User identification

Authorization through Public Services - how to determine the organization that the authorized user represents?

Hello.

Given:
* Our Portal with services (in development)
* User authorizing on the portal through public services (ESIA, through openid)
* Organization (OGV), on behalf of which the user must perform actions on the portal (different users may have different organizations)

Required determine under which organization the user is authorized.
Is there any sign of this in the API, if not, how to determine belonging to an organization?

What follows is my discussion on the topic.

1. When authorizing on public services, a choice is usually given - under whom to enter, if the user has a link to the organization. However, in the ESIA test environment, under an account marked as "OGV employee, confirmed", there is no choice, it enters immediately as a physical. face.

2. For example, in the SAML protocol there was a parameter globalRole="E" , which meant that we are dealing with a user representative of the organization, in openid there is a similar parameter urn:esia:sbj:typ="P" - for physical. persons and "S" - for the organization (like, but not sure).
I always get "P" under different accounts.

3. Organizations also have a type parameter - the type of organization (“BUSINESS” - IP, “LEGAL” - legal entity, “AGENCY” - OGV).
Is it possible to rely on it in order to classify a user within our portal as an organization found in his AGENCY?

Help me to understand. :)