Suborganizations in Luzmo are like silos for your application's users. By assigning a user to a specific suborganization in the Embed Authorization request, you ensure that they can only see resources from that suborganization (e.g. users, their comments, etc.). When one of your end-users is part of a suborganization, they cannot see other users that are part of the main organization; only the users that are part of the same suborganization will be visible when e.g. sharing a dashboard in the embedded dashboard editor.
The first time a specific suborganization is specified in the Authorization request, a new "suborganization group" is automatically created with the same name. Each of your end-users with that suborganization will be automatically added to this group the first time you request an Authorization token for a given username. If desired, dashboards and datasets can then also be shared and managed like with any other group (make sure you check the "Include embed users and suborganizations" box in the Share modal if you want to share with suborganization groups), facilitating more granular access to specific resources via our UI (rather than via the access property in the Authorization request). More info on managing access granularity can be found in this article.
Take note that changing a user's suborganization can lead to unexpected behavior, such as losing access to resources previously shared with the original suborganization. This may disrupt workflows, as dashboards, alerts, or other tools the user accessed through the suborganization group could become unavailable, resulting in failed alerts or inaccessible dashboards.