[PM-25923] Simplify and align response models for Organization members and Provider users (#6385)

* Update ProviderUserOrganizationDetailsView to include SSO configuration data

* Updated the ProviderUserOrganizationDetailsViewQuery to join with SsoConfigs and select SSO-related fields.
* Modified the SQL view to reflect the inclusion of SSO configuration data.
* Added a new migration script for the updated view structure.

* Add SSO configuration properties to ProviderUserOrganizationDetails model

* Add SSO configuration handling to ProfileProviderOrganizationResponseModel

* Introduced properties for SSO configuration, including SSO enabled status and KeyConnector details.
* Implemented deserialization of SSO configuration data to populate new fields in the response model.

* Add integration tests for ProviderUserRepository.GetManyOrganizationDetailsByUserAsync

* Add BaseUserOrganizationDetails model to encapsulate common properties

* Introduced a new abstract class to define shared properties for organization users and provider organization users

* Add BaseProfileOrganizationResponseModel to encapsulate organization response properties

* Introduced a new abstract class that ensures all properties are fully populated for profile organization responses.

* Update ProviderUserOrganizationDetailsViewQuery to include missing ProviderUserId

* Refactor OrganizationUserOrganizationDetails and ProviderUserOrganizationDetails to inherit from BaseUserOrganizationDetails

* Updated both models to extend BaseUserOrganizationDetails, promoting code reuse and ensure they have the same base properties

* Refactor ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel to inherit from BaseProfileOrganizationResponseModel

* Refactor ProviderUserRepositoryTests to improve organization detail assertions

* Consolidated assertions for organization details into a new method, AssertProviderOrganizationDetails, enhancing code readability and maintainability.
* Updated test cases to verify all relevant properties for organizations with and without SSO configurations.

* Add integration test for GetManyDetailsByUserAsync to verify SSO properties

* Implemented a new test case to ensure that the SSO properties are correctly populated for organizations with and without SSO configurations.
* The test verifies the expected behavior of the method when interacting with the user and organization repositories, including cleanup of created entities after the test execution.

* Add unit tests for ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel

* Introduced tests to validate the constructors of ProfileOrganizationResponseModel and ProfileProviderOrganizationResponseModel, ensuring that all properties are populated correctly based on the provided organization details.
* Verified expected behavior for both organization and provider models, including SSO configurations and relevant properties.

* Update SyncControllerTests.Get_ProviderPlanTypeProperlyPopulated to nullify SSO configurations in provider user organization details

* Refactor BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel for null safety

Updated properties in BaseProfileOrganizationResponseModel and ProfileOrganizationResponseModel to support null safety by introducing nullable types where appropriate.

* Enhance null safety in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails

Updated properties in BaseUserOrganizationDetails and OrganizationUserOrganizationDetails to support null safety by introducing nullable types where appropriate, ensuring better handling of potential null values.

* Move common properties from ProfileOrganizationResponseModel to BaseProfileOrganizationResponseModel

* Refactor organization details: Remove BaseUserOrganizationDetails and introduce IProfileMemberOrganizationDetails interface for improved structure and clarity in organization user data management.

* Enhance OrganizationUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface

* Refactor ProviderUserOrganizationDetails: Implement IProfileMemberOrganizationDetails interface

* Refactor ProfileOrganizationResponseModelTests and ProfileProviderOrganizationResponseModelTests: Update constructors to utilize Organization and ProviderUserOrganizationDetails, enhancing property population and test coverage.

* Enhance ProviderUserOrganizationDetails: Add UseResetPassword, UseSecretsManager, and UsePasswordManager properties to the query and SQL views

* Update BaseProfileOrganizationResponseModel documentation: Clarify purpose and usage of organization properties for OrganizationUsers and ProviderUsers.

* Rename ProfileOrganizationResponseModel to ProfileMemberOrganizationResponseModel, update references and update related test names

* Add XML documentation for ProfileMemberOrganizationResponseModel and ProfileProviderOrganizationResponseModel to clarify their purpose and relationships

* Remove unnecessary cleanup code from OrganizationUserRepositoryTests

* Remove unnecessary cleanup code from ProviderUserRepositoryTests

* Rename test method in ProviderUserRepositoryTests to improve clarity on property population

* Add CreateFullOrganization method to ProviderUserRepositoryTests for improved organization setup in tests

* Refactor organization creation in tests to use CreateTestOrganizationAsync for consistency and improved setup

* Rename IProfileMemberOrganizationDetails to IProfileOrganizationDetails

* Rename ProfileMemberOrganizationResponseModel back to ProfileOrganizationResponseModel

* Refactor organization response models to remove Family Sponsorship properties from BaseProfileOrganizationResponseModel and reintroduce them in ProfileOrganizationResponseModel. Update related interfaces and tests accordingly.

* Bump date on migration script

* Update OrganizationUserOrganizationDetailsViewQuery to include UseAutomaticUserConfirmation property

Author: r-tome

src/Api/AdminConsole/Models/Response/BaseProfileOrganizationResponseModel.cs

@@ -0,0 +1,127 @@
+using System.Text.Json.Serialization;
+using Bit.Core.AdminConsole.Enums.Provider;
+using Bit.Core.AdminConsole.Models.Data;
+using Bit.Core.Auth.Enums;
+using Bit.Core.Auth.Models.Data;
+using Bit.Core.Billing.Enums;
+using Bit.Core.Billing.Extensions;
+using Bit.Core.Enums;
+using Bit.Core.Models.Api;
+using Bit.Core.Models.Data;
+using Bit.Core.Utilities;
+
+namespace Bit.Api.AdminConsole.Models.Response;
+
+/// <summary>
+/// Contains organization properties for both OrganizationUsers and ProviderUsers.
+/// Any organization properties in sync data should be added to this class so they are populated for both
+/// members and providers.
+/// </summary>
+public abstract class BaseProfileOrganizationResponseModel : ResponseModel
+{
+    protected BaseProfileOrganizationResponseModel(
+        string type, IProfileOrganizationDetails organizationDetails) : base(type)
+    {
+        Id = organizationDetails.OrganizationId;
+        UserId = organizationDetails.UserId;
+        Name = organizationDetails.Name;
+        Enabled = organizationDetails.Enabled;
+        Identifier = organizationDetails.Identifier;
+        ProductTierType = organizationDetails.PlanType.GetProductTier();
+        UsePolicies = organizationDetails.UsePolicies;
+        UseSso = organizationDetails.UseSso;
+        UseKeyConnector = organizationDetails.UseKeyConnector;
+        UseScim = organizationDetails.UseScim;
+        UseGroups = organizationDetails.UseGroups;
+        UseDirectory = organizationDetails.UseDirectory;
+        UseEvents = organizationDetails.UseEvents;
+        UseTotp = organizationDetails.UseTotp;
+        Use2fa = organizationDetails.Use2fa;
+        UseApi = organizationDetails.UseApi;
+        UseResetPassword = organizationDetails.UseResetPassword;
+        UsersGetPremium = organizationDetails.UsersGetPremium;
+        UseCustomPermissions = organizationDetails.UseCustomPermissions;
+        UseActivateAutofillPolicy = organizationDetails.PlanType.GetProductTier() == ProductTierType.Enterprise;
+        UseRiskInsights = organizationDetails.UseRiskInsights;
+        UseOrganizationDomains = organizationDetails.UseOrganizationDomains;
+        UseAdminSponsoredFamilies = organizationDetails.UseAdminSponsoredFamilies;
+        UseAutomaticUserConfirmation = organizationDetails.UseAutomaticUserConfirmation;
+        UseSecretsManager = organizationDetails.UseSecretsManager;
+        UsePasswordManager = organizationDetails.UsePasswordManager;
+        SelfHost = organizationDetails.SelfHost;
+        Seats = organizationDetails.Seats;
+        MaxCollections = organizationDetails.MaxCollections;
+        MaxStorageGb = organizationDetails.MaxStorageGb;
+        Key = organizationDetails.Key;
+        HasPublicAndPrivateKeys = organizationDetails.PublicKey != null && organizationDetails.PrivateKey != null;
+        SsoBound = !string.IsNullOrWhiteSpace(organizationDetails.SsoExternalId);
+        ResetPasswordEnrolled = !string.IsNullOrWhiteSpace(organizationDetails.ResetPasswordKey);
+        ProviderId = organizationDetails.ProviderId;
+        ProviderName = organizationDetails.ProviderName;
+        ProviderType = organizationDetails.ProviderType;
+        LimitCollectionCreation = organizationDetails.LimitCollectionCreation;
+        LimitCollectionDeletion = organizationDetails.LimitCollectionDeletion;
+        LimitItemDeletion = organizationDetails.LimitItemDeletion;
+        AllowAdminAccessToAllCollectionItems = organizationDetails.AllowAdminAccessToAllCollectionItems;
+        SsoEnabled = organizationDetails.SsoEnabled ?? false;
+        if (organizationDetails.SsoConfig != null)
+        {
+            var ssoConfigData = SsoConfigurationData.Deserialize(organizationDetails.SsoConfig);
+            KeyConnectorEnabled = ssoConfigData.MemberDecryptionType == MemberDecryptionType.KeyConnector && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl);
+            KeyConnectorUrl = ssoConfigData.KeyConnectorUrl;
+            SsoMemberDecryptionType = ssoConfigData.MemberDecryptionType;
+        }
+    }
+
+    public Guid Id { get; set; }
+    [JsonConverter(typeof(HtmlEncodingStringConverter))]
+    public string Name { get; set; } = null!;
+    public bool Enabled { get; set; }
+    public string? Identifier { get; set; }
+    public ProductTierType ProductTierType { get; set; }
+    public bool UsePolicies { get; set; }
+    public bool UseSso { get; set; }
+    public bool UseKeyConnector { get; set; }
+    public bool UseScim { get; set; }
+    public bool UseGroups { get; set; }
+    public bool UseDirectory { get; set; }
+    public bool UseEvents { get; set; }
+    public bool UseTotp { get; set; }
+    public bool Use2fa { get; set; }
+    public bool UseApi { get; set; }
+    public bool UseResetPassword { get; set; }
+    public bool UseSecretsManager { get; set; }
+    public bool UsePasswordManager { get; set; }
+    public bool UsersGetPremium { get; set; }
+    public bool UseCustomPermissions { get; set; }
+    public bool UseActivateAutofillPolicy { get; set; }
+    public bool UseRiskInsights { get; set; }
+    public bool UseOrganizationDomains { get; set; }
+    public bool UseAdminSponsoredFamilies { get; set; }
+    public bool UseAutomaticUserConfirmation { get; set; }
+    public bool SelfHost { get; set; }
+    public int? Seats { get; set; }
+    public short? MaxCollections { get; set; }
+    public short? MaxStorageGb { get; set; }
+    public string? Key { get; set; }
+    public bool HasPublicAndPrivateKeys { get; set; }
+    public bool SsoBound { get; set; }
+    public bool ResetPasswordEnrolled { get; set; }
+    public bool LimitCollectionCreation { get; set; }
+    public bool LimitCollectionDeletion { get; set; }
+    public bool LimitItemDeletion { get; set; }
+    public bool AllowAdminAccessToAllCollectionItems { get; set; }
+    public Guid? ProviderId { get; set; }
+    [JsonConverter(typeof(HtmlEncodingStringConverter))]
+    public string? ProviderName { get; set; }
+    public ProviderType? ProviderType { get; set; }
+    public bool SsoEnabled { get; set; }
+    public bool KeyConnectorEnabled { get; set; }
+    public string? KeyConnectorUrl { get; set; }
+    public MemberDecryptionType? SsoMemberDecryptionType { get; set; }
+    public bool AccessSecretsManager { get; set; }
+    public Guid? UserId { get; set; }
+    public OrganizationUserStatusType Status { get; set; }
+    public OrganizationUserType Type { get; set; }
+    public Permissions? Permissions { get; set; }
+}

src/Api/AdminConsole/Models/Response/ProfileOrganizationResponseModel.cs

@@ -1,170 +1,52 @@
-// FIXME: Update this file to be null safe and then delete the line below
-#nullable disable
-
-using System.Text.Json.Serialization;
-using Bit.Core.AdminConsole.Enums.Provider;
-using Bit.Core.Auth.Enums;
-using Bit.Core.Auth.Models.Data;
-using Bit.Core.Billing.Enums;
-using Bit.Core.Billing.Extensions;
-using Bit.Core.Enums;
-using Bit.Core.Models.Api;
+using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 using Bit.Core.Models.Data.Organizations.OrganizationUsers;
 using Bit.Core.Utilities;
 
 namespace Bit.Api.AdminConsole.Models.Response;
 
-public class ProfileOrganizationResponseModel : ResponseModel
+/// <summary>
+/// Sync data for organization members and their organization.
+/// Note: see <see cref="ProfileProviderOrganizationResponseModel"/> for organization sync data received by provider users.
+/// </summary>
+public class ProfileOrganizationResponseModel : BaseProfileOrganizationResponseModel
 {
-    public ProfileOrganizationResponseModel(string str) : base(str) { }
-
     public ProfileOrganizationResponseModel(
-        OrganizationUserOrganizationDetails organization,
+        OrganizationUserOrganizationDetails organizationDetails,
         IEnumerable<Guid> organizationIdsClaimingUser)
-        : this("profileOrganization")
+        : base("profileOrganization", organizationDetails)
     {
-        Id = organization.OrganizationId;
-        Name = organization.Name;
-        UsePolicies = organization.UsePolicies;
-        UseSso = organization.UseSso;
-        UseKeyConnector = organization.UseKeyConnector;
-        UseScim = organization.UseScim;
-        UseGroups = organization.UseGroups;
-        UseDirectory = organization.UseDirectory;
-        UseEvents = organization.UseEvents;
-        UseTotp = organization.UseTotp;
-        Use2fa = organization.Use2fa;
-        UseApi = organization.UseApi;
-        UseResetPassword = organization.UseResetPassword;
-        UseSecretsManager = organization.UseSecretsManager;
-        UsePasswordManager = organization.UsePasswordManager;
-        UsersGetPremium = organization.UsersGetPremium;
-        UseCustomPermissions = organization.UseCustomPermissions;
-        UseActivateAutofillPolicy = organization.PlanType.GetProductTier() == ProductTierType.Enterprise;
-        SelfHost = organization.SelfHost;
-        Seats = organization.Seats;
-        MaxCollections = organization.MaxCollections;
-        MaxStorageGb = organization.MaxStorageGb;
-        Key = organization.Key;
-        HasPublicAndPrivateKeys = organization.PublicKey != null && organization.PrivateKey != null;
-        Status = organization.Status;
-        Type = organization.Type;
-        Enabled = organization.Enabled;
-        SsoBound = !string.IsNullOrWhiteSpace(organization.SsoExternalId);
-        Identifier = organization.Identifier;
-        Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organization.Permissions);
-        ResetPasswordEnrolled = !string.IsNullOrWhiteSpace(organization.ResetPasswordKey);
-        UserId = organization.UserId;
-        OrganizationUserId = organization.OrganizationUserId;
-        ProviderId = organization.ProviderId;
-        ProviderName = organization.ProviderName;
-        ProviderType = organization.ProviderType;
-        FamilySponsorshipFriendlyName = organization.FamilySponsorshipFriendlyName;
-        IsAdminInitiated = organization.IsAdminInitiated ?? false;
-        FamilySponsorshipAvailable = (FamilySponsorshipFriendlyName == null || IsAdminInitiated) &&
+        Status = organizationDetails.Status;
+        Type = organizationDetails.Type;
+        OrganizationUserId = organizationDetails.OrganizationUserId;
+        UserIsClaimedByOrganization = organizationIdsClaimingUser.Contains(organizationDetails.OrganizationId);
+        Permissions = CoreHelpers.LoadClassFromJsonData<Permissions>(organizationDetails.Permissions);
+        IsAdminInitiated = organizationDetails.IsAdminInitiated ?? false;
+        FamilySponsorshipFriendlyName = organizationDetails.FamilySponsorshipFriendlyName;
+        FamilySponsorshipLastSyncDate = organizationDetails.FamilySponsorshipLastSyncDate;
+        FamilySponsorshipToDelete = organizationDetails.FamilySponsorshipToDelete;
+        FamilySponsorshipValidUntil = organizationDetails.FamilySponsorshipValidUntil;
+        FamilySponsorshipAvailable = (organizationDetails.FamilySponsorshipFriendlyName == null || IsAdminInitiated) &&
             StaticStore.GetSponsoredPlan(PlanSponsorshipType.FamiliesForEnterprise)
-            .UsersCanSponsor(organization);
-        ProductTierType = organization.PlanType.GetProductTier();
-        FamilySponsorshipLastSyncDate = organization.FamilySponsorshipLastSyncDate;
-        FamilySponsorshipToDelete = organization.FamilySponsorshipToDelete;
-        FamilySponsorshipValidUntil = organization.FamilySponsorshipValidUntil;
-        AccessSecretsManager = organization.AccessSecretsManager;
-        LimitCollectionCreation = organization.LimitCollectionCreation;
-        LimitCollectionDeletion = organization.LimitCollectionDeletion;
-        LimitItemDeletion = organization.LimitItemDeletion;
-        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
-        UserIsClaimedByOrganization = organizationIdsClaimingUser.Contains(organization.OrganizationId);
-        UseRiskInsights = organization.UseRiskInsights;
-        UseOrganizationDomains = organization.UseOrganizationDomains;
-        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
-        SsoEnabled = organization.SsoEnabled ?? false;
-
-        if (organization.SsoConfig != null)
-        {
-            var ssoConfigData = SsoConfigurationData.Deserialize(organization.SsoConfig);
-            KeyConnectorEnabled = ssoConfigData.MemberDecryptionType == MemberDecryptionType.KeyConnector && !string.IsNullOrEmpty(ssoConfigData.KeyConnectorUrl);
-            KeyConnectorUrl = ssoConfigData.KeyConnectorUrl;
-            SsoMemberDecryptionType = ssoConfigData.MemberDecryptionType;
-        }
-
-        UseAutomaticUserConfirmation = organization.UseAutomaticUserConfirmation;
+            .UsersCanSponsor(organizationDetails);
+        AccessSecretsManager = organizationDetails.AccessSecretsManager;
     }
 
-    public Guid Id { get; set; }
-    [JsonConverter(typeof(HtmlEncodingStringConverter))]
-    public string Name { get; set; }
-    public bool UsePolicies { get; set; }
-    public bool UseSso { get; set; }
-    public bool UseKeyConnector { get; set; }
-    public bool UseScim { get; set; }
-    public bool UseGroups { get; set; }
-    public bool UseDirectory { get; set; }
-    public bool UseEvents { get; set; }
-    public bool UseTotp { get; set; }
-    public bool Use2fa { get; set; }
-    public bool UseApi { get; set; }
-    public bool UseResetPassword { get; set; }
-    public bool UseSecretsManager { get; set; }
-    public bool UsePasswordManager { get; set; }
-    public bool UsersGetPremium { get; set; }
-    public bool UseCustomPermissions { get; set; }
-    public bool UseActivateAutofillPolicy { get; set; }
-    public bool SelfHost { get; set; }
-    public int? Seats { get; set; }
-    public short? MaxCollections { get; set; }
-    public short? MaxStorageGb { get; set; }
-    public string Key { get; set; }
-    public OrganizationUserStatusType Status { get; set; }
-    public OrganizationUserType Type { get; set; }
-    public bool Enabled { get; set; }
-    public bool SsoBound { get; set; }
-    public string Identifier { get; set; }
-    public Permissions Permissions { get; set; }
-    public bool ResetPasswordEnrolled { get; set; }
-    public Guid? UserId { get; set; }
     public Guid OrganizationUserId { get; set; }
-    public bool HasPublicAndPrivateKeys { get; set; }
-    public Guid? ProviderId { get; set; }
-    [JsonConverter(typeof(HtmlEncodingStringConverter))]
-    public string ProviderName { get; set; }
-    public ProviderType? ProviderType { get; set; }
-    public string FamilySponsorshipFriendlyName { get; set; }
+    public bool UserIsClaimedByOrganization { get; set; }
+    public string? FamilySponsorshipFriendlyName { get; set; }
     public bool FamilySponsorshipAvailable { get; set; }
-    public ProductTierType ProductTierType { get; set; }
-    public bool KeyConnectorEnabled { get; set; }
-    public string KeyConnectorUrl { get; set; }
     public DateTime? FamilySponsorshipLastSyncDate { get; set; }
     public DateTime? FamilySponsorshipValidUntil { get; set; }
     public bool? FamilySponsorshipToDelete { get; set; }
-    public bool AccessSecretsManager { get; set; }
-    public bool LimitCollectionCreation { get; set; }
-    public bool LimitCollectionDeletion { get; set; }
-    public bool LimitItemDeletion { get; set; }
-    public bool AllowAdminAccessToAllCollectionItems { get; set; }
+    public bool IsAdminInitiated { get; set; }
     /// <summary>
-    /// Obsolete.
-    /// See <see cref="UserIsClaimedByOrganization"/>
+    /// Obsolete property for backward compatibility
     /// </summary>
     [Obsolete("Please use UserIsClaimedByOrganization instead. This property will be removed in a future version.")]
     public bool UserIsManagedByOrganization
     {
         get => UserIsClaimedByOrganization;
         set => UserIsClaimedByOrganization = value;
     }
-    /// <summary>
-    /// Indicates if the user is claimed by the organization.
-    /// </summary>
-    /// <remarks>
-    /// A user is claimed by an organization if the user's email domain is verified by the organization and the user is a member.
-    /// The organization must be enabled and able to have verified domains.
-    /// </remarks>
-    public bool UserIsClaimedByOrganization { get; set; }
-    public bool UseRiskInsights { get; set; }
-    public bool UseOrganizationDomains { get; set; }
-    public bool UseAdminSponsoredFamilies { get; set; }
-    public bool IsAdminInitiated { get; set; }
-    public bool SsoEnabled { get; set; }
-    public MemberDecryptionType? SsoMemberDecryptionType { get; set; }
-    public bool UseAutomaticUserConfirmation { get; set; }
 }

src/Api/AdminConsole/Models/Response/ProfileProviderOrganizationResponseModel.cs

@@ -1,57 +1,24 @@
 using Bit.Core.AdminConsole.Models.Data.Provider;
-using Bit.Core.Billing.Enums;
-using Bit.Core.Billing.Extensions;
 using Bit.Core.Enums;
 using Bit.Core.Models.Data;
 
 namespace Bit.Api.AdminConsole.Models.Response;
 
-public class ProfileProviderOrganizationResponseModel : ProfileOrganizationResponseModel
+/// <summary>
+/// Sync data for provider users and their managed organizations.
+/// Note: see <see cref="ProfileOrganizationResponseModel"/> for organization sync data received by organization members.
+/// </summary>
+public class ProfileProviderOrganizationResponseModel : BaseProfileOrganizationResponseModel
 {
-    public ProfileProviderOrganizationResponseModel(ProviderUserOrganizationDetails organization)
-        : base("profileProviderOrganization")
+    public ProfileProviderOrganizationResponseModel(ProviderUserOrganizationDetails organizationDetails)
+        : base("profileProviderOrganization", organizationDetails)
     {
-        Id = organization.OrganizationId;
-        Name = organization.Name;
-        UsePolicies = organization.UsePolicies;
-        UseSso = organization.UseSso;
-        UseKeyConnector = organization.UseKeyConnector;
-        UseScim = organization.UseScim;
-        UseGroups = organization.UseGroups;
-        UseDirectory = organization.UseDirectory;
-        UseEvents = organization.UseEvents;
-        UseTotp = organization.UseTotp;
-        Use2fa = organization.Use2fa;
-        UseApi = organization.UseApi;
-        UseResetPassword = organization.UseResetPassword;
-        UsersGetPremium = organization.UsersGetPremium;
-        UseCustomPermissions = organization.UseCustomPermissions;
-        UseActivateAutofillPolicy = organization.PlanType.GetProductTier() == ProductTierType.Enterprise;
-        SelfHost = organization.SelfHost;
-        Seats = organization.Seats;
-        MaxCollections = organization.MaxCollections;
-        MaxStorageGb = organization.MaxStorageGb;
-        Key = organization.Key;
-        HasPublicAndPrivateKeys = organization.PublicKey != null && organization.PrivateKey != null;
         Status = OrganizationUserStatusType.Confirmed; // Provider users are always confirmed
         Type = OrganizationUserType.Owner; // Provider users behave like Owners
-        Enabled = organization.Enabled;
-        SsoBound = false;
-        Identifier = organization.Identifier;
+        ProviderId = organizationDetails.ProviderId;
+        ProviderName = organizationDetails.ProviderName;
+        ProviderType = organizationDetails.ProviderType;
         Permissions = new Permissions();
-        ResetPasswordEnrolled = false;
-        UserId = organization.UserId;
-        ProviderId = organization.ProviderId;
-        ProviderName = organization.ProviderName;
-        ProviderType = organization.ProviderType;
-        ProductTierType = organization.PlanType.GetProductTier();
-        LimitCollectionCreation = organization.LimitCollectionCreation;
-        LimitCollectionDeletion = organization.LimitCollectionDeletion;
-        LimitItemDeletion = organization.LimitItemDeletion;
-        AllowAdminAccessToAllCollectionItems = organization.AllowAdminAccessToAllCollectionItems;
-        UseRiskInsights = organization.UseRiskInsights;
-        UseOrganizationDomains = organization.UseOrganizationDomains;
-        UseAdminSponsoredFamilies = organization.UseAdminSponsoredFamilies;
-        UseAutomaticUserConfirmation = organization.UseAutomaticUserConfirmation;
+        AccessSecretsManager = false; // Provider users cannot access Secrets Manager
     }
 }