for ProfileMemberOrganizationResponseModel and ProfileProviderOrganizationResponseModel to clarify their purpose and relationships

* Remove unnecessary cleanup code from OrganizationUserRepositoryTests

* Remove unnecessary cleanup code from ProviderUserRepositoryTests

* Rename test method in ProviderUserRepositoryTests to improve clarity on property population

* Add CreateFullOrganization method to ProviderUserRepositoryTests for improved organization setup in tests

* Refactor organization creation in tests to use CreateTestOrganizationAsync for consistency and improved setup

* Rename IProfileMemberOrganizationDetails to IProfileOrganizationDetails

* Rename ProfileMemberOrganizationResponseModel back to ProfileOrganizationResponseModel

* Refactor organization response models to remove Family Sponsorship properties from BaseProfileOrganizationResponseModel and reintroduce them in ProfileOrganizationResponseModel. Update related interfaces and tests accordingly.

* Bump date on migration script

* Update OrganizationUserOrganizationDetailsViewQuery to include UseAutomaticUserConfirmation property

test/Api.Test/AdminConsole/Models/Response/ProfileOrganizationResponseModelTests.cs

@@ -0,0 +1,150 @@
+using Bit.Api.AdminConsole.Models.Response;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums.Provider;
+using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Models.Data;
+using Bit.Core.Billing.Enums;
+using Bit.Core.Billing.Extensions;
+using Bit.Core.Enums;
+using Bit.Core.Models.Data.Organizations.OrganizationUsers;
+using Bit.Core.Utilities;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Xunit;
+
+namespace Bit.Api.Test.AdminConsole.Models.Response;
+
+public class ProfileOrganizationResponseModelTests
+{
+    [Theory, BitAutoData]
+    public void Constructor_ShouldPopulatePropertiesCorrectly(Organization organization)
+    {
+        var userId = Guid.NewGuid();
+        var organizationUserId = Guid.NewGuid();
+        var providerId = Guid.NewGuid();
+        var organizationIdsClaimingUser = new[] { organization.Id };
+
+        var organizationDetails = new OrganizationUserOrganizationDetails
+        {
+            OrganizationId = organization.Id,
+            UserId = userId,
+            OrganizationUserId = organizationUserId,
+            Name = organization.Name,
+            Enabled = organization.Enabled,
+            Identifier = organization.Identifier,
+            PlanType = organization.PlanType,
+            UsePolicies = organization.UsePolicies,
+            UseSso = organization.UseSso,
+            UseKeyConnector = organization.UseKeyConnector,
+            UseScim = organization.UseScim,
+            UseGroups = organization.UseGroups,
+            UseDirectory = organization.UseDirectory,
+            UseEvents = organization.UseEvents,
+            UseTotp = organization.UseTotp,
+            Use2fa = organization.Use2fa,
+            UseApi = organization.UseApi,
+            UseResetPassword = organization.UseResetPassword,
+            UseSecretsManager = organization.UseSecretsManager,
+            UsePasswordManager = organization.UsePasswordManager,
+            UsersGetPremium = organization.UsersGetPremium,
+            UseCustomPermissions = organization.UseCustomPermissions,
+            UseRiskInsights = organization.UseRiskInsights,
+            UseOrganizationDomains = organization.UseOrganizationDomains,
+            UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies,
+            UseAutomaticUserConfirmation = organization.UseAutomaticUserConfirmation,
+            SelfHost = organization.SelfHost,
+            Seats = organization.Seats,
+            MaxCollections = organization.MaxCollections,
+            MaxStorageGb = organization.MaxStorageGb,
+            Key = "organization-key",
+            PublicKey = "public-key",
+            PrivateKey = "private-key",
+            LimitCollectionCreation = organization.LimitCollectionCreation,
+            LimitCollectionDeletion = organization.LimitCollectionDeletion,
+            LimitItemDeletion = organization.LimitItemDeletion,
+            AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems,
+            ProviderId = providerId,
+            ProviderName = "Test Provider",
+            ProviderType = ProviderType.Msp,
+            SsoEnabled = true,
+            SsoConfig = new SsoConfigurationData
+            {
+                MemberDecryptionType = MemberDecryptionType.KeyConnector,
+                KeyConnectorUrl = "https://keyconnector.example.com"
+            }.Serialize(),
+            SsoExternalId = "external-sso-id",
+            Permissions = CoreHelpers.ClassToJsonData(new Core.Models.Data.Permissions { ManageUsers = true }),
+            ResetPasswordKey = "reset-password-key",
+            FamilySponsorshipFriendlyName = "Family Sponsorship",
+            FamilySponsorshipLastSyncDate = DateTime.UtcNow.AddDays(-1),
+            FamilySponsorshipToDelete = false,
+            FamilySponsorshipValidUntil = DateTime.UtcNow.AddYears(1),
+            IsAdminInitiated = true,
+            Status = OrganizationUserStatusType.Confirmed,
+            Type = OrganizationUserType.Owner,
+            AccessSecretsManager = true,
+            SmSeats = 5,
+            SmServiceAccounts = 10
+        };
+
+        var result = new ProfileOrganizationResponseModel(organizationDetails, organizationIdsClaimingUser);
+
+        Assert.Equal("profileOrganization", result.Object);
+        Assert.Equal(organization.Id, result.Id);
+        Assert.Equal(userId, result.UserId);
+        Assert.Equal(organization.Name, result.Name);
+        Assert.Equal(organization.Enabled, result.Enabled);
+        Assert.Equal(organization.Identifier, result.Identifier);
+        Assert.Equal(organization.PlanType.GetProductTier(), result.ProductTierType);
+        Assert.Equal(organization.UsePolicies, result.UsePolicies);
+        Assert.Equal(organization.UseSso, result.UseSso);
+        Assert.Equal(organization.UseKeyConnector, result.UseKeyConnector);
+        Assert.Equal(organization.UseScim, result.UseScim);
+        Assert.Equal(organization.UseGroups, result.UseGroups);
+        Assert.Equal(organization.UseDirectory, result.UseDirectory);
+        Assert.Equal(organization.UseEvents, result.UseEvents);
+        Assert.Equal(organization.UseTotp, result.UseTotp);
+        Assert.Equal(organization.Use2fa, result.Use2fa);
+        Assert.Equal(organization.UseApi, result.UseApi);
+        Assert.Equal(organization.UseResetPassword, result.UseResetPassword);
+        Assert.Equal(organization.UseSecretsManager, result.UseSecretsManager);
+        Assert.Equal(organization.UsePasswordManager, result.UsePasswordManager);
+        Assert.Equal(organization.UsersGetPremium, result.UsersGetPremium);
+        Assert.Equal(organization.UseCustomPermissions, result.UseCustomPermissions);
+        Assert.Equal(organization.PlanType.GetProductTier() == ProductTierType.Enterprise, result.UseActivateAutofillPolicy);
+        Assert.Equal(organization.UseRiskInsights, result.UseRiskInsights);
+        Assert.Equal(organization.UseOrganizationDomains, result.UseOrganizationDomains);
+        Assert.Equal(organization.UseAdminSponsoredFamilies, result.UseAdminSponsoredFamilies);
+        Assert.Equal(organization.UseAutomaticUserConfirmation, result.UseAutomaticUserConfirmation);
+        Assert.Equal(organization.SelfHost, result.SelfHost);
+        Assert.Equal(organization.Seats, result.Seats);
+        Assert.Equal(organization.MaxCollections, result.MaxCollections);
+        Assert.Equal(organization.MaxStorageGb, result.MaxStorageGb);
+        Assert.Equal(organizationDetails.Key, result.Key);
+        Assert.True(result.HasPublicAndPrivateKeys);
+        Assert.Equal(organization.LimitCollectionCreation, result.LimitCollectionCreation);
+        Assert.Equal(organization.LimitCollectionDeletion, result.LimitCollectionDeletion);
+        Assert.Equal(organization.LimitItemDeletion, result.LimitItemDeletion);
+        Assert.Equal(organization.AllowAdminAccessToAllCollectionItems, result.AllowAdminAccessToAllCollectionItems);
+        Assert.Equal(organizationDetails.ProviderId, result.ProviderId);
+        Assert.Equal(organizationDetails.ProviderName, result.ProviderName);
+        Assert.Equal(organizationDetails.ProviderType, result.ProviderType);
+        Assert.Equal(organizationDetails.SsoEnabled, result.SsoEnabled);
+        Assert.True(result.KeyConnectorEnabled);
+        Assert.Equal("https://keyconnector.example.com", result.KeyConnectorUrl);
+        Assert.Equal(MemberDecryptionType.KeyConnector, result.SsoMemberDecryptionType);
+        Assert.True(result.SsoBound);
+        Assert.Equal(organizationDetails.Status, result.Status);
+        Assert.Equal(organizationDetails.Type, result.Type);
+        Assert.Equal(organizationDetails.OrganizationUserId, result.OrganizationUserId);
+        Assert.True(result.UserIsClaimedByOrganization);
+        Assert.NotNull(result.Permissions);
+        Assert.True(result.ResetPasswordEnrolled);
+        Assert.Equal(organizationDetails.AccessSecretsManager, result.AccessSecretsManager);
+        Assert.Equal(organizationDetails.FamilySponsorshipFriendlyName, result.FamilySponsorshipFriendlyName);
+        Assert.Equal(organizationDetails.FamilySponsorshipLastSyncDate, result.FamilySponsorshipLastSyncDate);
+        Assert.Equal(organizationDetails.FamilySponsorshipToDelete, result.FamilySponsorshipToDelete);
+        Assert.Equal(organizationDetails.FamilySponsorshipValidUntil, result.FamilySponsorshipValidUntil);
+        Assert.True(result.IsAdminInitiated);
+        Assert.False(result.FamilySponsorshipAvailable);
+    }
+}

test/Api.Test/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModelTests.cs

@@ -0,0 +1,129 @@
+using Bit.Api.AdminConsole.Models.Response;
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Enums.Provider;
+using Bit.Core.AdminConsole.Models.Data.Provider;
+using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Models.Data;
+using Bit.Core.Billing.Enums;
+using Bit.Core.Billing.Extensions;
+using Bit.Core.Enums;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Xunit;
+
+namespace Bit.Api.Test.AdminConsole.Models.Response;
+
+public class ProfileProviderOrganizationResponseModelTests
+{
+    [Theory, BitAutoData]
+    public void Constructor_ShouldPopulatePropertiesCorrectly(Organization organization)
+    {
+        var userId = Guid.NewGuid();
+        var providerId = Guid.NewGuid();
+        var providerUserId = Guid.NewGuid();
+
+        var organizationDetails = new ProviderUserOrganizationDetails
+        {
+            OrganizationId = organization.Id,
+            UserId = userId,
+            Name = organization.Name,
+            Enabled = organization.Enabled,
+            Identifier = organization.Identifier,
+            PlanType = organization.PlanType,
+            UsePolicies = organization.UsePolicies,
+            UseSso = organization.UseSso,
+            UseKeyConnector = organization.UseKeyConnector,
+            UseScim = organization.UseScim,
+            UseGroups = organization.UseGroups,
+            UseDirectory = organization.UseDirectory,
+            UseEvents = organization.UseEvents,
+            UseTotp = organization.UseTotp,
+            Use2fa = organization.Use2fa,
+            UseApi = organization.UseApi,
+            UseResetPassword = organization.UseResetPassword,
+            UseSecretsManager = organization.UseSecretsManager,
+            UsePasswordManager = organization.UsePasswordManager,
+            UsersGetPremium = organization.UsersGetPremium,
+            UseCustomPermissions = organization.UseCustomPermissions,
+            UseRiskInsights = organization.UseRiskInsights,
+            UseOrganizationDomains = organization.UseOrganizationDomains,
+            UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies,
+            UseAutomaticUserConfirmation = organization.UseAutomaticUserConfirmation,
+            SelfHost = organization.SelfHost,
+            Seats = organization.Seats,
+            MaxCollections = organization.MaxCollections,
+            MaxStorageGb = organization.MaxStorageGb,
+            Key = "provider-org-key",
+            PublicKey = "public-key",
+            PrivateKey = "private-key",
+            LimitCollectionCreation = organization.LimitCollectionCreation,
+            LimitCollectionDeletion = organization.LimitCollectionDeletion,
+            LimitItemDeletion = organization.LimitItemDeletion,
+            AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems,
+            ProviderId = providerId,
+            ProviderName = "Test MSP Provider",
+            ProviderType = ProviderType.Msp,
+            SsoEnabled = true,
+            SsoConfig = new SsoConfigurationData
+            {
+                MemberDecryptionType = MemberDecryptionType.TrustedDeviceEncryption
+            }.Serialize(),
+            Status = ProviderUserStatusType.Confirmed,
+            Type = ProviderUserType.ProviderAdmin,
+            ProviderUserId = providerUserId
+        };
+
+        var result = new ProfileProviderOrganizationResponseModel(organizationDetails);
+
+        Assert.Equal("profileProviderOrganization", result.Object);
+        Assert.Equal(organization.Id, result.Id);
+        Assert.Equal(userId, result.UserId);
+        Assert.Equal(organization.Name, result.Name);
+        Assert.Equal(organization.Enabled, result.Enabled);
+        Assert.Equal(organization.Identifier, result.Identifier);
+        Assert.Equal(organization.PlanType.GetProductTier(), result.ProductTierType);
+        Assert.Equal(organization.UsePolicies, result.UsePolicies);
+        Assert.Equal(organization.UseSso, result.UseSso);
+        Assert.Equal(organization.UseKeyConnector, result.UseKeyConnector);
+        Assert.Equal(organization.UseScim, result.UseScim);
+        Assert.Equal(organization.UseGroups, result.UseGroups);
+        Assert.Equal(organization.UseDirectory, result.UseDirectory);
+        Assert.Equal(organization.UseEvents, result.UseEvents);
+        Assert.Equal(organization.UseTotp, result.UseTotp);
+        Assert.Equal(organization.Use2fa, result.Use2fa);
+        Assert.Equal(organization.UseApi, result.UseApi);
+        Assert.Equal(organization.UseResetPassword, result.UseResetPassword);
+        Assert.Equal(organization.UseSecretsManager, result.UseSecretsManager);
+        Assert.Equal(organization.UsePasswordManager, result.UsePasswordManager);
+        Assert.Equal(organization.UsersGetPremium, result.UsersGetPremium);
+        Assert.Equal(organization.UseCustomPermissions, result.UseCustomPermissions);
+        Assert.Equal(organization.PlanType.GetProductTier() == ProductTierType.Enterprise, result.UseActivateAutofillPolicy);
+        Assert.Equal(organization.UseRiskInsights, result.UseRiskInsights);
+        Assert.Equal(organization.UseOrganizationDomains, result.UseOrganizationDomains);
+        Assert.Equal(organization.UseAdminSponsoredFamilies, result.UseAdminSponsoredFamilies);
+        Assert.Equal(organization.UseAutomaticUserConfirmation, result.UseAutomaticUserConfirmation);
+        Assert.Equal(organization.SelfHost, result.SelfHost);
+        Assert.Equal(organization.Seats, result.Seats);
+        Assert.Equal(organization.MaxCollections, result.MaxCollections);
+        Assert.Equal(organization.MaxStorageGb, result.MaxStorageGb);
+        Assert.Equal(organizationDetails.Key, result.Key);
+        Assert.True(result.HasPublicAndPrivateKeys);
+        Assert.Equal(organization.LimitCollectionCreation, result.LimitCollectionCreation);
+        Assert.Equal(organization.LimitCollectionDeletion, result.LimitCollectionDeletion);
+        Assert.Equal(organization.LimitItemDeletion, result.LimitItemDeletion);
+        Assert.Equal(organization.AllowAdminAccessToAllCollectionItems, result.AllowAdminAccessToAllCollectionItems);
+        Assert.Equal(organizationDetails.ProviderId, result.ProviderId);
+        Assert.Equal(organizationDetails.ProviderName, result.ProviderName);
+        Assert.Equal(organizationDetails.ProviderType, result.ProviderType);
+        Assert.Equal(OrganizationUserStatusType.Confirmed, result.Status);
+        Assert.Equal(OrganizationUserType.Owner, result.Type);
+        Assert.Equal(organizationDetails.SsoEnabled, result.SsoEnabled);
+        Assert.False(result.KeyConnectorEnabled);
+        Assert.Null(result.KeyConnectorUrl);
+        Assert.Equal(MemberDecryptionType.TrustedDeviceEncryption, result.SsoMemberDecryptionType);
+        Assert.False(result.SsoBound);
+        Assert.NotNull(result.Permissions);
+        Assert.False(result.Permissions.ManageUsers);
+        Assert.False(result.ResetPasswordEnrolled);
+        Assert.False(result.AccessSecretsManager);
+    }
+}

test/Api.Test/Vault/Controllers/SyncControllerTests.cs

@@ -285,6 +285,10 @@ public class SyncControllerTests
         providerUserRepository
             .GetManyDetailsByUserAsync(user.Id, ProviderUserStatusType.Confirmed).Returns(providerUserDetails);
 
+        foreach (var p in providerUserOrganizationDetails)
+        {
+            p.SsoConfig = null;
+        }
         providerUserRepository
             .GetManyOrganizationDetailsByUserAsync(user.Id, ProviderUserStatusType.Confirmed)
             .Returns(providerUserOrganizationDetails);

test/Infrastructure.IntegrationTest/AdminConsole/OrganizationTestHelpers.cs

@@ -33,14 +33,69 @@ public static class OrganizationTestHelpers
     public static Task<Organization> CreateTestOrganizationAsync(this IOrganizationRepository organizationRepository,
         int? seatCount = null,
         string identifier = "test")
-        => organizationRepository.CreateAsync(new Organization
+    {
+        var id = Guid.NewGuid();
+        return organizationRepository.CreateAsync(new Organization
         {
-            Name = $"{identifier}-{Guid.NewGuid()}",
-            BillingEmail = "billing@example.com", // TODO: EF does not enforce this being NOT NULL
-            Plan = "Enterprise (Annually)", // TODO: EF does not enforce this being NOT NULl
+            Name = $"{identifier}-{id}",
+            BillingEmail = $"billing-{id}@example.com",
+            Plan = "Enterprise (Annually)",
             PlanType = PlanType.EnterpriseAnnually,
-            Seats = seatCount
+            Identifier = $"{identifier}-{id}",
+            BusinessName = $"Test Business {id}",
+            BusinessAddress1 = "123 Test Street",
+            BusinessAddress2 = "Suite 100",
+            BusinessAddress3 = "Building A",
+            BusinessCountry = "US",
+            BusinessTaxNumber = "123456789",
+            Seats = seatCount,
+            MaxCollections = 50,
+            UsePolicies = true,
+            UseSso = true,
+            UseKeyConnector = true,
+            UseScim = true,
+            UseGroups = true,
+            UseDirectory = true,
+            UseEvents = true,
+            UseTotp = true,
+            Use2fa = true,
+            UseApi = true,
+            UseResetPassword = true,
+            UseSecretsManager = true,
+            UsePasswordManager = true,
+            SelfHost = false,
+            UsersGetPremium = true,
+            UseCustomPermissions = true,
+            Storage = 1073741824, // 1 GB in bytes
+            MaxStorageGb = 10,
+            Gateway = GatewayType.Stripe,
+            GatewayCustomerId = $"cus_{id}",
+            GatewaySubscriptionId = $"sub_{id}",
+            ReferenceData = "{\"test\":\"data\"}",
+            Enabled = true,
+            LicenseKey = $"license-{id}",
+            PublicKey = "test-public-key",
+            PrivateKey = "test-private-key",
+            TwoFactorProviders = null,
+            ExpirationDate = DateTime.UtcNow.AddYears(1),
+            MaxAutoscaleSeats = 200,
+            OwnersNotifiedOfAutoscaling = null,
+            Status = OrganizationStatusType.Managed,
+            SmSeats = 50,
+            SmServiceAccounts = 25,
+            MaxAutoscaleSmSeats = 100,
+            MaxAutoscaleSmServiceAccounts = 50,
+            LimitCollectionCreation = true,
+            LimitCollectionDeletion = true,
+            LimitItemDeletion = true,
+            AllowAdminAccessToAllCollectionItems = true,
+            UseRiskInsights = true,
+            UseOrganizationDomains = true,
+            UseAdminSponsoredFamilies = true,
+            SyncSeats = false,
+            UseAutomaticUserConfirmation = true
         });
+    }
 
     /// <summary>
     /// Creates a confirmed Owner for the specified organization and user.

test/Infrastructure.IntegrationTest/AdminConsole/Repositories/OrganizationUserRepository/OrganizationUserRepositoryTests.cs

@@ -461,13 +461,7 @@ public class OrganizationUserRepositoryTests
             KdfParallelism = 3
         });
 
-        var organization = await organizationRepository.CreateAsync(new Organization
-        {
-            Name = "Test Org",
-            BillingEmail = user1.Email, // TODO: EF does not enforce this being NOT NULL
-            Plan = "Test", // TODO: EF does not enforce this being NOT NULL
-            PrivateKey = "privatekey",
-        });
+        var organization = await organizationRepository.CreateTestOrganizationAsync();
 
         var orgUser1 = await organizationUserRepository.CreateAsync(new OrganizationUser
         {
@@ -536,9 +530,72 @@ public class OrganizationUserRepositoryTests
         Assert.Equal(organization.SmServiceAccounts, result.SmServiceAccounts);
         Assert.Equal(organization.LimitCollectionCreation, result.LimitCollectionCreation);
         Assert.Equal(organization.LimitCollectionDeletion, result.LimitCollectionDeletion);
+        Assert.Equal(organization.LimitItemDeletion, result.LimitItemDeletion);
         Assert.Equal(organization.AllowAdminAccessToAllCollectionItems, result.AllowAdminAccessToAllCollectionItems);
         Assert.Equal(organization.UseRiskInsights, result.UseRiskInsights);
+        Assert.Equal(organization.UseOrganizationDomains, result.UseOrganizationDomains);
         Assert.Equal(organization.UseAdminSponsoredFamilies, result.UseAdminSponsoredFamilies);
+        Assert.Equal(organization.UseAutomaticUserConfirmation, result.UseAutomaticUserConfirmation);
+    }
+
+    [Theory, DatabaseData]
+    public async Task GetManyDetailsByUserAsync_ShouldPopulateSsoPropertiesCorrectly(
+        IUserRepository userRepository,
+        IOrganizationRepository organizationRepository,
+        IOrganizationUserRepository organizationUserRepository,
+        ISsoConfigRepository ssoConfigRepository)
+    {
+        var user = await userRepository.CreateTestUserAsync();
+        var organizationWithSso = await organizationRepository.CreateTestOrganizationAsync();
+        var organizationWithoutSso = await organizationRepository.CreateTestOrganizationAsync();
+
+        var orgUserWithSso = await organizationUserRepository.CreateAsync(new OrganizationUser
+        {
+            OrganizationId = organizationWithSso.Id,
+            UserId = user.Id,
+            Status = OrganizationUserStatusType.Confirmed,
+            Type = OrganizationUserType.Owner,
+            Email = user.Email
+        });
+
+        var orgUserWithoutSso = await organizationUserRepository.CreateAsync(new OrganizationUser
+        {
+            OrganizationId = organizationWithoutSso.Id,
+            UserId = user.Id,
+            Status = OrganizationUserStatusType.Confirmed,
+            Type = OrganizationUserType.User,
+            Email = user.Email
+        });
+
+        // Create SSO configuration for first organization only
+        var serializedSsoConfigData = new SsoConfigurationData
+        {
+            MemberDecryptionType = MemberDecryptionType.KeyConnector,
+            KeyConnectorUrl = "https://keyconnector.example.com"
+        }.Serialize();
+
+        var ssoConfig = await ssoConfigRepository.CreateAsync(new SsoConfig
+        {
+            OrganizationId = organizationWithSso.Id,
+            Enabled = true,
+            Data = serializedSsoConfigData
+        });
+
+        var results = (await organizationUserRepository.GetManyDetailsByUserAsync(user.Id)).ToList();
+
+        Assert.Equal(2, results.Count);
+
+        var orgWithSsoDetails = results.Single(r => r.OrganizationId == organizationWithSso.Id);
+        var orgWithoutSsoDetails = results.Single(r => r.OrganizationId == organizationWithoutSso.Id);
+
+        // Organization with SSO should have SSO properties populated
+        Assert.True(orgWithSsoDetails.SsoEnabled);
+        Assert.NotNull(orgWithSsoDetails.SsoConfig);
+        Assert.Equal(serializedSsoConfigData, orgWithSsoDetails.SsoConfig);
+
+        // Organization without SSO should have null SSO properties
+        Assert.Null(orgWithoutSsoDetails.SsoEnabled);
+        Assert.Null(orgWithoutSsoDetails.SsoConfig);
     }
 
     [DatabaseTheory, DatabaseData]

test/Infrastructure.IntegrationTest/AdminConsole/Repositories/ProviderUserRepositoryTests.cs

@@ -0,0 +1,142 @@
+using Bit.Core.AdminConsole.Entities;
+using Bit.Core.AdminConsole.Entities.Provider;
+using Bit.Core.AdminConsole.Enums.Provider;
+using Bit.Core.AdminConsole.Models.Data.Provider;
+using Bit.Core.AdminConsole.Repositories;
+using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Models.Data;
+using Bit.Core.Auth.Repositories;
+using Bit.Core.Entities;
+using Bit.Core.Repositories;
+using Xunit;
+
+namespace Bit.Infrastructure.IntegrationTest.AdminConsole.Repositories;
+
+public class ProviderUserRepositoryTests
+{
+    [Theory, DatabaseData]
+    public async Task GetManyOrganizationDetailsByUserAsync_ShouldPopulatePropertiesCorrectly(
+        IUserRepository userRepository,
+        IOrganizationRepository organizationRepository,
+        IProviderRepository providerRepository,
+        IProviderUserRepository providerUserRepository,
+        IProviderOrganizationRepository providerOrganizationRepository,
+        ISsoConfigRepository ssoConfigRepository)
+    {
+        var user = await userRepository.CreateTestUserAsync();
+        var organizationWithSso = await organizationRepository.CreateTestOrganizationAsync();
+        var organizationWithoutSso = await organizationRepository.CreateTestOrganizationAsync();
+
+        var provider = await providerRepository.CreateAsync(new Provider
+        {
+            Name = "Test Provider",
+            Enabled = true,
+            Type = ProviderType.Msp
+        });
+
+        var providerUser = await providerUserRepository.CreateAsync(new ProviderUser
+        {
+            ProviderId = provider.Id,
+            UserId = user.Id,
+            Status = ProviderUserStatusType.Confirmed,
+            Type = ProviderUserType.ProviderAdmin
+        });
+
+        var providerOrganizationWithSso = await providerOrganizationRepository.CreateAsync(new ProviderOrganization
+        {
+            ProviderId = provider.Id,
+            OrganizationId = organizationWithSso.Id
+        });
+
+        var providerOrganizationWithoutSso = await providerOrganizationRepository.CreateAsync(new ProviderOrganization
+        {
+            ProviderId = provider.Id,
+            OrganizationId = organizationWithoutSso.Id
+        });
+
+        // Create SSO configuration for first organization only
+        var serializedSsoConfigData = new SsoConfigurationData
+        {
+            MemberDecryptionType = MemberDecryptionType.KeyConnector,
+            KeyConnectorUrl = "https://keyconnector.example.com"
+        }.Serialize();
+
+        var ssoConfig = await ssoConfigRepository.CreateAsync(new SsoConfig
+        {
+            OrganizationId = organizationWithSso.Id,
+            Enabled = true,
+            Data = serializedSsoConfigData
+        });
+        var results = (await providerUserRepository.GetManyOrganizationDetailsByUserAsync(user.Id, ProviderUserStatusType.Confirmed)).ToList();
+
+        Assert.Equal(2, results.Count);
+
+        var orgWithSsoDetails = results.Single(r => r.OrganizationId == organizationWithSso.Id);
+        var orgWithoutSsoDetails = results.Single(r => r.OrganizationId == organizationWithoutSso.Id);
+
+        // Verify all properties for both organizations
+        AssertProviderOrganizationDetails(orgWithSsoDetails, organizationWithSso, user, provider, providerUser);
+        AssertProviderOrganizationDetails(orgWithoutSsoDetails, organizationWithoutSso, user, provider, providerUser);
+
+        // Organization without SSO should have null SSO properties
+        Assert.Null(orgWithoutSsoDetails.SsoEnabled);
+        Assert.Null(orgWithoutSsoDetails.SsoConfig);
+
+        // Organization with SSO should have SSO properties populated
+        Assert.True(orgWithSsoDetails.SsoEnabled);
+        Assert.NotNull(orgWithSsoDetails.SsoConfig);
+        Assert.Equal(serializedSsoConfigData, orgWithSsoDetails.SsoConfig);
+    }
+
+    private static void AssertProviderOrganizationDetails(
+        ProviderUserOrganizationDetails actual,
+        Organization expectedOrganization,
+        User expectedUser,
+        Provider expectedProvider,
+        ProviderUser expectedProviderUser)
+    {
+        // Organization properties
+        Assert.Equal(expectedOrganization.Id, actual.OrganizationId);
+        Assert.Equal(expectedUser.Id, actual.UserId);
+        Assert.Equal(expectedOrganization.Name, actual.Name);
+        Assert.Equal(expectedOrganization.UsePolicies, actual.UsePolicies);
+        Assert.Equal(expectedOrganization.UseSso, actual.UseSso);
+        Assert.Equal(expectedOrganization.UseKeyConnector, actual.UseKeyConnector);
+        Assert.Equal(expectedOrganization.UseScim, actual.UseScim);
+        Assert.Equal(expectedOrganization.UseGroups, actual.UseGroups);
+        Assert.Equal(expectedOrganization.UseDirectory, actual.UseDirectory);
+        Assert.Equal(expectedOrganization.UseEvents, actual.UseEvents);
+        Assert.Equal(expectedOrganization.UseTotp, actual.UseTotp);
+        Assert.Equal(expectedOrganization.Use2fa, actual.Use2fa);
+        Assert.Equal(expectedOrganization.UseApi, actual.UseApi);
+        Assert.Equal(expectedOrganization.UseResetPassword, actual.UseResetPassword);
+        Assert.Equal(expectedOrganization.UsersGetPremium, actual.UsersGetPremium);
+        Assert.Equal(expectedOrganization.UseCustomPermissions, actual.UseCustomPermissions);
+        Assert.Equal(expectedOrganization.SelfHost, actual.SelfHost);
+        Assert.Equal(expectedOrganization.Seats, actual.Seats);
+        Assert.Equal(expectedOrganization.MaxCollections, actual.MaxCollections);
+        Assert.Equal(expectedOrganization.MaxStorageGb, actual.MaxStorageGb);
+        Assert.Equal(expectedOrganization.Identifier, actual.Identifier);
+        Assert.Equal(expectedOrganization.PublicKey, actual.PublicKey);
+        Assert.Equal(expectedOrganization.PrivateKey, actual.PrivateKey);
+        Assert.Equal(expectedOrganization.Enabled, actual.Enabled);
+        Assert.Equal(expectedOrganization.PlanType, actual.PlanType);
+        Assert.Equal(expectedOrganization.LimitCollectionCreation, actual.LimitCollectionCreation);
+        Assert.Equal(expectedOrganization.LimitCollectionDeletion, actual.LimitCollectionDeletion);
+        Assert.Equal(expectedOrganization.LimitItemDeletion, actual.LimitItemDeletion);
+        Assert.Equal(expectedOrganization.AllowAdminAccessToAllCollectionItems, actual.AllowAdminAccessToAllCollectionItems);
+        Assert.Equal(expectedOrganization.UseRiskInsights, actual.UseRiskInsights);
+        Assert.Equal(expectedOrganization.UseOrganizationDomains, actual.UseOrganizationDomains);
+        Assert.Equal(expectedOrganization.UseAdminSponsoredFamilies, actual.UseAdminSponsoredFamilies);
+        Assert.Equal(expectedOrganization.UseAutomaticUserConfirmation, actual.UseAutomaticUserConfirmation);
+
+        // Provider-specific properties
+        Assert.Equal(expectedProvider.Id, actual.ProviderId);
+        Assert.Equal(expectedProvider.Name, actual.ProviderName);
+        Assert.Equal(expectedProvider.Type, actual.ProviderType);
+        Assert.Equal(expectedProviderUser.Id, actual.ProviderUserId);
+        Assert.Equal(expectedProviderUser.Status, actual.Status);
+        Assert.Equal(expectedProviderUser.Type, actual.Type);
+    }
+}