Cross-org search

The platform /orgs listing only filters on org-level fields (name, slug, owner email). When a customer says “our camera ID 5e3c… went offline and we can’t reproduce it,” you need to find which org owns that ID without first impersonating every org in turn. That is what cross-org search exists for.

Cross-org search returns only identifiers and counts, never tenant content — no event transcripts, no clip thumbnails, no user PII beyond owner email. The intent is to locate the target org and pivot into a focused impersonation. Every query is audited as platform.cross_org_search with the search term hash and result count (see Audit expectations).

Note: the PRD explicitly omits cross-tenant content search (prd-platform-admin.md §8) — searching across orgs for, say, all events containing the word “person” is deliberately not supported because it would be a privacy nightmare. What this page covers is identifier lookup, not content search.

Caution

Never paste a customer’s raw search term (email, device serial) into any public channel or ticket. Use the in-product search, let the audit trail carry the record, and refer to the target by org_id in internal discussion.

Procedure — search for a camera by ID

1. Open /platform/search from the platform console left nav.

2. Choose Entity type: Camera from the dropdown.
3. Paste the camera UUID (or the camera_id prefix — minimum 8 characters). Submit.
4. Result row shows: org_id, org name, site name, camera name, online/offline, last_seen_at. Nothing more. No stream URL, no thumbnail, no recent events.

5. Click the org_id to pivot — this opens the org detail page (still no tenant content). From there, mint a scoped token if you need to enter the org. See How scoped impersonation works.

Procedure — search for a user by email

1. Entity type: User.
2. Paste the email (full or @domain suffix for domain-wide search).
3. Result shows: org_id, org name, role, enabled/disabled, last_login_at. Not the user’s display name if it differs from email.

A common case: a prospect says “your product emailed my colleague, but they can’t log in” — paste the domain, find the org, confirm the user exists and is enabled. Usually the issue is the Owner sat on the invite and the temp password expired. Do not read the user’s audit log without impersonating.

Procedure — search for a gateway by serial

1. Entity type: Gateway.
2. Paste the serial from the gateway sticker (NVA-GW-XXXX) or the full gateway_id.
3. Result shows: org_id, org name, online/offline, last_heartbeat_at, firmware version.

Useful when a customer’s gateway is online in our fleet metrics but their dashboard says offline — usually a browser session or a recently-toggled allow_platform_impersonation rather than a gateway issue.

Common variations

• Search by partial UUID prefix. 8 characters minimum, otherwise the server returns 400 PREFIX_TOO_SHORT to limit fishing.
• Wildcard searches are not supported. You cannot search for “all cameras named Lobby” — that would effectively enumerate tenant content. Narrow by a specific ID instead.
• Multiple hits. If a camera UUID collides across orgs (rare but possible in staging), all matching rows are returned. In production, UUIDs do not collide.

Verify

• /platform/audit-log contains a new platform.cross_org_search entry with your platform_user_id, the entity type, result count, and a SHA-256 hash of the search term (not the term itself).
• The org’s own /admin/audit-log contains no entry — cross-org search does not touch org data, only platform-owned index rows.

If this didn’t work

• 404 NO_MATCH — the UUID prefix does not exist anywhere. Ask the customer to resend it; they may have sent a stale ID from a deleted org.
• 403 IMPERSONATION_REQUIRED — you hit a handler that requires tenant access. Cross-org search endpoints never return this; if you see it, you are on the wrong page.

See also

• How scoped impersonation works — the next step after you find the org.
• Audit expectations — full list of what cross-org search logs.