feat(ui,localizations,shared): rename the organization profile SSO page to Security

[iagodahlem]

The <OrganizationProfile /> self-serve SSO surface is becoming a "Security" page that will host more organization security settings over time, mirroring UserProfile's Security tab — SSO is its first section. This PR is the nomenclature half of that reframe:

• Navbar entry renamed "Single Sign-On (SSO)" → "Security" with the shield icon; a new organizationProfile.navbar.security localization key replaces organizationProfile.navbar.selfServeSSO
• Route path organization-self-serve-sso → organization-security; the page component is now OrganizationSecurityPage
• <OrganizationProfile.Page label="security" /> reordering now targets this page

The self-serve SSO feature gates (shouldShowSelfServeSSO, environment settings) and the ConfigureSSO wizard itself intentionally keep their names — only the hosting page's identity changes. The old localization key and route path are removed rather than aliased since the page is still feature-gated/pre-GA.

ORGS-1606

Summary by CodeRabbit

• Chores
  • Rebranded the Single Sign-On feature section in Organization Profile as "Security" with updated navigation labels, icons, and route paths to better reflect the feature's purpose.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jun 10, 2026 1:55pm

[changeset-bot]

🦋 Changeset detected

Latest commit: a5ad23c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 20 packages

Name	Type
@clerk/localizations	Patch
@clerk/clerk-js	Patch
@clerk/shared	Patch
@clerk/ui	Patch
@clerk/react	Patch
@clerk/chrome-extension	Patch
@clerk/expo	Patch
@clerk/astro	Patch
@clerk/backend	Patch
@clerk/expo-passkeys	Patch
@clerk/express	Patch
@clerk/fastify	Patch
@clerk/hono	Patch
@clerk/msw	Patch
@clerk/nextjs	Patch
@clerk/nuxt	Patch
@clerk/react-router	Patch
@clerk/tanstack-react-start	Patch
@clerk/testing	Patch
@clerk/vue	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Repository UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: f18e4c54-2b53-49a6-8a83-6eb0108558ad

📥 Commits

Reviewing files that changed from the base of the PR and between c8c3a09 and a5ad23c.

📒 Files selected for processing (9)

• .changeset/perky-plums-agree.md
• packages/localizations/src/en-US.ts
• packages/shared/src/types/localization.ts
• packages/ui/src/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/ui/src/components/OrganizationProfile/OrganizationSecurityPage.tsx
• packages/ui/src/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx
• packages/ui/src/constants.ts
• packages/ui/src/contexts/components/OrganizationProfile.ts
• packages/ui/src/utils/createCustomPages.tsx

✅ Files skipped from review due to trivial changes (2)

• .changeset/perky-plums-agree.md
• packages/ui/src/constants.ts

🚧 Files skipped from review as they are similar to previous changes (6)

• packages/ui/src/components/OrganizationProfile/tests/OrganizationProfile.test.tsx
• packages/ui/src/components/OrganizationProfile/OrganizationSecurityPage.tsx
• packages/localizations/src/en-US.ts
• packages/ui/src/contexts/components/OrganizationProfile.ts
• packages/ui/src/components/OrganizationProfile/OrganizationProfileRoutes.tsx
• packages/ui/src/utils/createCustomPages.tsx

---

📝 Walkthrough

Walkthrough

The pull request renames the OrganizationProfile self-serve SSO page to "Security" across localization, type definitions, route constants, context types, component exports, routing logic, and test assertions. The route path changes from organization-self-serve-sso to organization-security, the navbar icon changes from Connections to ShieldCheck, and corresponding flag names and localization keys are updated throughout.

Changes

OrganizationProfile Security Page Rename

Layer / File(s)	Summary
Localization Schema and Constants packages/localizations/src/en-US.ts, packages/shared/src/types/localization.ts, packages/ui/src/constants.ts	Localization key organizationProfile.navbar.selfServeSSO is replaced with security, and the route constant ORGANIZATION_PROFILE_NAVBAR_ROUTE_ID.SECURITY is updated from SELF_SERVE_SSO.
Context Type and Page Root Flag packages/ui/src/contexts/components/OrganizationProfile.ts	OrganizationProfileContextType field isSelfServeSsoPageRoot is renamed to isSecurityPageRoot, computed by matching the route ID against ORGANIZATION_PROFILE_NAVBAR_ROUTE_ID.SECURITY.
Security Page Component Rename packages/ui/src/components/OrganizationProfile/OrganizationSecurityPage.tsx	Component OrganizationSelfServeSSOPage and its props type are renamed to OrganizationSecurityPage and OrganizationSecurityPageProps.
Routing and Dynamic Import packages/ui/src/components/OrganizationProfile/OrganizationProfileRoutes.tsx	Route path changes to organization-security, lazy-loaded component switches to OrganizationSecurityPage, and context destructuring uses the new isSecurityPageRoot flag.
Default Routes Generation packages/ui/src/utils/createCustomPages.tsx	Icon import changes from Connections to ShieldCheck, route generation logic updates parameter contract from selfServeSSO to security, and default route list includes organization-security with ShieldCheck icon.
Test Coverage Update packages/ui/src/components/OrganizationProfile/__tests__/OrganizationProfile.test.tsx	Component import switches to OrganizationSecurityPage, expected UI label assertions update from Single Sign-On (SSO) to Security across enabled, disabled, and opt-in test cases.
Release Documentation .changeset/perky-plums-agree.md	Changeset documents patch releases for @clerk/localizations, @clerk/clerk-js, @clerk/shared, and @clerk/ui with the SSO to Security page rename, route path, and icon updates.

🎯 2 (Simple) | ⏱️ ~12 minutes

🐰 A rename from SSO to Security flows,
With shields and routes that brightly show,
Contexts and tests in harmony go,
Localization keys now proudly glow! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: renaming the organization profile SSO page to Security across UI, localizations, and shared packages.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

Warning

Review ran into problems

🔥 Problems

Stopped waiting for pipeline failures after 30000ms. One of your pipelines takes longer than our 30000ms fetch window to run, so review may not consider pipeline-failure results for inline comments if any failures occurred after the fetch window. Increase the timeout if you want to wait longer or run a @coderabbit review after the pipeline has finished.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8796

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8796

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8796

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8796

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8796

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8796

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8796

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8796

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8796

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8796

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8796

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8796

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8796

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8796

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8796

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8796

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8796

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8796

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8796

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8796

commit: a5ad23c

[github-actions]

API Changes Report

Generated by Break Check on 2026-06-10T13:58:37.224Z

Summary

Metric	Count
Packages analyzed	19
Packages with changes	3
🔴 Breaking changes	10
🟡 Non-breaking changes	2
🟢 Additions	14

Warning
10 breaking change(s) detected - Major version bump required

🤖 This report was reviewed by claude-sonnet-4-6.

Note
Break Check could not snapshot 3 subpaths; the diff below excludes them.

• @clerk/astro ./env: Internal Error: Unable to determine module for: /home/runner/_work/javascript/javascript/packages/astro/env.d.ts You have encountered a software defect. Please consider reporting the issue to the maintainers of this application.
• @clerk/shared ./cookie: Internal Error: Unable to follow symbol for "Cookies" You have encountered a software defect. Please consider reporting the issue to the maintainers of this application.
• @clerk/testing ./cypress: Symbol not found for identifier: Cypress

🔴 Breaking changes index (10)

Every breaking change, up front. Full diffs are in the package sections below.

Package	Subpath	Change
@clerk/astro	./client	$authStore
@clerk/astro	./client	$organizationStore
@clerk/astro	./client	$userStore
@clerk/expo	.	TokenCache.clearToken
@clerk/expo	./native	AuthViewProps.isDismissible
@clerk/expo	./native	AuthViewProps.onDismiss
@clerk/expo	./native	UserButton
@clerk/expo	./native	UserProfileViewProps.isDismissible
@clerk/expo	./native	UserProfileViewProps.onDismiss
@clerk/expo	./types	TokenCache.clearToken

---

@clerk/expo

Version: 3.4.0 → 3.3.1
Recommended bump: MAJOR

Subpath .

🔴 Breaking Changes (1)

Changed: TokenCache.clearToken

- clearToken?: (key: string) => void | Promise<void>;
+ clearToken?: (key: string) => void;

Static analyzer: Breaking change in property TokenCache.clearToken: Type changed: clearToken?:(key:string)=>void|!Promise:interface<void>; → clearToken?:(key:string)=>void;

🤖 AI review (confirmed) (85%): The return type of clearToken was narrowed from void | Promise<void> to void, so any consumer whose implementation returns a Promise<void> (async function) is now type-incompatible with the interface.

Migration: Change your clearToken implementation to return void synchronously, or remove the async keyword and await internally, ensuring it no longer returns a Promise<void>.

🟢 Additions (11)

Click to expand 11 changes

Added: NativeAuthStateEvent

+ export interface NativeAuthStateEvent

Added interface NativeAuthStateEvent

Added: NativeAuthStateEvent.sessionId

+ sessionId: string | null;

Added property NativeAuthStateEvent.sessionId

Added: NativeAuthStateEvent.type

+ type: 'signedIn' | 'signedOut';

Added property NativeAuthStateEvent.type

Added: useNativeAuthEvents

+ export declare function useNativeAuthEvents(): UseNativeAuthEventsReturn;

Added function useNativeAuthEvents

Added: UseNativeAuthEventsReturn

+ export interface UseNativeAuthEventsReturn

Added interface UseNativeAuthEventsReturn

Added: UseNativeAuthEventsReturn.isSupported

+ isSupported: boolean;

Added property UseNativeAuthEventsReturn.isSupported

Added: UseNativeAuthEventsReturn.nativeAuthState

+ nativeAuthState: NativeAuthStateEvent | null;

Added property UseNativeAuthEventsReturn.nativeAuthState

Added: useUserProfileModal

+ export declare function useUserProfileModal(): UseUserProfileModalReturn;

Added function useUserProfileModal

Added: UseUserProfileModalReturn

+ export interface UseUserProfileModalReturn

Added interface UseUserProfileModalReturn

Added: UseUserProfileModalReturn.isAvailable

+ isAvailable: boolean;

Added property UseUserProfileModalReturn.isAvailable

Added: UseUserProfileModalReturn.presentUserProfile

+ presentUserProfile: () => Promise<void>;

Added property UseUserProfileModalReturn.presentUserProfile

Subpath ./native

🔴 Breaking Changes (5)

Changed: AuthViewProps.isDismissible

- isDismissible?: boolean;

Static analyzer: Removed property AuthViewProps.isDismissible

🤖 AI review (confirmed) (95%): Removing the optional property isDismissible from AuthViewProps is breaking for consumers who read or reference this property on objects typed as AuthViewProps.

Migration: Replace isDismissible with the new isDismissable property (note spelling change) when constructing or reading AuthViewProps objects.

Changed: AuthViewProps.onDismiss

- onDismiss?: () => void;

Static analyzer: Removed property AuthViewProps.onDismiss

🤖 AI review (confirmed) (95%): Removing the optional onDismiss callback property from AuthViewProps is breaking for consumers who pass or rely on this prop.

Migration: Remove usage of onDismiss from any AuthViewProps object literals or find an alternative dismiss handler in the updated API.

Changed: UserButton

- export declare function UserButton(): import("react/jsx-runtime").JSX.Element | null;
+ export declare function UserButton(_props: UserButtonProps): import("react/jsx-runtime").JSX.Element;

Static analyzer: Breaking change in function UserButton: Return type changed: import("@types/react").JSX.Element|null → import("@types/react").JSX.Element; Required parameter _props was added

🤖 AI review (confirmed) (90%): Adding a required parameter _props: UserButtonProps to UserButton means existing call sites UserButton() with no arguments will fail to compile.

Migration: Update all call sites to pass a UserButtonProps object, e.g. <UserButton {...props} /> or UserButton({}) if no props are needed.

Changed: UserProfileViewProps.isDismissible

- isDismissible?: boolean;

Static analyzer: Removed property UserProfileViewProps.isDismissible

🤖 AI review (confirmed) (90%): Removing the optional isDismissible property from UserProfileViewProps breaks consumers who pass or reference this property.

Migration: Replace isDismissible with the renamed isDismissable property (if available) or remove it from any UserProfileViewProps usages.

Changed: UserProfileViewProps.onDismiss

- onDismiss?: () => void;

Static analyzer: Removed property UserProfileViewProps.onDismiss

🤖 AI review (confirmed) (90%): Removing the optional onDismiss callback from UserProfileViewProps breaks consumers who pass this prop.

Migration: Remove onDismiss from any UserProfileViewProps object literals and find an alternative dismiss handler in the updated API.

🟡 Non-breaking Changes (1)

Modified: AuthView

- export declare function AuthView(input: AuthViewProps): ReactElement;
+ export declare function AuthView(input: AuthViewProps): import("react/jsx-runtime").JSX.Element;

Static analyzer: Breaking change in function AuthView: Return type changed: import("@types/react").React.ReactElement → import("@types/react").JSX.Element

🤖 AI review (reclassified as non-breaking) (90%): Both React.ReactElement and JSX.Element from react/jsx-runtime are structurally equivalent React element types; consumers reading the return value of AuthView are not broken because the resolved shape is identical.

🟢 Additions (3)

Added: AuthViewProps.isDismissable

+ isDismissable?: boolean;

Added property AuthViewProps.isDismissable

Added: UserButtonProps

+ export interface UserButtonProps

Added interface UserButtonProps

Added: UserProfileViewProps.isDismissable

+ isDismissable?: boolean;

Added property UserProfileViewProps.isDismissable

Subpath ./types

🔴 Breaking Changes (1)

Changed: TokenCache.clearToken

- clearToken?: (key: string) => void | Promise<void>;
+ clearToken?: (key: string) => void;

Static analyzer: Breaking change in property TokenCache.clearToken: Type changed: clearToken?:(key:string)=>void|!Promise:interface<void>; → clearToken?:(key:string)=>void;

🤖 AI review (confirmed) (85%): The return type of clearToken was narrowed from void | Promise<void> to void, so any consumer whose implementation returns a Promise<void> (i.e., an async function) will no longer satisfy the narrower type and their code will fail to compile.

Migration: Change your clearToken implementation to return void synchronously, or wrap the async logic so the function signature no longer returns a Promise (e.g., call the async operation without await and do not return the promise).

---

@clerk/astro

Version: 3.4.0 → 3.3.3
Recommended bump: MAJOR

Subpath ./client

🔴 Breaking Changes (3)

Changed: $authStore

  $authStore: nanostores.ReadableAtom<{
      userId: string | null | undefined;
-     user: _clerk_shared__chunks_index_U8nAlSHe.hs | null | undefined;
+     user: _clerk_shared__chunks_index_CmH2iwBO.hs | null | undefined;
      sessionId: string | null | undefined;
-     session: _clerk_shared__chunks_index_U8nAlSHe.es | null | undefined;
+     session: _clerk_shared__chunks_index_CmH2iwBO.es | null | undefined;
      sessionStatus: "active" | "pending" | undefined;
-     sessionClaims: _clerk_shared__chunks_index_U8nAlSHe.ro | null | undefined;
-     organization: _clerk_shared__chunks_index_U8nAlSHe.Co | null | undefined;
+     sessionClaims: _clerk_shared__chunks_index_CmH2iwBO.ro | null | undefined;
+     organization: _clerk_shared__chunks_index_CmH2iwBO.Co | null | undefined;
      orgId: string | null | undefined;
      orgRole: string | null | undefined;
      orgSlug: string | null | undefined;
-     orgPermissions: _clerk_shared__chunks_index_U8nAlSHe.ym<_clerk_shared__chunks_index_U8nAlSHe.uo>[] | null | undefined;
-     actor: _clerk_shared__chunks_index_U8nAlSHe.Qa | null | undefined;
+     orgPermissions: _clerk_shared__chunks_index_CmH2iwBO.ym<_clerk_shared__chunks_index_CmH2iwBO.uo>[] | null | undefined;
+     actor: _clerk_shared__chunks_index_CmH2iwBO.Qa | null | undefined;
      factorVerificationAge: [number, number] | null;
  }>

Static analyzer: Breaking change in variable $authStore: Type changed: $authStore:import("nanostores").ReadableAtom<{userId:string|null|undefined;user:!_clerk_shared__chunks_index_U8nAlSHe.h… → $authStore:import("nanostores").ReadableAtom<{userId:string|null|undefined;user:!_clerk_shared__chunks_index_CmH2iwBO.h…

🤖 AI review (confirmed) (95%): The type references a private internal chunk path _clerk_shared__chunks_index_CmH2iwBO (a content-hashed bundler chunk) instead of _clerk_shared__chunks_index_U8nAlSHe; per rule 12, chunk paths with hash suffixes are non-resolvable, so consumers cannot import or structurally verify these types, causing a compile failure regardless of structural equivalence.

Migration: Upgrade to the version of @clerk/shared that matches this release of @clerk/astro; the chunk path is an internal implementation detail and consumers should not reference it directly.

Changed: $organizationStore

- $organizationStore: nanostores.ReadableAtom<_clerk_shared__chunks_index_U8nAlSHe.Co | null | undefined>
+ $organizationStore: nanostores.ReadableAtom<_clerk_shared__chunks_index_CmH2iwBO.Co | null | undefined>

Static analyzer: Breaking change in variable $organizationStore: Type changed: $organizationStore:import("nanostores").ReadableAtom<!_clerk_shared__chunks_index_U8nAlSHe.Co:type|null|undefined> → $organizationStore:import("nanostores").ReadableAtom<!_clerk_shared__chunks_index_CmH2iwBO.Co:type|null|undefined>

🤖 AI review (confirmed) (95%): The type references the non-resolvable private chunk _clerk_shared__chunks_index_CmH2iwBO (content-hashed bundler chunk), replacing the previous _clerk_shared__chunks_index_U8nAlSHe; per rule 12 this is breaking because consumers cannot resolve the new module specifier.

Migration: Upgrade all @clerk/* packages together as a matched set so the internal chunk references align; do not import from these private chunk paths directly.

Changed: $userStore

- $userStore: nanostores.ReadableAtom<_clerk_shared__chunks_index_U8nAlSHe.hs | null | undefined>
+ $userStore: nanostores.ReadableAtom<_clerk_shared__chunks_index_CmH2iwBO.hs | null | undefined>

Static analyzer: Breaking change in variable $userStore: Type changed: $userStore:import("nanostores").ReadableAtom<!_clerk_shared__chunks_index_U8nAlSHe.hs:type|null|undefined> → $userStore:import("nanostores").ReadableAtom<!_clerk_shared__chunks_index_CmH2iwBO.hs:type|null|undefined>

🤖 AI review (confirmed) (95%): The type references the non-resolvable private chunk _clerk_shared__chunks_index_CmH2iwBO (content-hashed bundler chunk), replacing _clerk_shared__chunks_index_U8nAlSHe; per rule 12 this is breaking because the module specifier is not a public entry point and cannot be resolved by consumers.

Migration: Upgrade all @clerk/* packages together as a matched set so the internal chunk references align; do not import from these private chunk paths directly.

---

@clerk/shared

Version: 4.16.0 → 4.15.0
Recommended bump: MINOR

Subpath ./types

🟡 Non-breaking Changes (1)

Modified: __internal_LocalizationResource

// ... 928 unchanged lines elided ...
        members: LocalizationValue;
        billing: LocalizationValue;
        apiKeys: LocalizationValue;
-       selfServeSSO: LocalizationValue;
+       security: LocalizationValue;
      };
      badge__unverified: LocalizationValue;
      badge__automaticInvitation: LocalizationValue;
// ... 972 unchanged lines elided ...

Static analyzer: Breaking change in type alias __internal_LocalizationResource: Type changed: {locale:string;maintenanceMode:import("@clerk/shared").LocalizationValue;roles:{[r:string]:import("@clerk/shared").Loca… → {locale:string;maintenanceMode:import("@clerk/shared").LocalizationValue;roles:{[r:string]:import("@clerk/shared").Loca…

🤖 AI review (reclassified as non-breaking) (85%): The before and after snippets are textually identical in all visible portions — the 1827 elided lines are the same count in both — so no structural difference can be confirmed; __internal_LocalizationResource is used only as the source for DeepPartial<DeepLocalizationWithoutObjects<...>> in LocalizationResource, making it an output/read type, and any newly added optional fields in an output type are non-breaking.

---

Report generated by Break Check

_{Last ran on a5ad23c.}

[LauraBeatris]

Suggested change

	{shouldShowSelfServeSSO ? (
	{shouldShowSecurityPage ? (

We only have organization.self_serve_sso_enabled for now to determine this, but once we have per org settings such as MFA, etc, we can move this condition to within the page content