> ## Documentation Index > Fetch the complete documentation index at: https://docs.chainloop.dev/llms.txt > Use this file to discover all available pages before exploring further. # Restrict organization creation to specific users This feature is only available on Chainloop's platform [paid plans](https://chainloop.dev/pricing). By default, Chainloop allows any registered user to create as many organizations as they want. This behavior can be changed to restrict organization creation to specific users. This is done in two steps: 1. In the Chainloop Controlplane, set a flag to restrict the creation of organizations. 2. In the Chainloop Platform, indicate which users are allowed to create organizations. ## Step 1: Restrict organization creation in the Chainloop Controlplane ```yaml Chainloop Chart values.yaml theme={"dark"} controlplane: # tell the chainloop controlplane to restrict organization creation to instance admins restrictOrgCreation: true ``` Once this flag is set, regular users will receive the following error when trying to create an organization: ```sh theme={"dark"} $ chainloop org create --name testing ERR creation of organizations is restricted to instance admins ``` ## Step 2: Configure instance admins in the Chainloop Platform The second step is to tell Chainloop who is `instance admin` in the platform and hence can create organizations. This is done by leveraging the [`auto_onboarding`](/guides/deployment/guides/provisioning) feature configured in the platform Helm Chart values.yaml file. Use this snippet if you have configured static provisioning in the platform: ```yaml Platform Chart values.yaml theme={"dark"} backend: auto_onboarding: enabled: true static_config: instance_admin_spec: rules: - "user1@example.com" # Specific user - "@mydomain.com" # All users in the domain ``` For dynamic provisioning, make sure your claims contain the special `instance` organization and `admin` role. For example, if you are using OIDC, your groups claim would look like this: ```json theme={"dark"} { ... "groups": ["chainloop_instance_admin"], ... } ``` Check [provisioning documentation](/guides/deployment/guides/provisioning) for more details on how to configure dynamic provisioning.