docs: update organization configuration (#652)

Co-authored-by: wangsijie <wangsijie@silverhand.io>

Author: fleuraly

docs/docs/recipes/organizations/assets/organization-create-permission.webp

@@ -2,6 +2,10 @@
 sidebar_position: 2
 ---
 
+import organizationCreatePermission from './assets/organization-create-permission.webp';
+import organizationCreateRole from './assets/organization-create-role.webp';
+import organizationRoleList from './assets/organization-role-list.webp';
+
 # Configure organizations
 
 ## Configure via Console
@@ -14,6 +18,53 @@ Configuring organizations can be divided into two parts: setting up organization
 
 First, navigate to the organization template in the left navigation menu. You will see that the organization template includes two parts: Organization Roles and Organization Permissions. An organization template defines shared access control policies (permissions and roles) for multiple organizations.
 
+#### Create organization permission
+
+Organization permissions are a key part of organization templates. These permissions are designed specifically for organizations within your product. Here's how to manage them:
+
+- **Find the org permissions tab:** Go to the "org permissions" tab to see your existing permissions.
+- **Add, delete, and edit:** You can easily add new organization permissions, delete ones you don't need, and edit existing permissions as required.
+  {' '}
+  <center>
+    <img alt="Organization create permission" src={organizationCreatePermission} width={720} />
+  </center>
+
+#### Create organization role
+
+<center>
+  <img alt="Organization role list" src={organizationRoleList} width={720} />
+</center>
+<center>
+  <img alt="Organization create role" src={organizationCreateRole} width={720} />
+</center>
+
+Logto lets you define organization roles in a variety of ways to fit your system's structure:
+
+**1. Organization permissions only**
+
+- **When to use:** You have separate user/system endpoints and organization endpoints.
+- **Explanation:** This is the simplest approach if you clearly divide API permissions from organization permissions. Your organization roles only include the organization permissions you defined.
+
+**2. API permissions only**
+
+- **When to use:** User and organization access control are handled by the same endpoints.
+- **Explanation:** Choose this if you want to manage all permissions through API resources registered in Logto cloud.
+
+**3. Combining API and organization permissions**
+
+- **When to use:** You have separate endpoints defined for your product, but some user roles require a mix of both user-level and organization-level permissions.
+- **Explanation:** This offers the most flexibility, but can also be the most complex to manage.
+
+### Create and manage organizations
+
+In the organization list, you can create an organization and configure its details. On the organization details page, you can:
+
+1. Modify the organization's name and description.
+2. Add members and give them organization roles.
+3. Update a user's membership status.
+4. Delete the organization.
+5. Access a guide to understand more about organizations and the organization template.
+
 ### Adding members and assigning organization roles
 
 Users can hold one or more roles. When adding members to an organization, you have the option to assign roles to multiple users at once. If you leave this assignment blank, the added users will not receive any roles.