diff --git a/src/Api/AdminConsole/Authorization/IOrganizationRequirement.cs b/src/Api/AdminConsole/Authorization/IOrganizationRequirement.cs
index 0031de660b..007647f4c0 100644
--- a/src/Api/AdminConsole/Authorization/IOrganizationRequirement.cs
+++ b/src/Api/AdminConsole/Authorization/IOrganizationRequirement.cs
@@ -13,6 +13,18 @@ namespace Bit.Api.AdminConsole.Authorization;
 /// </summary>
 public interface IOrganizationRequirement : IAuthorizationRequirement
 {
+    /// <summary>
+    /// Whether to authorize a request that has this requirement.
+    /// </summary>
+    /// <param name="organizationClaims">
+    /// The CurrentContextOrganization for the user if they are a member of the organization.
+    /// This is null if they are not a member.
+    /// </param>
+    /// <param name="isProviderUserForOrg">
+    /// A callback that returns true if the user is a ProviderUser that manages the organization, otherwise false.
+    /// This requires a database query, call it last.
+    /// </param>
+    /// <returns>True if the requirement has been satisfied, otherwise false.</returns>
     public Task<bool> AuthorizeAsync(
         CurrentContextOrganization? organizationClaims,
         Func<Task<bool>> isProviderUserForOrg);
diff --git a/src/Api/AdminConsole/Authorization/ProviderOrganizationHttpContextFeature.cs b/src/Api/AdminConsole/Authorization/ProviderOrganizationHttpContextFeature.cs
index efd1cb54c1..9da9834ea0 100644
--- a/src/Api/AdminConsole/Authorization/ProviderOrganizationHttpContextFeature.cs
+++ b/src/Api/AdminConsole/Authorization/ProviderOrganizationHttpContextFeature.cs
@@ -6,6 +6,14 @@ namespace Bit.Api.AdminConsole.Authorization;
 
 public static class ProviderOrganizationHttpContextFeature
 {
+    /// <summary>
+    /// Returns the ProviderUserOrganizations for a user. These are the organizations the ProviderUser manages via their Provider, if any.
+    /// This data is fetched from the database and cached as a HttpContext Feature for the lifetime of the request.
+    /// </summary>
+    /// <param name="httpContext"></param>
+    /// <param name="providerUserRepository"></param>
+    /// <param name="userId"></param>
+    /// <returns></returns>
     private static async Task<IEnumerable<ProviderUserOrganizationDetails>> GetProviderUserOrganizationsAsync(
         this HttpContext httpContext,
         IProviderUserRepository providerUserRepository,
@@ -24,6 +32,10 @@ public static class ProviderOrganizationHttpContextFeature
         return providerUserOrganizations;
     }
 
+    /// <summary>
+    /// Returns true if the user is a ProviderUser for a Provider which manages the specified organization, otherwise false.
+    /// This data is fetched from the database and cached as a HttpContext Feature for the lifetime of the request.
+    /// </summary>
     public static async Task<bool> IsProviderUserForOrgAsync(
         this HttpContext httpContext,
         IProviderUserRepository providerUserRepository,