E1306. Approval identity not a member of this org
Severity: ERROR. Class:
HITLIdentityNotInOrg(subclass ofRuntimeError).
What happened
The X-CZ-Requestor-Email claim resolved to a user in the global users table but NOT a member of the org that owns the API key.
Why it matters
Approval attribution must be to someone who can be held accountable. A non-member can't appear in the approver queue or the audit log.
How to fix
Re-run controlzero install --email <your-org-email> with the email associated with your seat in this org. Confirm via controlzero doctor.
Catching this error
except RuntimeError catches this. Setup error, not a request-time deny.
See also
- Approval Workflow. The parent concept
- SDK: Approval callback. The
request_approval+waitAPI - Errors index