From fe1ffb6a224f04daea172f3b2acbaed3d062e51f Mon Sep 17 00:00:00 2001
From: Oscar Hinton <oscar@oscarhinton.com>
Date: Thu, 3 Jun 2021 18:58:29 +0200
Subject: [PATCH] [Provider] Server entities and models (#1370)

* Mock out provider models and service

* Implement CreateAsync, CompleteSetupAsync, UpdateAsync, InviteUserAsync and ResendInvitesAsync

* Implement AcceptUserAsync and ConfirmUsersAsync

* Implement SaveUserAsync and DeleteUserAsync

* Add email templates

* Add admin operations for providers

* Fix mail template names

* Rename roles

* Verify provider has provideradmin

* Add self hosted check to admin controller

* Resolve review comments

* Update sql queries

* Change create provider to use email instead of userId
---
 src/Admin/Controllers/ProvidersController.cs  | 118 ++++++
 src/Admin/Models/CreateProviderModel.cs       |  13 +
 src/Admin/Models/ProviderEditModel.cs         |  29 ++
 src/Admin/Models/ProviderViewModel.cs         |  27 ++
 src/Admin/Models/ProvidersModel.cs            |  14 +
 src/Admin/Views/Providers/Create.cshtml       |  17 +
 src/Admin/Views/Providers/Edit.cshtml         |  51 +++
 src/Admin/Views/Providers/Index.cshtml        |  91 ++++
 src/Admin/Views/Providers/View.cshtml         |  13 +
 .../Views/Providers/_ViewInformation.cshtml   |  20 +
 src/Admin/Views/Shared/_Layout.cshtml         |   3 +
 src/Core/Enums/EventType.cs                   |   5 +
 .../ProviderOrganizationProviderUserType.cs   |   8 +
 src/Core/Enums/Provider/ProviderStatusType.cs |   8 +
 .../Enums/Provider/ProviderUserStatusType.cs  |   9 +
 src/Core/Enums/Provider/ProviderUserType.cs   |   8 +
 .../Provider/ProviderSetupInvite.html.hbs     |  16 +
 .../Provider/ProviderSetupInvite.text.hbs     |   5 +
 .../Provider/ProviderUserConfirmed.html.hbs   |  14 +
 .../Provider/ProviderUserConfirmed.text.hbs   |   5 +
 .../Provider/ProviderUserInvited.html.hbs     |  21 +
 .../Provider/ProviderUserInvited.text.hbs     |   7 +
 .../Business/Provider/ProviderUserInvite.cs   |  15 +
 .../Provider/ProviderSetupInviteViewModel.cs  |  14 +
 .../ProviderUserConfirmedViewModel.cs         |   7 +
 .../Provider/ProviderUserInvitedViewModel.cs  |  20 +
 src/Core/Models/Table/Provider/Provider.cs    |  31 ++
 .../Table/Provider/ProviderOrganization.cs    |  24 ++
 .../ProviderOrganizationProviderUser.cs       |  25 ++
 .../Models/Table/Provider/ProviderUser.cs     |  28 ++
 ...viderOrganizationProviderUserRepository.cs |   9 +
 .../IProviderOrganizationRepository.cs        |   9 +
 src/Core/Repositories/IProviderRepository.cs  |  12 +
 .../Repositories/IProviderUserRepository.cs   |  16 +
 ...viderOrganizationProviderUserRepository.cs |  17 +
 .../ProviderOrganizationRepository.cs         |  17 +
 .../SqlServer/ProviderRepository.cs           |  38 ++
 .../SqlServer/ProviderUserRepository.cs       |  73 ++++
 src/Core/Services/IEventService.cs            |   4 +
 src/Core/Services/IMailService.cs             |   4 +
 src/Core/Services/IProviderService.cs         |  31 ++
 .../Services/Implementations/EventService.cs  |   7 +
 .../Implementations/HandlebarsMailService.cs  |  50 +++
 .../Implementations/ProviderService.cs        | 348 ++++++++++++++++
 .../NoopImplementations/NoopEventService.cs   |  11 +
 .../NoopImplementations/NoopMailService.cs    |  18 +-
 .../Utilities/ServiceCollectionExtensions.cs  |   7 +-
 src/Sql/Sql.sqlproj                           |   5 +
 .../ProviderUser_DeleteByIds.sql              |  42 ++
 .../ProviderUser_ReadByIds.sql                |  18 +
 .../ProviderUser_ReadByProviderId.sql         |   4 +-
 ...roviderUser_ReadCountByProviderIdEmail.sql |  21 +
 .../dbo/Stored Procedures/Provider_Search.sql |  41 ++
 ...mpAccountRevisionDateByProviderUserIds.sql |  18 +
 src/Sql/dbo/Tables/Provider.sql               |   4 +-
 .../AutoFixture/ProviderUserFixtures.cs       |  45 ++
 .../Services/ProviderServiceTests.cs          | 392 ++++++++++++++++++
 ...rovider.sql => 2021-05-26_00_Provider.sql} | 189 ++++++++-
 58 files changed, 2110 insertions(+), 6 deletions(-)
 create mode 100644 src/Admin/Controllers/ProvidersController.cs
 create mode 100644 src/Admin/Models/CreateProviderModel.cs
 create mode 100644 src/Admin/Models/ProviderEditModel.cs
 create mode 100644 src/Admin/Models/ProviderViewModel.cs
 create mode 100644 src/Admin/Models/ProvidersModel.cs
 create mode 100644 src/Admin/Views/Providers/Create.cshtml
 create mode 100644 src/Admin/Views/Providers/Edit.cshtml
 create mode 100644 src/Admin/Views/Providers/Index.cshtml
 create mode 100644 src/Admin/Views/Providers/View.cshtml
 create mode 100644 src/Admin/Views/Providers/_ViewInformation.cshtml
 create mode 100644 src/Core/Enums/Provider/ProviderOrganizationProviderUserType.cs
 create mode 100644 src/Core/Enums/Provider/ProviderStatusType.cs
 create mode 100644 src/Core/Enums/Provider/ProviderUserStatusType.cs
 create mode 100644 src/Core/Enums/Provider/ProviderUserType.cs
 create mode 100644 src/Core/MailTemplates/Handlebars/Provider/ProviderSetupInvite.html.hbs
 create mode 100644 src/Core/MailTemplates/Handlebars/Provider/ProviderSetupInvite.text.hbs
 create mode 100644 src/Core/MailTemplates/Handlebars/Provider/ProviderUserConfirmed.html.hbs
 create mode 100644 src/Core/MailTemplates/Handlebars/Provider/ProviderUserConfirmed.text.hbs
 create mode 100644 src/Core/MailTemplates/Handlebars/Provider/ProviderUserInvited.html.hbs
 create mode 100644 src/Core/MailTemplates/Handlebars/Provider/ProviderUserInvited.text.hbs
 create mode 100644 src/Core/Models/Business/Provider/ProviderUserInvite.cs
 create mode 100644 src/Core/Models/Mail/Provider/ProviderSetupInviteViewModel.cs
 create mode 100644 src/Core/Models/Mail/Provider/ProviderUserConfirmedViewModel.cs
 create mode 100644 src/Core/Models/Mail/Provider/ProviderUserInvitedViewModel.cs
 create mode 100644 src/Core/Models/Table/Provider/Provider.cs
 create mode 100644 src/Core/Models/Table/Provider/ProviderOrganization.cs
 create mode 100644 src/Core/Models/Table/Provider/ProviderOrganizationProviderUser.cs
 create mode 100644 src/Core/Models/Table/Provider/ProviderUser.cs
 create mode 100644 src/Core/Repositories/IProviderOrganizationProviderUserRepository.cs
 create mode 100644 src/Core/Repositories/IProviderOrganizationRepository.cs
 create mode 100644 src/Core/Repositories/IProviderRepository.cs
 create mode 100644 src/Core/Repositories/IProviderUserRepository.cs
 create mode 100644 src/Core/Repositories/SqlServer/ProviderOrganizationProviderUserRepository.cs
 create mode 100644 src/Core/Repositories/SqlServer/ProviderOrganizationRepository.cs
 create mode 100644 src/Core/Repositories/SqlServer/ProviderRepository.cs
 create mode 100644 src/Core/Repositories/SqlServer/ProviderUserRepository.cs
 create mode 100644 src/Core/Services/IProviderService.cs
 create mode 100644 src/Core/Services/Implementations/ProviderService.cs
 create mode 100644 src/Sql/dbo/Stored Procedures/ProviderUser_DeleteByIds.sql
 create mode 100644 src/Sql/dbo/Stored Procedures/ProviderUser_ReadByIds.sql
 create mode 100644 src/Sql/dbo/Stored Procedures/ProviderUser_ReadCountByProviderIdEmail.sql
 create mode 100644 src/Sql/dbo/Stored Procedures/Provider_Search.sql
 create mode 100644 src/Sql/dbo/Stored Procedures/User_BumpAccountRevisionDateByProviderUserIds.sql
 create mode 100644 test/Core.Test/AutoFixture/ProviderUserFixtures.cs
 create mode 100644 test/Core.Test/Services/ProviderServiceTests.cs
 rename util/Migrator/DbScripts/{2021-05-14_00_Provider.sql => 2021-05-26_00_Provider.sql} (80%)

diff --git a/src/Admin/Controllers/ProvidersController.cs b/src/Admin/Controllers/ProvidersController.cs
new file mode 100644
index 0000000000..b97f50a9f1
--- /dev/null
+++ b/src/Admin/Controllers/ProvidersController.cs
@@ -0,0 +1,118 @@
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Bit.Admin.Models;
+using Bit.Core.Models.Table.Provider;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Bit.Core.Settings;
+using Bit.Core.Utilities;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Bit.Admin.Controllers
+{
+    [Authorize]
+    [SelfHosted(NotSelfHostedOnly = true)]
+    public class ProvidersController : Controller
+    {
+        private readonly IProviderRepository _providerRepository;
+        private readonly IProviderUserRepository _providerUserRepository;
+        private readonly GlobalSettings _globalSettings;
+        private readonly IProviderService _providerService;
+
+        public ProvidersController(IProviderRepository providerRepository, IProviderUserRepository providerUserRepository,
+            IProviderService providerService, GlobalSettings globalSettings)
+        {
+            _providerRepository = providerRepository;
+            _providerUserRepository = providerUserRepository;
+            _providerService = providerService;
+            _globalSettings = globalSettings;
+        }
+        
+        public async Task<IActionResult> Index(string name = null, string userEmail = null, int page = 1, int count = 25)
+        {
+            if (page < 1)
+            {
+                page = 1;
+            }
+
+            if (count < 1)
+            {
+                count = 1;
+            }
+
+            var skip = (page - 1) * count;
+            var providers = await _providerRepository.SearchAsync(name, userEmail, skip, count);
+            return View(new ProvidersModel
+            {
+                Items = providers as List<Provider>,
+                Name = string.IsNullOrWhiteSpace(name) ? null : name,
+                UserEmail = string.IsNullOrWhiteSpace(userEmail) ? null : userEmail,
+                Page = page,
+                Count = count,
+                Action = _globalSettings.SelfHosted ? "View" : "Edit",
+                SelfHosted = _globalSettings.SelfHosted
+            });
+        }
+        
+        public IActionResult Create(string ownerEmail = null)
+        {
+            return View(new CreateProviderModel
+            {
+                OwnerEmail = ownerEmail
+            });
+        }
+        
+        [HttpPost]
+        public async Task<IActionResult> Create(CreateProviderModel model)
+        {
+            if (!ModelState.IsValid)
+            {
+                return View(model);
+            }
+
+            await _providerService.CreateAsync(model.OwnerEmail);
+
+            return RedirectToAction("Index");
+        }
+        
+        public async Task<IActionResult> View(Guid id)
+        {
+            var provider = await _providerRepository.GetByIdAsync(id);
+            if (provider == null)
+            {
+                return RedirectToAction("Index");
+            }
+
+            var users = await _providerUserRepository.GetManyByProviderAsync(id);
+            return View(new ProviderViewModel(provider, users));
+        }
+        
+        [SelfHosted(NotSelfHostedOnly = true)]
+        public async Task<IActionResult> Edit(Guid id)
+        {
+            var provider = await _providerRepository.GetByIdAsync(id);
+            if (provider == null)
+            {
+                return RedirectToAction("Index");
+            }
+
+            var users = await _providerUserRepository.GetManyByProviderAsync(id);
+            return View(new ProviderEditModel(provider, users));
+        }
+        
+        [HttpPost]
+        [ValidateAntiForgeryToken]
+        public async Task<IActionResult> Delete(Guid id)
+        {
+            var provider = await _providerRepository.GetByIdAsync(id);
+            if (provider != null)
+            {
+                await _providerRepository.DeleteAsync(provider);
+            }
+
+            return RedirectToAction("Index");
+        }
+    }
+}
diff --git a/src/Admin/Models/CreateProviderModel.cs b/src/Admin/Models/CreateProviderModel.cs
new file mode 100644
index 0000000000..ad4c547f42
--- /dev/null
+++ b/src/Admin/Models/CreateProviderModel.cs
@@ -0,0 +1,13 @@
+using System.ComponentModel.DataAnnotations;
+
+namespace Bit.Admin.Models
+{
+    public class CreateProviderModel
+    {
+        public CreateProviderModel() { }
+        
+        [Display(Name = "Owner Email")]
+        [Required]
+        public string OwnerEmail { get; set; }
+    }
+}
diff --git a/src/Admin/Models/ProviderEditModel.cs b/src/Admin/Models/ProviderEditModel.cs
new file mode 100644
index 0000000000..652234e845
--- /dev/null
+++ b/src/Admin/Models/ProviderEditModel.cs
@@ -0,0 +1,29 @@
+using System.Collections.Generic;
+using System.Linq;
+using Bit.Core.Enums.Provider;
+using Bit.Core.Models.Table.Provider;
+
+namespace Bit.Admin.Models
+{
+    public class ProviderEditModel : ProviderViewModel
+    {
+        public ProviderEditModel(Provider provider, IEnumerable<ProviderUser> providerUsers)
+            : base(provider, providerUsers)
+        {
+            Name = provider.Name;
+            BusinessName = provider.BusinessName;
+            BillingEmail = provider.BillingEmail;
+            Enabled = provider.Enabled;
+        }
+
+        public string Administrators { get; set; }
+
+        public bool Enabled { get; set; }
+
+        public string BillingEmail { get; set; }
+
+        public string BusinessName { get; set; }
+
+        public string Name { get; set; }
+    }
+}
diff --git a/src/Admin/Models/ProviderViewModel.cs b/src/Admin/Models/ProviderViewModel.cs
new file mode 100644
index 0000000000..9f77e41971
--- /dev/null
+++ b/src/Admin/Models/ProviderViewModel.cs
@@ -0,0 +1,27 @@
+using System.Collections.Generic;
+using System.Linq;
+using Bit.Core.Enums.Provider;
+using Bit.Core.Models.Table.Provider;
+
+namespace Bit.Admin.Models
+{
+    public class ProviderViewModel
+    {
+        public ProviderViewModel(Provider provider, IEnumerable<ProviderUser> providerUsers)
+        {
+            Provider = provider;
+            UserCount = providerUsers.Count();
+
+            ProviderAdmins = string.Join(", ",
+                providerUsers
+                    .Where(u => u.Type == ProviderUserType.ProviderAdmin && u.Status == ProviderUserStatusType.Confirmed)
+                    .Select(u => u.Email));
+        }
+
+        public int UserCount { get; set; }
+
+        public Provider Provider { get; set; }
+        
+        public string ProviderAdmins { get; set; }
+    }
+}
diff --git a/src/Admin/Models/ProvidersModel.cs b/src/Admin/Models/ProvidersModel.cs
new file mode 100644
index 0000000000..dc2d1e87be
--- /dev/null
+++ b/src/Admin/Models/ProvidersModel.cs
@@ -0,0 +1,14 @@
+using Bit.Core.Models.Table;
+using Bit.Core.Models.Table.Provider;
+
+namespace Bit.Admin.Models
+{
+    public class ProvidersModel : PagedModel<Provider>
+    {
+        public string Name { get; set; }
+        public string UserEmail { get; set; }
+        public bool? Paid { get; set; }
+        public string Action { get; set; }
+        public bool SelfHosted { get; set; }
+    }
+}
diff --git a/src/Admin/Views/Providers/Create.cshtml b/src/Admin/Views/Providers/Create.cshtml
new file mode 100644
index 0000000000..0369ca0179
--- /dev/null
+++ b/src/Admin/Views/Providers/Create.cshtml
@@ -0,0 +1,17 @@
+@model CreateProviderModel
+@{
+    ViewData["Title"] = "Create Provider";
+}
+
+<h1>Create Provider</h1>
+
+<form method="post">
+    <div asp-validation-summary="All" class="alert alert-danger"></div>
+    
+    <div class="form-group">
+        <label asp-for="OwnerEmail"></label>
+        <input type="text" class="form-control" asp-for="OwnerEmail">
+    </div>
+    
+    <button type="submit" class="btn btn-primary mb-2">Create Provider</button>
+</form>
diff --git a/src/Admin/Views/Providers/Edit.cshtml b/src/Admin/Views/Providers/Edit.cshtml
new file mode 100644
index 0000000000..2e75614aaa
--- /dev/null
+++ b/src/Admin/Views/Providers/Edit.cshtml
@@ -0,0 +1,51 @@
+@model ProviderEditModel
+@{
+    ViewData["Title"] = "Provider: " + Model.Provider.Name;
+}
+
+<h1>Provider <small>@Model.Provider.Name</small></h1>
+
+<h2>Provider Information</h2>
+@await Html.PartialAsync("_ViewInformation", Model)
+<form method="post" id="edit-form">
+    <h2>General</h2>
+    <div class="row">
+        <div class="col-sm">
+            <div class="form-group">
+                <label asp-for="Name"></label>
+                <input type="text" class="form-control" asp-for="Name" required>
+            </div>
+        </div>
+    </div>
+    <div class="form-check mb-3">
+        <input type="checkbox" class="form-check-input" asp-for="Enabled">
+        <label class="form-check-label" asp-for="Enabled"></label>
+    </div>
+    <h2>Business Information</h2>
+    <div class="row">
+        <div class="col-sm">
+            <div class="form-group">
+                <label asp-for="BusinessName"></label>
+                <input type="text" class="form-control" asp-for="BusinessName">
+            </div>
+        </div>
+    </div>
+    <h2>Billing</h2>
+    <div class="row">
+        <div class="col-sm">
+            <div class="form-group">
+                <label asp-for="BillingEmail"></label>
+                <input type="email" class="form-control" asp-for="BillingEmail">
+            </div>
+        </div>
+    </div>
+</form>
+<div class="d-flex mt-4">
+    <button type="submit" class="btn btn-primary" form="edit-form">Save</button>
+    <div class="ml-auto d-flex">
+        <form asp-action="Delete" asp-route-id="@Model.Provider.Id"
+              onsubmit="return confirm('Are you sure you want to delete this provider (@Model.Provider.Name)?')">
+            <button class="btn btn-danger" type="submit">Delete</button>
+        </form>
+    </div>
+</div>
diff --git a/src/Admin/Views/Providers/Index.cshtml b/src/Admin/Views/Providers/Index.cshtml
new file mode 100644
index 0000000000..b1d9a7a6b2
--- /dev/null
+++ b/src/Admin/Views/Providers/Index.cshtml
@@ -0,0 +1,91 @@
+@model ProvidersModel
+@{
+    ViewData["Title"] = "Providers";
+}
+
+<h1>Providers</h1>
+
+<div class="row mb-2">
+    <div class="col">
+        <form class="form-inline mb-2" method="get">
+            <label class="sr-only" asp-for="Name">Name</label>
+            <input type="text" class="form-control mb-2 mr-2" placeholder="Name" asp-for="Name" name="name">
+            <label class="sr-only" asp-for="UserEmail">User email</label>
+            <input type="text" class="form-control mb-2 mr-2" placeholder="User email" asp-for="UserEmail" name="userEmail">
+            <button type="submit" class="btn btn-primary mb-2" title="Search"><i class="fa fa-search"></i> Search</button>
+        </form>
+    </div>
+    <div class="col-auto">
+        <a asp-action="Create" class="btn btn-secondary">Create Provider</a>
+    </div>
+</div>
+
+<div class="table-responsive">
+    <table class="table table-striped table-hover">
+        <thead>
+            <tr>
+                <th>Name</th>
+                <th style="width: 190px;">Status</th>
+                <th style="width: 150px;">Created</th>
+            </tr>
+        </thead>
+        <tbody>
+            @if(!Model.Items.Any())
+            {
+                <tr>
+                    <td colspan="5">No results to list.</td>
+                </tr>
+            }
+            else
+            {
+                @foreach(var provider in Model.Items)
+                {
+                    <tr>
+                        <td>
+                            <a asp-action="@Model.Action" asp-route-id="@provider.Id">@(provider.Name ?? "Pending")</a>
+                        </td>
+                        <td>@provider.Status</td>
+                        <td>
+                            <span title="@provider.CreationDate.ToString()">
+                                @provider.CreationDate.ToShortDateString()
+                            </span>
+                        </td>
+                    </tr>
+                }
+            }
+        </tbody>
+    </table>
+</div>
+
+<nav>
+    <ul class="pagination">
+        @if(Model.PreviousPage.HasValue)
+        {
+            <li class="page-item">
+                <a class="page-link" asp-action="Index" asp-route-page="@Model.PreviousPage.Value"
+                   asp-route-count="@Model.Count" asp-route-userEmail="@Model.UserEmail"
+                   asp-route-name="@Model.Name" asp-route-paid="@Model.Paid">Previous</a>
+            </li>
+        }
+        else
+        {
+            <li class="page-item disabled">
+                <a class="page-link" href="#" tabindex="-1">Previous</a>
+            </li>
+        }
+        @if(Model.NextPage.HasValue)
+        {
+            <li class="page-item">
+                <a class="page-link" asp-action="Index" asp-route-page="@Model.NextPage.Value"
+                   asp-route-count="@Model.Count" asp-route-userEmail="@Model.UserEmail"
+                   asp-route-name="@Model.Name" asp-route-paid="@Model.Paid">Next</a>
+            </li>
+        }
+        else
+        {
+            <li class="page-item disabled">
+                <a class="page-link" href="#" tabindex="-1">Next</a>
+            </li>
+        }
+    </ul>
+</nav>
diff --git a/src/Admin/Views/Providers/View.cshtml b/src/Admin/Views/Providers/View.cshtml
new file mode 100644
index 0000000000..14bb9ed6cd
--- /dev/null
+++ b/src/Admin/Views/Providers/View.cshtml
@@ -0,0 +1,13 @@
+@model ProviderViewModel
+@{
+    ViewData["Title"] = "Provider: " + Model.Provider.Name;
+}
+
+<h1>Provider <small>@Model.Provider.Name</small></h1>
+
+<h2>Information</h2>
+@await Html.PartialAsync("_ViewInformation", Model)
+<form asp-action="Delete" asp-route-id="@Model.Provider.Id"
+      onsubmit="return confirm('Are you sure you want to delete this provider (@Model.Provider.Name)?')">
+    <button class="btn btn-danger" type="submit">Delete</button>
+</form>
diff --git a/src/Admin/Views/Providers/_ViewInformation.cshtml b/src/Admin/Views/Providers/_ViewInformation.cshtml
new file mode 100644
index 0000000000..89e5f5aced
--- /dev/null
+++ b/src/Admin/Views/Providers/_ViewInformation.cshtml
@@ -0,0 +1,20 @@
+@model ProviderViewModel
+<dl class="row">
+    <dt class="col-sm-4 col-lg-3">Id</dt>
+    <dd class="col-sm-8 col-lg-9"><code>@Model.Provider.Id</code></dd>
+
+    <dt class="col-sm-4 col-lg-3">Status</dt>
+    <dd class="col-sm-8 col-lg-9">@Model.Provider.Status</dd>
+    
+    <dt class="col-sm-4 col-lg-3">Users</dt>
+    <dd class="col-sm-8 col-lg-9">@Model.UserCount</dd>
+    
+    <dt class="col-sm-4 col-lg-3">ProviderAdmins</dt>
+    <dd class="col-sm-8 col-lg-9">@(string.IsNullOrWhiteSpace(Model.ProviderAdmins) ? "None" : Model.ProviderAdmins)</dd>
+
+    <dt class="col-sm-4 col-lg-3">Created</dt>
+    <dd class="col-sm-8 col-lg-9">@Model.Provider.CreationDate.ToString()</dd>
+
+    <dt class="col-sm-4 col-lg-3">Modified</dt>
+    <dd class="col-sm-8 col-lg-9">@Model.Provider.RevisionDate.ToString()</dd>
+</dl>
diff --git a/src/Admin/Views/Shared/_Layout.cshtml b/src/Admin/Views/Shared/_Layout.cshtml
index 635ab4bc43..ef06018b4c 100644
--- a/src/Admin/Views/Shared/_Layout.cshtml
+++ b/src/Admin/Views/Shared/_Layout.cshtml
@@ -40,6 +40,9 @@
                         </li>
                         @if(!GlobalSettings.SelfHosted)
                         {
+                            <li class="nav-item" active-controller="Providers">
+                                <a class="nav-link" asp-controller="Providers" asp-action="Index">Providers</a>
+                            </li>
                             <li class="nav-item dropdown" active-controller="tools">
                                 <a class="nav-link dropdown-toggle" href="#" id="toolsDropdown" role="button"
                                    data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
diff --git a/src/Core/Enums/EventType.cs b/src/Core/Enums/EventType.cs
index 760765ca7b..5d7f85d363 100644
--- a/src/Core/Enums/EventType.cs
+++ b/src/Core/Enums/EventType.cs
@@ -53,5 +53,10 @@
         // Organization_ClientExportedVault = 1602,
 
         Policy_Updated = 1700,
+        
+        ProviderUser_Invited = 1800,
+        ProviderUser_Confirmed = 1801,
+        ProviderUser_Updated = 1802,
+        ProviderUser_Removed = 1803,
     }
 }
diff --git a/src/Core/Enums/Provider/ProviderOrganizationProviderUserType.cs b/src/Core/Enums/Provider/ProviderOrganizationProviderUserType.cs
new file mode 100644
index 0000000000..b3ef442f45
--- /dev/null
+++ b/src/Core/Enums/Provider/ProviderOrganizationProviderUserType.cs
@@ -0,0 +1,8 @@
+namespace Bit.Core.Enums.Provider
+{
+    public enum ProviderOrganizationProviderUserType : byte
+    {
+        Administrator = 0,
+        ServiceAdmin = 1,
+    }
+}
diff --git a/src/Core/Enums/Provider/ProviderStatusType.cs b/src/Core/Enums/Provider/ProviderStatusType.cs
new file mode 100644
index 0000000000..16d8d63303
--- /dev/null
+++ b/src/Core/Enums/Provider/ProviderStatusType.cs
@@ -0,0 +1,8 @@
+namespace Bit.Core.Enums.Provider
+{
+    public enum ProviderStatusType : byte
+    {
+        Pending = 0,
+        Created = 1,
+    }
+}
diff --git a/src/Core/Enums/Provider/ProviderUserStatusType.cs b/src/Core/Enums/Provider/ProviderUserStatusType.cs
new file mode 100644
index 0000000000..73e9c8e335
--- /dev/null
+++ b/src/Core/Enums/Provider/ProviderUserStatusType.cs
@@ -0,0 +1,9 @@
+namespace Bit.Core.Enums.Provider
+{
+    public enum ProviderUserStatusType : byte
+    {
+        Invited = 0,
+        Accepted = 1,
+        Confirmed = 2,
+    }
+}
diff --git a/src/Core/Enums/Provider/ProviderUserType.cs b/src/Core/Enums/Provider/ProviderUserType.cs
new file mode 100644
index 0000000000..7147d21a3b
--- /dev/null
+++ b/src/Core/Enums/Provider/ProviderUserType.cs
@@ -0,0 +1,8 @@
+namespace Bit.Core.Enums.Provider
+{
+    public enum ProviderUserType : byte
+    {
+        ProviderAdmin = 0,
+        ServiceUser = 1,
+    }
+}
diff --git a/src/Core/MailTemplates/Handlebars/Provider/ProviderSetupInvite.html.hbs b/src/Core/MailTemplates/Handlebars/Provider/ProviderSetupInvite.html.hbs
new file mode 100644
index 0000000000..2631570f2b
--- /dev/null
+++ b/src/Core/MailTemplates/Handlebars/Provider/ProviderSetupInvite.html.hbs
@@ -0,0 +1,16 @@
+{{#>FullHtmlLayout}}
+<table width="100%" cellpadding="0" cellspacing="0" style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+    <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none; text-align: center;" valign="top" align="center">
+            You have been invited to setup a new Provider within Bitwarden.
+        </td>
+    </tr>
+    <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none; text-align: center;" valign="top" align="center">
+            <a href="{{{Url}}}" clicktracking=off target="_blank" style="color: #ffffff; text-decoration: none; text-align: center; cursor: pointer; display: inline-block; border-radius: 5px; background-color: #175DDC; border-color: #175DDC; border-style: solid; border-width: 10px 20px; margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+                Setup Provider Now
+            </a>
+        </td>
+    </tr>
+</table>
+{{/FullHtmlLayout}}
diff --git a/src/Core/MailTemplates/Handlebars/Provider/ProviderSetupInvite.text.hbs b/src/Core/MailTemplates/Handlebars/Provider/ProviderSetupInvite.text.hbs
new file mode 100644
index 0000000000..814e5c0028
--- /dev/null
+++ b/src/Core/MailTemplates/Handlebars/Provider/ProviderSetupInvite.text.hbs
@@ -0,0 +1,5 @@
+{{#>BasicTextLayout}}
+You have been invited to setup a new Provider within Bitwarden. To continue, click the following link:
+
+{{{Url}}}
+{{/BasicTextLayout}}
\ No newline at end of file
diff --git a/src/Core/MailTemplates/Handlebars/Provider/ProviderUserConfirmed.html.hbs b/src/Core/MailTemplates/Handlebars/Provider/ProviderUserConfirmed.html.hbs
new file mode 100644
index 0000000000..206ac151e4
--- /dev/null
+++ b/src/Core/MailTemplates/Handlebars/Provider/ProviderUserConfirmed.html.hbs
@@ -0,0 +1,14 @@
+{{#>FullHtmlLayout}}
+<table width="100%" cellpadding="0" cellspacing="0" style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+    <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none;" valign="top">
+            This email is to notify you that you have been confirmed as a user of <b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">{{ProviderName}}</b>.
+        </td>
+    </tr>
+    <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <td class="content-block last" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0; -webkit-text-size-adjust: none;" valign="top">
+            You may now access the provider and manage the connected organizations.
+        </td>
+    </tr>
+</table>
+{{/FullHtmlLayout}}
diff --git a/src/Core/MailTemplates/Handlebars/Provider/ProviderUserConfirmed.text.hbs b/src/Core/MailTemplates/Handlebars/Provider/ProviderUserConfirmed.text.hbs
new file mode 100644
index 0000000000..c346e7df71
--- /dev/null
+++ b/src/Core/MailTemplates/Handlebars/Provider/ProviderUserConfirmed.text.hbs
@@ -0,0 +1,5 @@
+{{#>BasicTextLayout}}
+This email is to notify you that you have been confirmed as a user of {{ProviderName}}.
+
+You may now access the provider and manage the connected organizations.
+{{/BasicTextLayout}}
\ No newline at end of file
diff --git a/src/Core/MailTemplates/Handlebars/Provider/ProviderUserInvited.html.hbs b/src/Core/MailTemplates/Handlebars/Provider/ProviderUserInvited.html.hbs
new file mode 100644
index 0000000000..21ab7848b8
--- /dev/null
+++ b/src/Core/MailTemplates/Handlebars/Provider/ProviderUserInvited.html.hbs
@@ -0,0 +1,21 @@
+{{#>FullHtmlLayout}}
+<table width="100%" cellpadding="0" cellspacing="0" style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+    <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none; text-align: center;" valign="top" align="center">
+            You have been invited to join the provider, <b style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">{{ProviderName}}</b>.
+        </td>
+    </tr>
+    <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none; text-align: center;" valign="top" align="center">
+            <a href="{{{Url}}}" clicktracking=off target="_blank" style="color: #ffffff; text-decoration: none; text-align: center; cursor: pointer; display: inline-block; border-radius: 5px; background-color: #175DDC; border-color: #175DDC; border-style: solid; border-width: 10px 20px; margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+                Join Provider Now
+            </a>
+        </td>
+    </tr>
+    <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
+        <td class="content-block last" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0; -webkit-text-size-adjust: none; text-align: center;" valign="top" align="center">
+            If you do not wish to join this provider, you can safely ignore this email.
+        </td>
+    </tr>
+</table>
+{{/FullHtmlLayout}}
diff --git a/src/Core/MailTemplates/Handlebars/Provider/ProviderUserInvited.text.hbs b/src/Core/MailTemplates/Handlebars/Provider/ProviderUserInvited.text.hbs
new file mode 100644
index 0000000000..95a3a22ab7
--- /dev/null
+++ b/src/Core/MailTemplates/Handlebars/Provider/ProviderUserInvited.text.hbs
@@ -0,0 +1,7 @@
+{{#>BasicTextLayout}}
+You have been invited to join the provider, {{ProviderName}}. To accept this invite, click the following link:
+
+{{{Url}}}
+
+If you do not wish to join this provider, you can safely ignore this email.
+{{/BasicTextLayout}}
\ No newline at end of file
diff --git a/src/Core/Models/Business/Provider/ProviderUserInvite.cs b/src/Core/Models/Business/Provider/ProviderUserInvite.cs
new file mode 100644
index 0000000000..99f71e7093
--- /dev/null
+++ b/src/Core/Models/Business/Provider/ProviderUserInvite.cs
@@ -0,0 +1,15 @@
+using System.Collections.Generic;
+using Bit.Core.Enums.Provider;
+using Bit.Core.Models.Data;
+
+namespace Bit.Core.Models.Business.Provider
+{
+    public class ProviderUserInvite
+    {
+        public IEnumerable<string> Emails { get; set; }
+        public ProviderUserType Type { get; set; }
+        public Permissions Permissions { get; set; }
+
+        public ProviderUserInvite() {}
+    }
+}
diff --git a/src/Core/Models/Mail/Provider/ProviderSetupInviteViewModel.cs b/src/Core/Models/Mail/Provider/ProviderSetupInviteViewModel.cs
new file mode 100644
index 0000000000..ddb44b5bbd
--- /dev/null
+++ b/src/Core/Models/Mail/Provider/ProviderSetupInviteViewModel.cs
@@ -0,0 +1,14 @@
+namespace Bit.Core.Models.Mail.Provider
+{
+    public class ProviderSetupInviteViewModel : BaseMailModel
+    {
+        public string ProviderId { get; set; }
+        public string Email { get; set; }
+        public string Token { get; set; }
+        public string Url => string.Format("{0}/setup-provider?providerId={1}&email={2}&token={3}",
+            WebVaultUrl,
+            ProviderId,
+            Email,
+            Token);
+    }
+}
diff --git a/src/Core/Models/Mail/Provider/ProviderUserConfirmedViewModel.cs b/src/Core/Models/Mail/Provider/ProviderUserConfirmedViewModel.cs
new file mode 100644
index 0000000000..8a8716c46c
--- /dev/null
+++ b/src/Core/Models/Mail/Provider/ProviderUserConfirmedViewModel.cs
@@ -0,0 +1,7 @@
+namespace Bit.Core.Models.Mail.Provider
+{
+    public class ProviderUserConfirmedViewModel : BaseMailModel
+    {
+        public string ProviderName { get; set; }
+    }
+}
diff --git a/src/Core/Models/Mail/Provider/ProviderUserInvitedViewModel.cs b/src/Core/Models/Mail/Provider/ProviderUserInvitedViewModel.cs
new file mode 100644
index 0000000000..86231fb7b0
--- /dev/null
+++ b/src/Core/Models/Mail/Provider/ProviderUserInvitedViewModel.cs
@@ -0,0 +1,20 @@
+namespace Bit.Core.Models.Mail.Provider
+{
+    public class ProviderUserInvitedViewModel : BaseMailModel
+    {
+        public string ProviderName { get; set; }
+        public string ProviderId { get; set; }
+        public string ProviderUserId { get; set; }
+        public string Email { get; set; }
+        public string ProviderNameUrlEncoded { get; set; }
+        public string Token { get; set; }
+        public string Url => string.Format("{0}/accept-provider?providerId={1}&" +
+            "providerUserId={2}&email={3}&providerName={4}&token={5}",
+            WebVaultUrl,
+            ProviderId,
+            ProviderUserId,
+            Email,
+            ProviderNameUrlEncoded,
+            Token);
+    }
+}
diff --git a/src/Core/Models/Table/Provider/Provider.cs b/src/Core/Models/Table/Provider/Provider.cs
new file mode 100644
index 0000000000..d6befd8339
--- /dev/null
+++ b/src/Core/Models/Table/Provider/Provider.cs
@@ -0,0 +1,31 @@
+using System;
+using Bit.Core.Enums.Provider;
+using Bit.Core.Utilities;
+
+namespace Bit.Core.Models.Table.Provider
+{
+    public class Provider : ITableObject<Guid>
+    {
+        public Guid Id { get; set; }
+        public string Name { get; set; }
+        public string BusinessName { get; set; }
+        public string BusinessAddress1 { get; set; }
+        public string BusinessAddress2 { get; set; }
+        public string BusinessAddress3 { get; set; }
+        public string BusinessCountry { get; set; }
+        public string BusinessTaxNumber { get; set; }
+        public string BillingEmail { get; set; }
+        public ProviderStatusType Status { get; set; }
+        public bool Enabled { get; set; } = true;
+        public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
+        public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;
+
+        public void SetNewId()
+        {
+            if (Id == default)
+            {
+                Id = CoreHelpers.GenerateComb();
+            }
+        }
+    }
+}
diff --git a/src/Core/Models/Table/Provider/ProviderOrganization.cs b/src/Core/Models/Table/Provider/ProviderOrganization.cs
new file mode 100644
index 0000000000..7e0a15afd7
--- /dev/null
+++ b/src/Core/Models/Table/Provider/ProviderOrganization.cs
@@ -0,0 +1,24 @@
+using System;
+using Bit.Core.Utilities;
+
+namespace Bit.Core.Models.Table.Provider
+{
+    public class ProviderOrganization : ITableObject<Guid>
+    {
+        public Guid Id { get; set; }
+        public Guid ProviderId { get; set; }
+        public Guid OrganizationId { get; set; }
+        public string Key { get; set; }
+        public string Settings { get; set; }
+        public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
+        public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;
+
+        public void SetNewId()
+        {
+            if (Id == default)
+            {
+                Id = CoreHelpers.GenerateComb();
+            }
+        }
+    }
+}
diff --git a/src/Core/Models/Table/Provider/ProviderOrganizationProviderUser.cs b/src/Core/Models/Table/Provider/ProviderOrganizationProviderUser.cs
new file mode 100644
index 0000000000..1872d7b004
--- /dev/null
+++ b/src/Core/Models/Table/Provider/ProviderOrganizationProviderUser.cs
@@ -0,0 +1,25 @@
+using System;
+using Bit.Core.Enums.Provider;
+using Bit.Core.Utilities;
+
+namespace Bit.Core.Models.Table.Provider
+{
+    public class ProviderOrganizationProviderUser : ITableObject<Guid>
+    {
+        public Guid Id { get; set; }
+        public Guid ProviderOrganizationId { get; set; }
+        public Guid ProviderUserId { get; set; }
+        public ProviderOrganizationProviderUserType Type { get; set; }
+        public string Permissions { get; set; }
+        public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
+        public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;
+
+        public void SetNewId()
+        {
+            if (Id == default)
+            {
+                Id = CoreHelpers.GenerateComb();
+            }
+        }
+    }
+}
diff --git a/src/Core/Models/Table/Provider/ProviderUser.cs b/src/Core/Models/Table/Provider/ProviderUser.cs
new file mode 100644
index 0000000000..1b3d33035b
--- /dev/null
+++ b/src/Core/Models/Table/Provider/ProviderUser.cs
@@ -0,0 +1,28 @@
+using System;
+using Bit.Core.Enums.Provider;
+using Bit.Core.Utilities;
+
+namespace Bit.Core.Models.Table.Provider
+{
+    public class ProviderUser : ITableObject<Guid>
+    {
+        public Guid Id { get; set; }
+        public Guid ProviderId { get; set; }
+        public Guid? UserId { get; set; }
+        public string Email { get; set; }
+        public string Key { get; set; }
+        public ProviderUserStatusType Status { get; set; }
+        public ProviderUserType Type { get; set; }
+        public string Permissions { get; set; }
+        public DateTime CreationDate { get; internal set; } = DateTime.UtcNow;
+        public DateTime RevisionDate { get; internal set; } = DateTime.UtcNow;
+
+        public void SetNewId()
+        {
+            if (Id == default)
+            {
+                Id = CoreHelpers.GenerateComb();
+            }
+        }
+    }
+}
diff --git a/src/Core/Repositories/IProviderOrganizationProviderUserRepository.cs b/src/Core/Repositories/IProviderOrganizationProviderUserRepository.cs
new file mode 100644
index 0000000000..64d54d11ea
--- /dev/null
+++ b/src/Core/Repositories/IProviderOrganizationProviderUserRepository.cs
@@ -0,0 +1,9 @@
+using System;
+using Bit.Core.Models.Table.Provider;
+
+namespace Bit.Core.Repositories
+{
+    public interface IProviderOrganizationProviderUserRepository : IRepository<Provider, Guid>
+    {
+    }
+}
diff --git a/src/Core/Repositories/IProviderOrganizationRepository.cs b/src/Core/Repositories/IProviderOrganizationRepository.cs
new file mode 100644
index 0000000000..24c548bf70
--- /dev/null
+++ b/src/Core/Repositories/IProviderOrganizationRepository.cs
@@ -0,0 +1,9 @@
+using System;
+using Bit.Core.Models.Table.Provider;
+
+namespace Bit.Core.Repositories
+{
+    public interface IProviderOrganizationRepository : IRepository<Provider, Guid>
+    {
+    }
+}
diff --git a/src/Core/Repositories/IProviderRepository.cs b/src/Core/Repositories/IProviderRepository.cs
new file mode 100644
index 0000000000..8eae0dc919
--- /dev/null
+++ b/src/Core/Repositories/IProviderRepository.cs
@@ -0,0 +1,12 @@
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Bit.Core.Models.Table.Provider;
+
+namespace Bit.Core.Repositories
+{
+    public interface IProviderRepository : IRepository<Provider, Guid>
+    {
+        Task<ICollection<Provider>> SearchAsync(string name, string userEmail, int skip, int take);
+    }
+}
diff --git a/src/Core/Repositories/IProviderUserRepository.cs b/src/Core/Repositories/IProviderUserRepository.cs
new file mode 100644
index 0000000000..c1ca180b91
--- /dev/null
+++ b/src/Core/Repositories/IProviderUserRepository.cs
@@ -0,0 +1,16 @@
+using System;
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using Bit.Core.Enums.Provider;
+using Bit.Core.Models.Table.Provider;
+
+namespace Bit.Core.Repositories
+{
+    public interface IProviderUserRepository : IRepository<ProviderUser, Guid>
+    {
+        Task<int> GetCountByProviderAsync(Guid providerId, string email, bool onlyRegisteredUsers);
+        Task<ICollection<ProviderUser>> GetManyAsync(IEnumerable<Guid> ids);
+        Task<ICollection<ProviderUser>> GetManyByProviderAsync(Guid providerId, ProviderUserType? type = null);
+        Task DeleteManyAsync(IEnumerable<Guid> userIds);
+    }
+}
diff --git a/src/Core/Repositories/SqlServer/ProviderOrganizationProviderUserRepository.cs b/src/Core/Repositories/SqlServer/ProviderOrganizationProviderUserRepository.cs
new file mode 100644
index 0000000000..8a71203b93
--- /dev/null
+++ b/src/Core/Repositories/SqlServer/ProviderOrganizationProviderUserRepository.cs
@@ -0,0 +1,17 @@
+using System;
+using Bit.Core.Models.Table.Provider;
+using Bit.Core.Settings;
+
+namespace Bit.Core.Repositories.SqlServer
+{
+    public class ProviderOrganizationProviderUserRepository : Repository<Provider, Guid>, IProviderOrganizationProviderUserRepository
+    {
+        public ProviderOrganizationProviderUserRepository(GlobalSettings globalSettings)
+            : this(globalSettings.SqlServer.ConnectionString, globalSettings.SqlServer.ReadOnlyConnectionString)
+        { }
+
+        public ProviderOrganizationProviderUserRepository(string connectionString, string readOnlyConnectionString)
+            : base(connectionString, readOnlyConnectionString)
+        { }
+    }
+}
diff --git a/src/Core/Repositories/SqlServer/ProviderOrganizationRepository.cs b/src/Core/Repositories/SqlServer/ProviderOrganizationRepository.cs
new file mode 100644
index 0000000000..8109c0c79e
--- /dev/null
+++ b/src/Core/Repositories/SqlServer/ProviderOrganizationRepository.cs
@@ -0,0 +1,17 @@
+using System;
+using Bit.Core.Models.Table.Provider;
+using Bit.Core.Settings;
+
+namespace Bit.Core.Repositories.SqlServer
+{
+    public class ProviderOrganizationRepository : Repository<Provider, Guid>, IProviderOrganizationRepository
+    {
+        public ProviderOrganizationRepository(GlobalSettings globalSettings)
+            : this(globalSettings.SqlServer.ConnectionString, globalSettings.SqlServer.ReadOnlyConnectionString)
+        { }
+
+        public ProviderOrganizationRepository(string connectionString, string readOnlyConnectionString)
+            : base(connectionString, readOnlyConnectionString)
+        { }
+    }
+}
diff --git a/src/Core/Repositories/SqlServer/ProviderRepository.cs b/src/Core/Repositories/SqlServer/ProviderRepository.cs
new file mode 100644
index 0000000000..7c48325462
--- /dev/null
+++ b/src/Core/Repositories/SqlServer/ProviderRepository.cs
@@ -0,0 +1,38 @@
+using System;
+using Bit.Core.Models.Table;
+using System.Threading.Tasks;
+using System.Data.SqlClient;
+using System.Data;
+using Dapper;
+using System.Linq;
+using System.Collections.Generic;
+using Bit.Core.Models.Table.Provider;
+using Bit.Core.Settings;
+
+namespace Bit.Core.Repositories.SqlServer
+{
+    public class ProviderRepository : Repository<Provider, Guid>, IProviderRepository
+    {
+        public ProviderRepository(GlobalSettings globalSettings)
+            : this(globalSettings.SqlServer.ConnectionString, globalSettings.SqlServer.ReadOnlyConnectionString)
+        { }
+
+        public ProviderRepository(string connectionString, string readOnlyConnectionString)
+            : base(connectionString, readOnlyConnectionString)
+        { }
+        
+        public async Task<ICollection<Provider>> SearchAsync(string name, string userEmail, int skip, int take)
+        {
+            using (var connection = new SqlConnection(ReadOnlyConnectionString))
+            {
+                var results = await connection.QueryAsync<Provider>(
+                    "[dbo].[Provider_Search]",
+                    new { Name = name, UserEmail = userEmail, Skip = skip, Take = take },
+                    commandType: CommandType.StoredProcedure,
+                    commandTimeout: 120);
+
+                return results.ToList();
+            }
+        }
+    }
+}
diff --git a/src/Core/Repositories/SqlServer/ProviderUserRepository.cs b/src/Core/Repositories/SqlServer/ProviderUserRepository.cs
new file mode 100644
index 0000000000..16fecc6138
--- /dev/null
+++ b/src/Core/Repositories/SqlServer/ProviderUserRepository.cs
@@ -0,0 +1,73 @@
+using System;
+using System.Collections.Generic;
+using System.Data;
+using System.Linq;
+using System.Threading.Tasks;
+using Bit.Core.Enums.Provider;
+using Bit.Core.Models.Table.Provider;
+using Bit.Core.Settings;
+using Bit.Core.Utilities;
+using Dapper;
+using Microsoft.Data.SqlClient;
+
+namespace Bit.Core.Repositories.SqlServer
+{
+    public class ProviderUserRepository : Repository<ProviderUser, Guid>, IProviderUserRepository
+    {
+        public ProviderUserRepository(GlobalSettings globalSettings)
+            : this(globalSettings.SqlServer.ConnectionString, globalSettings.SqlServer.ReadOnlyConnectionString)
+        { }
+
+        public ProviderUserRepository(string connectionString, string readOnlyConnectionString)
+            : base(connectionString, readOnlyConnectionString)
+        { }
+
+        public async Task<int> GetCountByProviderAsync(Guid providerId, string email, bool onlyRegisteredUsers)
+        {
+            using (var connection = new SqlConnection(ConnectionString))
+            {
+                var result = await connection.ExecuteScalarAsync<int>(
+                    "[dbo].[ProviderUser_ReadCountByProviderIdEmail]",
+                    new { ProviderId = providerId, Email = email, OnlyUsers = onlyRegisteredUsers },
+                    commandType: CommandType.StoredProcedure);
+
+                return result;
+            }
+        }
+        
+        public async Task<ICollection<ProviderUser>> GetManyAsync(IEnumerable<Guid> ids)
+        {
+            using (var connection = new SqlConnection(ConnectionString))
+            {
+                var results = await connection.QueryAsync<ProviderUser>(
+                    "[dbo].[ProviderUser_ReadByIds]",
+                    new { Ids = ids.ToGuidIdArrayTVP() },
+                    commandType: CommandType.StoredProcedure);
+
+                return results.ToList();
+            }
+        }
+        
+        public async Task<ICollection<ProviderUser>> GetManyByProviderAsync(Guid providerId, ProviderUserType? type)
+        {
+            using (var connection = new SqlConnection(ConnectionString))
+            {
+                var results = await connection.QueryAsync<ProviderUser>(
+                    "[dbo].[ProviderUser_ReadByProviderId]",
+                    new { ProviderId = providerId, Type = type },
+                    commandType: CommandType.StoredProcedure);
+
+                return results.ToList();
+            }
+        }
+        
+        public async Task DeleteManyAsync(IEnumerable<Guid> providerUserIds)
+        {
+            using (var connection = new SqlConnection(ConnectionString))
+            {
+                await connection.ExecuteAsync("[dbo].[ProviderUser_DeleteByIds]",
+                    new { Ids = providerUserIds.ToGuidIdArrayTVP() }, commandType: CommandType.StoredProcedure);
+            }
+        }
+    }
+}
diff --git a/src/Core/Services/IEventService.cs b/src/Core/Services/IEventService.cs
index d250fc3b07..a7234bac95 100644
--- a/src/Core/Services/IEventService.cs
+++ b/src/Core/Services/IEventService.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.Threading.Tasks;
 using Bit.Core.Enums;
 using Bit.Core.Models.Table;
+using Bit.Core.Models.Table.Provider;
 
 namespace Bit.Core.Services
 {
@@ -17,5 +18,8 @@ namespace Bit.Core.Services
         Task LogOrganizationUserEventAsync(OrganizationUser organizationUser, EventType type, DateTime? date = null);
         Task LogOrganizationUserEventsAsync(IEnumerable<(OrganizationUser, EventType, DateTime?)> events);
         Task LogOrganizationEventAsync(Organization organization, EventType type, DateTime? date = null);
+        Task LogProviderUserEventAsync(ProviderUser providerUser, EventType type, DateTime? date = null);
+        Task LogProviderUsersEventAsync(IEnumerable<(ProviderUser, EventType, DateTime?)> events);
+
     }
 }
diff --git a/src/Core/Services/IMailService.cs b/src/Core/Services/IMailService.cs
index 00f3b424d7..e2071b5ebb 100644
--- a/src/Core/Services/IMailService.cs
+++ b/src/Core/Services/IMailService.cs
@@ -3,6 +3,7 @@ using Bit.Core.Models.Table;
 using System.Collections.Generic;
 using System;
 using Bit.Core.Models.Mail;
+using Bit.Core.Models.Table.Provider;
 
 namespace Bit.Core.Services
 {
@@ -41,5 +42,8 @@ namespace Bit.Core.Services
         Task SendEmergencyAccessRecoveryTimedOut(EmergencyAccess ea, string initiatingName, string email);
         Task SendEnqueuedMailMessageAsync(IMailQueueMessage queueMessage);
         Task SendAdminResetPasswordEmailAsync(string email, string userName, string orgName);
+        Task SendProviderSetupInviteEmailAsync(Provider provider, string token, string email);
+        Task SendProviderInviteEmailAsync(string providerName, ProviderUser providerUser, string token, string email);
+        Task SendProviderConfirmedEmailAsync(string providerName, string email);
     }
 }
diff --git a/src/Core/Services/IProviderService.cs b/src/Core/Services/IProviderService.cs
new file mode 100644
index 0000000000..897ac026c0
--- /dev/null
+++ b/src/Core/Services/IProviderService.cs
@@ -0,0 +1,31 @@
+using System.Threading.Tasks;
+using Bit.Core.Models.Table;
+using System.Collections.Generic;
+using System;
+using Bit.Core.Models.Business.Provider;
+using Bit.Core.Models.Table.Provider;
+
+namespace Bit.Core.Services
+{
+    public interface IProviderService
+    {
+        Task CreateAsync(string ownerEmail);
+        Task CompleteSetupAsync(Provider provider, Guid ownerUserId, string token, string key);
+        Task UpdateAsync(Provider provider, bool updateBilling = false);
+
+        Task<List<ProviderUser>> InviteUserAsync(Guid providerId, Guid invitingUserId, ProviderUserInvite providerUserInvite);
+        Task<List<Tuple<ProviderUser, string>>> ResendInvitesAsync(Guid providerId, Guid invitingUserId,
+            IEnumerable<Guid> providerUsersId);
+        Task<ProviderUser> AcceptUserAsync(Guid providerUserId, User user, string token);
+        Task<List<Tuple<ProviderUser, string>>> ConfirmUsersAsync(Guid providerId, Dictionary<Guid, string> keys, Guid confirmingUserId);
+
+        Task SaveUserAsync(ProviderUser user, Guid savingUserId);
+        Task<List<Tuple<ProviderUser, string>>> DeleteUsersAsync(Guid providerId, IEnumerable<Guid> providerUserIds,
+            Guid deletingUserId);
+
+        Task AddOrganization(Guid providerId, Guid organizationId, Guid addingUserId, string key);
+        Task RemoveOrganization(Guid providerOrganizationId, Guid removingUserId);
+        
+        // TODO: Figure out how ProviderOrganizationProviderUsers should be managed
+    }
+}
diff --git a/src/Core/Services/Implementations/EventService.cs b/src/Core/Services/Implementations/EventService.cs
index 32280b0844..ce3763fc31 100644
--- a/src/Core/Services/Implementations/EventService.cs
+++ b/src/Core/Services/Implementations/EventService.cs
@@ -7,6 +7,7 @@ using System.Linq;
 using System.Collections.Generic;
 using Bit.Core.Models.Table;
 using Bit.Core.Context;
+using Bit.Core.Models.Table.Provider;
 using Bit.Core.Settings;
 
 namespace Bit.Core.Services
@@ -222,6 +223,12 @@ namespace Bit.Core.Services
             await _eventWriteService.CreateAsync(e);
         }
 
+        // TODO: Implement this
+        public Task LogProviderUserEventAsync(ProviderUser providerUser, EventType type, DateTime? date = null) => throw new NotImplementedException();
+
+        // TODO: Implement this
+        public Task LogProviderUsersEventAsync(IEnumerable<(ProviderUser, EventType, DateTime?)> events) => throw new NotImplementedException();
+
         private bool CanUseEvents(IDictionary<Guid, OrganizationAbility> orgAbilities, Guid orgId)
         {
             return orgAbilities != null && orgAbilities.ContainsKey(orgId) &&
diff --git a/src/Core/Services/Implementations/HandlebarsMailService.cs b/src/Core/Services/Implementations/HandlebarsMailService.cs
index 072f350db6..c52ad81639 100644
--- a/src/Core/Services/Implementations/HandlebarsMailService.cs
+++ b/src/Core/Services/Implementations/HandlebarsMailService.cs
@@ -9,6 +9,8 @@ using System.Net;
 using Bit.Core.Utilities;
 using System.Linq;
 using System.Reflection;
+using Bit.Core.Models.Mail.Provider;
+using Bit.Core.Models.Table.Provider;
 using HandlebarsDotNet;
 
 namespace Bit.Core.Services
@@ -646,5 +648,53 @@ namespace Bit.Core.Services
             message.Category = "EmergencyAccessRecoveryTimedOut";
             await _mailDeliveryService.SendEmailAsync(message);
         }
+        
+        public async Task SendProviderSetupInviteEmailAsync(Provider provider, string token, string email)
+        {
+            var message = CreateDefaultMessage($"Create a Provider", email);
+            var model = new ProviderSetupInviteViewModel
+            {
+                WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
+                SiteName = _globalSettings.SiteName,
+                ProviderId = provider.Id.ToString(),
+                Email = email,
+                Token = token,
+            };
+            await AddMessageContentAsync(message, "Provider.ProviderSetupInvite", model);
+            message.Category = "ProviderSetupInvite";
+            await _mailDeliveryService.SendEmailAsync(message);
+        }
+
+        public async Task SendProviderInviteEmailAsync(string providerName, ProviderUser providerUser, string token, string email)
+        {
+            var message = CreateDefaultMessage($"Join {providerName}", email);
+            var model = new ProviderUserInvitedViewModel
+            {
+                ProviderName = CoreHelpers.SanitizeForEmail(providerName),
+                Email = WebUtility.UrlDecode(providerUser.Email),
+                ProviderId = providerUser.ProviderId.ToString(),
+                ProviderUserId = providerUser.Id.ToString(),
+                ProviderNameUrlEncoded = WebUtility.UrlEncode(providerName),
+                WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
+                SiteName = _globalSettings.SiteName,
+            };
+            await AddMessageContentAsync(message, "Provider.ProviderUserInvited", model);
+            message.Category = "ProviderSetupInvite";
+            await _mailDeliveryService.SendEmailAsync(message);
+        }
+
+        public async Task SendProviderConfirmedEmailAsync(string providerName, string email)
+        {
+            var message = CreateDefaultMessage($"You Have Been Confirmed To {providerName}", email);
+            var model = new ProviderUserConfirmedViewModel
+            {
+                ProviderName = CoreHelpers.SanitizeForEmail(providerName),
+                WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
+                SiteName = _globalSettings.SiteName
+            };
+            await AddMessageContentAsync(message, "Provider.ProviderUserConfirmed", model);
+            message.Category = "ProviderUserConfirmed";
+            await _mailDeliveryService.SendEmailAsync(message);
+        }
     }
 }
diff --git a/src/Core/Services/Implementations/ProviderService.cs b/src/Core/Services/Implementations/ProviderService.cs
new file mode 100644
index 0000000000..925fd31ad8
--- /dev/null
+++ b/src/Core/Services/Implementations/ProviderService.cs
@@ -0,0 +1,348 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text.Json;
+using System.Threading.Tasks;
+using Bit.Core.Enums;
+using Bit.Core.Enums.Provider;
+using Bit.Core.Exceptions;
+using Bit.Core.Models.Business.Provider;
+using Bit.Core.Models.Table;
+using Bit.Core.Models.Table.Provider;
+using Bit.Core.Repositories;
+using Bit.Core.Settings;
+using Bit.Core.Utilities;
+using Microsoft.AspNetCore.DataProtection;
+
+namespace Bit.Core.Services
+{
+    public class ProviderService : IProviderService
+    {
+        private readonly IDataProtector _dataProtector;
+        private readonly IMailService _mailService;
+        private readonly IEventService _eventService;
+        private readonly GlobalSettings _globalSettings;
+        private readonly IProviderRepository _providerRepository;
+        private readonly IProviderUserRepository _providerUserRepository;
+        private readonly IUserRepository _userRepository;
+        private readonly IUserService _userService;
+
+        public ProviderService(IProviderRepository providerRepository, IProviderUserRepository providerUserRepository,
+            IUserRepository userRepository, IUserService userService, IMailService mailService,
+            IDataProtectionProvider dataProtectionProvider, IEventService eventService, GlobalSettings globalSettings)
+        {
+            _providerRepository = providerRepository;
+            _providerUserRepository = providerUserRepository;
+            _userRepository = userRepository;
+            _userService = userService;
+            _mailService = mailService;
+            _eventService = eventService;
+            _globalSettings = globalSettings;
+            _dataProtector = dataProtectionProvider.CreateProtector("ProviderServiceDataProtector");
+        }
+
+        public async Task CreateAsync(string ownerEmail)
+        {
+            var owner = await _userRepository.GetByEmailAsync(ownerEmail);
+            if (owner == null)
+            {
+                throw new BadRequestException("Invalid owner.");
+            }
+
+            var provider = new Provider
+            {
+                Status = ProviderStatusType.Pending,
+                Enabled = true,
+            };
+            await _providerRepository.CreateAsync(provider);
+            
+            var token = _dataProtector.Protect($"ProviderSetupInvite {provider.Id} {owner.Email} {CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow)}");
+            await _mailService.SendProviderSetupInviteEmailAsync(provider, token, owner.Email);
+        }
+
+        public async Task CompleteSetupAsync(Provider provider, Guid ownerUserId, string token, string key)
+        {
+            var owner = await _userService.GetUserByIdAsync(ownerUserId);
+            if (owner == null)
+            {
+                throw new BadRequestException("Invalid owner.");
+            }
+
+            if (!CoreHelpers.TokenIsValid("ProviderSetupInvite", _dataProtector, token, owner.Email, provider.Id, _globalSettings))
+            {
+                throw new BadRequestException("Invalid token.");
+            }
+            
+            await _providerRepository.UpsertAsync(provider);
+            
+            var providerUser = new ProviderUser
+            {
+                ProviderId = provider.Id,
+                UserId = owner.Id,
+                Key = key,
+                Status = ProviderUserStatusType.Confirmed,
+                Type = ProviderUserType.ProviderAdmin,
+            };
+
+            await _providerUserRepository.CreateAsync(providerUser);
+        }
+
+        public async Task UpdateAsync(Provider provider, bool updateBilling = false)
+        {
+            if (provider.Id == default)
+            {
+                throw new ApplicationException("Cannot create provider this way.");
+            }
+
+            await _providerRepository.ReplaceAsync(provider);
+        }
+
+        public async Task<List<ProviderUser>> InviteUserAsync(Guid providerId, Guid invitingUserId,
+            ProviderUserInvite invite)
+        {
+            var provider = await _providerRepository.GetByIdAsync(providerId);
+            if (provider == null || invite?.Emails == null || !invite.Emails.Any())
+            {
+                throw new NotFoundException();
+            }
+
+            var providerUsers = new List<ProviderUser>();
+            foreach (var email in invite.Emails)
+            {
+                // Make sure user is not already invited
+                var existingProviderUserCount =
+                    await _providerUserRepository.GetCountByProviderAsync(providerId, email, false);
+                if (existingProviderUserCount > 0)
+                {
+                    continue;
+                }
+
+                var providerUser = new ProviderUser
+                {
+                    ProviderId = providerId,
+                    UserId = null,
+                    Email = email.ToLowerInvariant(),
+                    Key = null,
+                    Type = invite.Type,
+                    Status = ProviderUserStatusType.Invited,
+                    CreationDate = DateTime.UtcNow,
+                    RevisionDate = DateTime.UtcNow,
+                };
+
+                if (invite.Permissions != null)
+                {
+                    providerUser.Permissions = JsonSerializer.Serialize(invite.Permissions, new JsonSerializerOptions
+                    {
+                        PropertyNamingPolicy = JsonNamingPolicy.CamelCase,
+                    });
+                }
+
+                await _providerUserRepository.CreateAsync(providerUser);
+
+                await SendInviteAsync(providerUser, provider);
+                providerUsers.Add(providerUser);
+            }
+
+            await _eventService.LogProviderUsersEventAsync(providerUsers.Select(pu => (pu, EventType.ProviderUser_Invited, null as DateTime?)));
+
+            return providerUsers;
+        }
+
+        public async Task<List<Tuple<ProviderUser, string>>> ResendInvitesAsync(Guid providerId, Guid invitingUserId,
+            IEnumerable<Guid> providerUsersId)
+        {
+            var providerUsers = await _providerUserRepository.GetManyAsync(providerUsersId);
+            var provider = await _providerRepository.GetByIdAsync(providerId);
+
+            var result = new List<Tuple<ProviderUser, string>>();
+            foreach (var providerUser in providerUsers)
+            {
+                if (providerUser.Status != ProviderUserStatusType.Invited || providerUser.ProviderId != providerId)
+                {
+                    result.Add(Tuple.Create(providerUser, "User invalid."));
+                    continue;
+                }
+
+                await SendInviteAsync(providerUser, provider);
+                result.Add(Tuple.Create(providerUser, ""));
+            }
+
+            return result;
+        }
+
+        public async Task<ProviderUser> AcceptUserAsync(Guid providerUserId, User user, string token)
+        {
+            var providerUser = await _providerUserRepository.GetByIdAsync(providerUserId);
+            if (providerUser == null)
+            {
+                throw new BadRequestException("User invalid.");
+            }
+            
+            if (providerUser.Status != ProviderUserStatusType.Invited)
+            {
+                throw new BadRequestException("Already accepted.");
+            }
+
+            if (!CoreHelpers.TokenIsValid("ProviderUserInvite", _dataProtector, token, user.Email, providerUser.Id, _globalSettings))
+            {
+                throw new BadRequestException("Invalid token.");
+            }
+
+            if (string.IsNullOrWhiteSpace(providerUser.Email) ||
+                !providerUser.Email.Equals(user.Email, StringComparison.InvariantCultureIgnoreCase))
+            {
+                throw new BadRequestException("User email does not match invite.");
+            }
+            
+            providerUser.Status = ProviderUserStatusType.Accepted;
+            providerUser.UserId = user.Id;
+            providerUser.Email = null;
+
+            await _providerUserRepository.ReplaceAsync(providerUser);
+
+            return providerUser;
+        }
+
+        public async Task<List<Tuple<ProviderUser, string>>> ConfirmUsersAsync(Guid providerId, Dictionary<Guid, string> keys,
+            Guid confirmingUserId)
+        {
+            var providerUsers = await _providerUserRepository.GetManyAsync(keys.Keys);
+            var validProviderUsers = providerUsers
+                .Where(u => u.UserId != null)
+                .ToList();
+
+            if (!validProviderUsers.Any())
+            {
+                return new List<Tuple<ProviderUser, string>>();
+            }
+
+            var validOrganizationUserIds = validProviderUsers.Select(u => u.UserId.Value).ToList();
+            
+            var provider = await _providerRepository.GetByIdAsync(providerId);
+            var users = await _userRepository.GetManyAsync(validOrganizationUserIds);
+
+            var keyedFilteredUsers = validProviderUsers.ToDictionary(u => u.UserId.Value, u => u);
+
+            var result = new List<Tuple<ProviderUser, string>>();
+            var events = new List<(ProviderUser, EventType, DateTime?)>();
+
+            foreach (var user in users)
+            {
+                if (!keyedFilteredUsers.ContainsKey(user.Id))
+                {
+                    continue;
+                }
+                var providerUser = keyedFilteredUsers[user.Id];
+                try
+                {
+                    if (providerUser.Status != ProviderUserStatusType.Accepted || providerUser.ProviderId != providerId)
+                    {
+                        throw new BadRequestException("Invalid user.");
+                    }
+                    
+                    providerUser.Status = ProviderUserStatusType.Confirmed;
+                    providerUser.Key = keys[providerUser.Id];
+                    providerUser.Email = null;
+
+                    await _providerUserRepository.ReplaceAsync(providerUser);
+                    events.Add((providerUser, EventType.ProviderUser_Confirmed, null));
+                    await _mailService.SendOrganizationConfirmedEmailAsync(provider.Name, user.Email);
+                    result.Add(Tuple.Create(providerUser, ""));
+                }
+                catch (BadRequestException e)
+                {
+                    result.Add(Tuple.Create(providerUser, e.Message));
+                }
+            }
+
+            await _eventService.LogProviderUsersEventAsync(events);
+
+            return result;
+        }
+
+        public async Task SaveUserAsync(ProviderUser user, Guid savingUserId)
+        {
+            if (user.Id.Equals(default))
+            {
+                throw new BadRequestException("Invite the user first.");
+            }
+
+            if (user.Type != ProviderUserType.ProviderAdmin &&
+                !await HasConfirmedProviderAdminExceptAsync(user.ProviderId, new[] {user.Id}))
+            {
+                throw new BadRequestException("Provider must have at least one confirmed ProviderAdmin.");
+            }
+
+            await _providerUserRepository.ReplaceAsync(user);
+            await _eventService.LogProviderUserEventAsync(user, EventType.ProviderUser_Updated);
+        }
+
+        public async Task<List<Tuple<ProviderUser, string>>> DeleteUsersAsync(Guid providerId,
+            IEnumerable<Guid> providerUserIds, Guid deletingUserId)
+        {
+            var providerUsers = await _providerUserRepository.GetManyAsync(providerUserIds);
+
+            if (!await HasConfirmedProviderAdminExceptAsync(providerId, providerUserIds))
+            {
+                throw new BadRequestException("Provider must have at least one confirmed ProviderAdmin.");
+            }
+
+            var result = new List<Tuple<ProviderUser, string>>();
+            var deletedUserIds = new List<Guid>();
+            var events = new List<(ProviderUser, EventType, DateTime?)>();
+
+            foreach (var providerUser in providerUsers)
+            {
+                try
+                {
+                    if (providerUser.ProviderId != providerId)
+                    {
+                        throw new BadRequestException("Invalid user.");
+                    }
+                    if (providerUser.UserId == deletingUserId)
+                    {
+                        throw new BadRequestException("You cannot remove yourself.");
+                    }
+
+                    events.Add((providerUser, EventType.ProviderUser_Removed, null));
+
+                    result.Add(Tuple.Create(providerUser, ""));
+                    deletedUserIds.Add(providerUser.Id);
+                }
+                catch (BadRequestException e)
+                {
+                    result.Add(Tuple.Create(providerUser, e.Message));
+                }
+
+                await _providerUserRepository.DeleteManyAsync(deletedUserIds);
+            }
+
+            await _eventService.LogProviderUsersEventAsync(events);
+
+            return result;
+        }
+
+        // TODO: Implement this
+        public Task AddOrganization(Guid providerId, Guid organizationId, Guid addingUserId, string key) => throw new NotImplementedException();
+
+        // TODO: Implement this
+        public Task RemoveOrganization(Guid providerOrganizationId, Guid removingUserId) => throw new NotImplementedException();
+        
+        private async Task SendInviteAsync(ProviderUser providerUser, Provider provider)
+        {
+            var nowMillis = CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow);
+            var token = _dataProtector.Protect(
+                $"ProviderUserInvite {providerUser.Id} {providerUser.Email} {nowMillis}");
+            await _mailService.SendProviderInviteEmailAsync(provider.Name, providerUser, token, providerUser.Email);
+        }
+
+        private async Task<bool> HasConfirmedProviderAdminExceptAsync(Guid providerId, IEnumerable<Guid> providerUserIds)
+        {
+            var providerAdmins = await _providerUserRepository.GetManyByProviderAsync(providerId,
+                ProviderUserType.ProviderAdmin);
+            var confirmedOwners = providerAdmins.Where(o => o.Status == ProviderUserStatusType.Confirmed);
+            var confirmedOwnersIds = confirmedOwners.Select(u => u.Id);
+            return confirmedOwnersIds.Except(providerUserIds).Any();
+        }
+    }
+}
diff --git a/src/Core/Services/NoopImplementations/NoopEventService.cs b/src/Core/Services/NoopImplementations/NoopEventService.cs
index 60fd1fa5b2..f2e14d3208 100644
--- a/src/Core/Services/NoopImplementations/NoopEventService.cs
+++ b/src/Core/Services/NoopImplementations/NoopEventService.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.Threading.Tasks;
 using Bit.Core.Enums;
 using Bit.Core.Models.Table;
+using Bit.Core.Models.Table.Provider;
 
 namespace Bit.Core.Services
 {
@@ -38,6 +39,16 @@ namespace Bit.Core.Services
             return Task.FromResult(0);
         }
 
+        public Task LogProviderUserEventAsync(ProviderUser providerUser, EventType type, DateTime? date = null)
+        {
+            return Task.FromResult(0);
+        }
+
+        public Task LogProviderUsersEventAsync(IEnumerable<(ProviderUser, EventType, DateTime?)> events)
+        {
+            return Task.FromResult(0);
+        }
+
         public Task LogOrganizationUserEventAsync(OrganizationUser organizationUser, EventType type,
             DateTime? date = null)
         {
diff --git a/src/Core/Services/NoopImplementations/NoopMailService.cs b/src/Core/Services/NoopImplementations/NoopMailService.cs
index a7bd0b28a8..144077c262 100644
--- a/src/Core/Services/NoopImplementations/NoopMailService.cs
+++ b/src/Core/Services/NoopImplementations/NoopMailService.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.Threading.Tasks;
 using Bit.Core.Models.Mail;
 using Bit.Core.Models.Table;
+using Bit.Core.Models.Table.Provider;
 
 namespace Bit.Core.Services
 {
@@ -158,10 +159,25 @@ namespace Bit.Core.Services
         {
             return Task.FromResult(0);
         }
-        
+
         public Task SendAdminResetPasswordEmailAsync(string email, string userName, string orgName)
         {
             return Task.FromResult(0);
         }
+
+        public Task SendProviderSetupInviteEmailAsync(Provider provider, string token, string email)
+        {
+            return Task.FromResult(0);
+        }
+
+        public Task SendProviderInviteEmailAsync(string providerName, ProviderUser providerUser, string token, string email)
+        {
+            return Task.FromResult(0);
+        }
+
+        public Task SendProviderConfirmedEmailAsync(string providerName, string email)
+        {
+            return Task.FromResult(0);
+        }
     }
 }
diff --git a/src/Core/Utilities/ServiceCollectionExtensions.cs b/src/Core/Utilities/ServiceCollectionExtensions.cs
index be4fee35d0..606caf9797 100644
--- a/src/Core/Utilities/ServiceCollectionExtensions.cs
+++ b/src/Core/Utilities/ServiceCollectionExtensions.cs
@@ -85,6 +85,10 @@ namespace Bit.Core.Utilities
                 services.AddSingleton<ISendRepository, SqlServerRepos.SendRepository>();
                 services.AddSingleton<ITaxRateRepository, SqlServerRepos.TaxRateRepository>();
                 services.AddSingleton<IEmergencyAccessRepository, SqlServerRepos.EmergencyAccessRepository>();
+                services.AddSingleton<IProviderRepository, SqlServerRepos.ProviderRepository>();
+                services.AddSingleton<IProviderUserRepository, SqlServerRepos.ProviderUserRepository>();
+                services.AddSingleton<IProviderOrganizationRepository, SqlServerRepos.ProviderOrganizationRepository>();
+                services.AddSingleton<IProviderOrganizationProviderUserRepository, SqlServerRepos.ProviderOrganizationProviderUserRepository>();
             }
 
             if (globalSettings.SelfHosted)
@@ -116,12 +120,13 @@ namespace Bit.Core.Utilities
             services.AddScoped<ICollectionService, CollectionService>();
             services.AddScoped<IGroupService, GroupService>();
             services.AddScoped<IPolicyService, PolicyService>();
-            services.AddScoped<Services.IEventService, EventService>();
+            services.AddScoped<IEventService, EventService>();
             services.AddScoped<IEmergencyAccessService, EmergencyAccessService>();
             services.AddSingleton<IDeviceService, DeviceService>();
             services.AddSingleton<IAppleIapService, AppleIapService>();
             services.AddSingleton<ISsoConfigService, SsoConfigService>();
             services.AddScoped<ISendService, SendService>();
+            services.AddScoped<IProviderService, ProviderService>();
         }
 
         public static void AddDefaultServices(this IServiceCollection services, GlobalSettings globalSettings)
diff --git a/src/Sql/Sql.sqlproj b/src/Sql/Sql.sqlproj
index 8f5f93ff72..174fbbc2e0 100644
--- a/src/Sql/Sql.sqlproj
+++ b/src/Sql/Sql.sqlproj
@@ -136,6 +136,7 @@
     <Build Include="dbo\Stored Procedures\User_BumpAccountRevisionDateByOrganizationId.sql" />
     <Build Include="dbo\Stored Procedures\User_BumpAccountRevisionDateByOrganizationUserId.sql" />
     <Build Include="dbo\Stored Procedures\User_BumpAccountRevisionDateByOrganizationUserIds.sql" />
+    <Build Include="dbo\Stored Procedures\User_BumpAccountRevisionDateByProviderUserIds.sql" />
     <Build Include="dbo\Stored Procedures\Cipher_Delete.sql" />
     <Build Include="dbo\Stored Procedures\User_ReadPublicKeyById.sql" />
     <Build Include="dbo\Stored Procedures\User_ReadPublicKeysByOrganizationUserIds.sql" />
@@ -330,14 +331,18 @@
     <Build Include="dbo\Stored Procedures\Provider_Update.sql" />
     <Build Include="dbo\Stored Procedures\Provider_DeleteById.sql" />
     <Build Include="dbo\Stored Procedures\Provider_ReadById.sql" />
+    <Build Include="dbo\Stored Procedures\Provider_Search.sql" />
     <Build Include="dbo\Tables\ProviderUser.sql" />
     <Build Include="dbo\Views\ProviderUserView.sql" />
     <Build Include="dbo\Stored Procedures\ProviderUser_Create.sql" />
     <Build Include="dbo\Stored Procedures\ProviderUser_Update.sql" />
     <Build Include="dbo\Stored Procedures\ProviderUser_DeleteById.sql" />
+    <Build Include="dbo\Stored Procedures\ProviderUser_DeleteByIds.sql" />
     <Build Include="dbo\Stored Procedures\ProviderUser_ReadById.sql" />
+    <Build Include="dbo\Stored Procedures\ProviderUser_ReadByIds.sql" />
     <Build Include="dbo\Stored Procedures\ProviderUser_ReadByProviderId.sql" />
     <Build Include="dbo\Stored Procedures\ProviderUser_ReadByUserId.sql" />
+    <Build Include="dbo\Stored Procedures\ProviderUser_ReadCountByProviderIdEmail.sql" />
     <Build Include="dbo\Tables\ProviderOrganization.sql" />
     <Build Include="dbo\Views\ProviderOrganizationView.sql" />
     <Build Include="dbo\Stored Procedures\ProviderOrganization_Create.sql" />
diff --git a/src/Sql/dbo/Stored Procedures/ProviderUser_DeleteByIds.sql b/src/Sql/dbo/Stored Procedures/ProviderUser_DeleteByIds.sql
new file mode 100644
index 0000000000..bea9d5c12d
--- /dev/null
+++ b/src/Sql/dbo/Stored Procedures/ProviderUser_DeleteByIds.sql	
@@ -0,0 +1,42 @@
+CREATE PROCEDURE [dbo].[ProviderUser_DeleteByIds]
+    @Ids [dbo].[GuidIdArray] READONLY
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    EXEC [dbo].[User_BumpAccountRevisionDateByProviderUserIds] @Ids
+
+    DECLARE @UserAndProviderIds [dbo].[TwoGuidIdArray]
+
+    INSERT INTO @UserAndProviderIds
+        (Id1, Id2)
+    SELECT
+        UserId,
+        ProviderId
+    FROM
+        [dbo].[ProviderUser] PU
+    INNER JOIN
+        @Ids PUIds ON PUIds.Id = PU.Id
+    WHERE
+        UserId IS NOT NULL AND
+        ProviderId IS NOT NULL
+
+    DECLARE @BatchSize INT = 100
+
+    -- Delete ProviderUsers
+    WHILE @BatchSize > 0
+        BEGIN
+        BEGIN TRANSACTION ProviderUser_DeleteMany_PUs
+
+        DELETE TOP(@BatchSize) OU
+        FROM
+            [dbo].[ProviderUser] PU
+        INNER JOIN
+            @Ids I ON I.Id = PU.Id
+
+        SET @BatchSize = @@ROWCOUNT
+
+        COMMIT TRANSACTION ProviderUser_DeleteMany_PUs
+    END
+END
+GO
diff --git a/src/Sql/dbo/Stored Procedures/ProviderUser_ReadByIds.sql b/src/Sql/dbo/Stored Procedures/ProviderUser_ReadByIds.sql
new file mode 100644
index 0000000000..91a94cf75b
--- /dev/null
+++ b/src/Sql/dbo/Stored Procedures/ProviderUser_ReadByIds.sql	
@@ -0,0 +1,18 @@
+CREATE PROCEDURE [dbo].[ProviderUser_ReadByIds]
+    @Ids AS [dbo].[GuidIdArray] READONLY
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    IF (SELECT COUNT(1) FROM @Ids) < 1
+    BEGIN
+        RETURN(-1)
+    END
+
+    SELECT
+        *
+    FROM
+        [dbo].[ProviderUserView]
+    WHERE
+        [Id] IN (SELECT [Id] FROM @Ids)
+END
diff --git a/src/Sql/dbo/Stored Procedures/ProviderUser_ReadByProviderId.sql b/src/Sql/dbo/Stored Procedures/ProviderUser_ReadByProviderId.sql
index 8c83a3c3f4..32ad300309 100644
--- a/src/Sql/dbo/Stored Procedures/ProviderUser_ReadByProviderId.sql	
+++ b/src/Sql/dbo/Stored Procedures/ProviderUser_ReadByProviderId.sql	
@@ -1,5 +1,6 @@
 CREATE PROCEDURE [dbo].[ProviderUser_ReadByProviderId]
-    @ProviderId UNIQUEIDENTIFIER
+    @ProviderId UNIQUEIDENTIFIER,
+    @Type TINYINT
 AS
 BEGIN
     SET NOCOUNT ON
@@ -10,4 +11,5 @@ BEGIN
         [dbo].[ProviderUserView]
     WHERE
         [ProviderId] = @ProviderId
+        AND [Type] = COALESCE(@Type, [Type])
 END
diff --git a/src/Sql/dbo/Stored Procedures/ProviderUser_ReadCountByProviderIdEmail.sql b/src/Sql/dbo/Stored Procedures/ProviderUser_ReadCountByProviderIdEmail.sql
new file mode 100644
index 0000000000..700dd9de94
--- /dev/null
+++ b/src/Sql/dbo/Stored Procedures/ProviderUser_ReadCountByProviderIdEmail.sql	
@@ -0,0 +1,21 @@
+CREATE PROCEDURE [dbo].[ProviderUser_ReadCountByProviderIdEmail]
+    @ProviderId UNIQUEIDENTIFIER,
+    @Email NVARCHAR(256),
+    @OnlyUsers BIT
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        COUNT(1)
+    FROM
+        [dbo].[ProviderUser] OU
+    LEFT JOIN
+        [dbo].[User] U ON OU.[UserId] = U.[Id]
+    WHERE
+        OU.[ProviderId] = @ProviderId
+        AND (
+            (@OnlyUsers = 0 AND @Email IN (OU.[Email], U.[Email]))
+            OR (@OnlyUsers = 1 AND U.[Email] = @Email)
+        )
+END
diff --git a/src/Sql/dbo/Stored Procedures/Provider_Search.sql b/src/Sql/dbo/Stored Procedures/Provider_Search.sql
new file mode 100644
index 0000000000..362c496b2f
--- /dev/null
+++ b/src/Sql/dbo/Stored Procedures/Provider_Search.sql	
@@ -0,0 +1,41 @@
+CREATE PROCEDURE [dbo].[Provider_Search]
+    @Name NVARCHAR(50),
+    @UserEmail NVARCHAR(256),
+    @Skip INT = 0,
+    @Take INT = 25
+WITH RECOMPILE
+AS
+BEGIN
+    SET NOCOUNT ON
+    DECLARE @NameLikeSearch NVARCHAR(55) = '%' + @Name + '%'
+
+    IF @UserEmail IS NOT NULL
+    BEGIN
+        SELECT
+            O.*
+        FROM
+            [dbo].[ProviderView] O
+        INNER JOIN
+            [dbo].[ProviderUser] OU ON O.[Id] = OU.[ProviderId]
+        INNER JOIN
+            [dbo].[User] U ON U.[Id] = OU.[UserId]
+        WHERE
+            (@Name IS NULL OR O.[Name] LIKE @NameLikeSearch)
+            AND U.[Email] = COALESCE(@UserEmail, U.[Email])
+        ORDER BY O.[CreationDate] DESC
+        OFFSET @Skip ROWS
+        FETCH NEXT @Take ROWS ONLY
+    END
+    ELSE
+    BEGIN
+        SELECT
+            O.*
+        FROM
+            [dbo].[ProviderView] O
+        WHERE
+            (@Name IS NULL OR O.[Name] LIKE @NameLikeSearch)
+        ORDER BY O.[CreationDate] DESC
+        OFFSET @Skip ROWS
+        FETCH NEXT @Take ROWS ONLY
+    END
+END
diff --git a/src/Sql/dbo/Stored Procedures/User_BumpAccountRevisionDateByProviderUserIds.sql b/src/Sql/dbo/Stored Procedures/User_BumpAccountRevisionDateByProviderUserIds.sql
new file mode 100644
index 0000000000..e6366443d7
--- /dev/null
+++ b/src/Sql/dbo/Stored Procedures/User_BumpAccountRevisionDateByProviderUserIds.sql	
@@ -0,0 +1,18 @@
+CREATE PROCEDURE [dbo].[User_BumpAccountRevisionDateByProviderUserIds]
+    @ProviderUserIds [dbo].[GuidIdArray] READONLY
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    UPDATE
+        U
+    SET
+        U.[AccountRevisionDate] = GETUTCDATE()
+    FROM
+        @ProviderUserIds OUIDs
+    INNER JOIN
+        [dbo].[ProviderUser] PU ON OUIDs.Id = PU.Id AND PU.[Status] = 2 -- Confirmed
+    INNER JOIN
+        [dbo].[User] U ON PU.UserId = U.Id
+END
+GO
diff --git a/src/Sql/dbo/Tables/Provider.sql b/src/Sql/dbo/Tables/Provider.sql
index 9c7ab082ce..5f60cfb6c9 100644
--- a/src/Sql/dbo/Tables/Provider.sql
+++ b/src/Sql/dbo/Tables/Provider.sql
@@ -1,13 +1,13 @@
 CREATE TABLE [dbo].[Provider] (
     [Id]                UNIQUEIDENTIFIER NOT NULL,
-    [Name]              NVARCHAR (50)    NOT NULL,
+    [Name]              NVARCHAR (50)    NULL,
     [BusinessName]      NVARCHAR (50)    NULL,
     [BusinessAddress1]  NVARCHAR (50)    NULL,
     [BusinessAddress2]  NVARCHAR (50)    NULL,
     [BusinessAddress3]  NVARCHAR (50)    NULL,
     [BusinessCountry]   VARCHAR (2)      NULL,
     [BusinessTaxNumber] NVARCHAR (30)    NULL,
-    [BillingEmail]      NVARCHAR (256)   NOT NULL,
+    [BillingEmail]      NVARCHAR (256)   NULL,
     [Status]            TINYINT          NOT NULL,
     [Enabled]           BIT              NOT NULL,
     [CreationDate]      DATETIME2 (7)    NOT NULL,
diff --git a/test/Core.Test/AutoFixture/ProviderUserFixtures.cs b/test/Core.Test/AutoFixture/ProviderUserFixtures.cs
new file mode 100644
index 0000000000..8cf0d9c97f
--- /dev/null
+++ b/test/Core.Test/AutoFixture/ProviderUserFixtures.cs
@@ -0,0 +1,45 @@
+using System.Reflection;
+using AutoFixture;
+using AutoFixture.Xunit2;
+using Bit.Core.Enums.Provider;
+
+namespace Bit.Core.Test.AutoFixture.ProviderUserFixtures
+{
+    internal class ProviderUser : ICustomization
+    {
+        public ProviderUserStatusType Status { get; set; }
+        public ProviderUserType Type { get; set; }
+
+        public ProviderUser(ProviderUserStatusType status, ProviderUserType type)
+        {
+            Status = status;
+            Type = type;
+        }
+        
+        public void Customize(IFixture fixture)
+        {
+            fixture.Customize<Core.Models.Table.Provider.ProviderUser>(composer => composer
+                .With(o => o.Type, Type)
+                .With(o => o.Status, Status));
+        }
+    }
+
+    public class ProviderUserAttribute : CustomizeAttribute
+    {
+        private readonly ProviderUserStatusType _status;
+        private readonly ProviderUserType _type;
+
+        public ProviderUserAttribute(
+            ProviderUserStatusType status = ProviderUserStatusType.Confirmed,
+            ProviderUserType type = ProviderUserType.ProviderAdmin)
+        {
+            _status = status;
+            _type = type;
+        }
+
+        public override ICustomization GetCustomization(ParameterInfo parameter)
+        {
+            return new ProviderUser(_status, _type);
+        }
+    }
+}
diff --git a/test/Core.Test/Services/ProviderServiceTests.cs b/test/Core.Test/Services/ProviderServiceTests.cs
new file mode 100644
index 0000000000..d4f5fae137
--- /dev/null
+++ b/test/Core.Test/Services/ProviderServiceTests.cs
@@ -0,0 +1,392 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Bit.Core.Enums;
+using Bit.Core.Enums.Provider;
+using Bit.Core.Exceptions;
+using Bit.Core.Models.Business.Provider;
+using Bit.Core.Models.Table;
+using Bit.Core.Models.Table.Provider;
+using Bit.Core.Repositories;
+using Bit.Core.Services;
+using Bit.Core.Test.AutoFixture;
+using Bit.Core.Test.AutoFixture.Attributes;
+using Bit.Core.Test.AutoFixture.ProviderUserFixtures;
+using Bit.Core.Utilities;
+using Microsoft.AspNetCore.DataProtection;
+using NSubstitute;
+using Xunit;
+using ProviderUser = Bit.Core.Models.Table.Provider.ProviderUser;
+
+namespace Bit.Core.Test.Services
+{
+    public class ProviderServiceTests
+    {
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task CreateAsync_UserIdIsInvalid_Throws(SutProvider<ProviderService> sutProvider)
+        {
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.CreateAsync(default));
+            Assert.Contains("Invalid owner.", exception.Message);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task CreateAsync_Success(User user, SutProvider<ProviderService> sutProvider)
+        {
+            var userRepository = sutProvider.GetDependency<IUserRepository>();
+            userRepository.GetByEmailAsync(user.Email).Returns(user); 
+            
+            await sutProvider.Sut.CreateAsync(user.Email);
+            
+            await sutProvider.GetDependency<IProviderRepository>().ReceivedWithAnyArgs().CreateAsync(default);
+            await sutProvider.GetDependency<IMailService>().ReceivedWithAnyArgs().SendProviderSetupInviteEmailAsync(default, default, default);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task CompleteSetupAsync_UserIdIsInvalid_Throws(SutProvider<ProviderService> sutProvider)
+        {
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.CompleteSetupAsync(default, default, default, default));
+            Assert.Contains("Invalid owner.", exception.Message);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task CompleteSetupAsync_TokenIsInvalid_Throws(User user, Provider provider,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var userService = sutProvider.GetDependency<IUserService>();
+            userService.GetUserByIdAsync(user.Id).Returns(user); 
+
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.CompleteSetupAsync(provider, user.Id, default, default));
+            Assert.Contains("Invalid token.", exception.Message);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task CompleteSetupAsync_Success(User user, Provider provider,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var userService = sutProvider.GetDependency<IUserService>();
+            userService.GetUserByIdAsync(user.Id).Returns(user);
+
+            var dataProtectionProvider = DataProtectionProvider.Create("ApplicationName");
+            var protector = dataProtectionProvider.CreateProtector("ProviderServiceDataProtector");
+            sutProvider.GetDependency<IDataProtectionProvider>().CreateProtector("ProviderServiceDataProtector")
+                .Returns(protector);
+            sutProvider.Create();
+
+            var token = protector.Protect($"ProviderSetupInvite {provider.Id} {user.Email} {CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow)}");
+            
+            await sutProvider.Sut.CompleteSetupAsync(provider, user.Id, token, default);
+
+            await sutProvider.GetDependency<IProviderRepository>().Received().UpsertAsync(provider);
+            await sutProvider.GetDependency<IProviderUserRepository>().Received()
+                .CreateAsync(Arg.Is<ProviderUser>(pu => pu.UserId == user.Id && pu.ProviderId == provider.Id));
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task UpdateAsync_ProviderIdIsInvalid_Throws(Provider provider, SutProvider<ProviderService> sutProvider)
+        {
+            provider.Id = default;
+            
+            var exception = await Assert.ThrowsAsync<ApplicationException>(
+                () => sutProvider.Sut.UpdateAsync(provider));
+            Assert.Contains("Cannot create provider this way.", exception.Message);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task UpdateAsync_Success(Provider provider, SutProvider<ProviderService> sutProvider)
+        {
+            await sutProvider.Sut.UpdateAsync(provider);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task InviteUserAsync_ProviderIdIsInvalid_Throws(Provider provider, SutProvider<ProviderService> sutProvider)
+        {
+            provider.Id = default;
+            
+            await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.InviteUserAsync(provider.Id, default, default));
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task InviteUserAsync_EmailsInvalid_Throws(Provider provider, ProviderUserInvite providerUserInvite,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var providerRepository = sutProvider.GetDependency<IProviderRepository>();
+            providerRepository.GetByIdAsync(provider.Id).Returns(provider);
+
+            providerUserInvite.Emails = null;
+            
+            await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.InviteUserAsync(provider.Id, default, providerUserInvite));
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task InviteUserAsync_AlreadyInvited(Provider provider, ProviderUserInvite providerUserInvite,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var providerRepository = sutProvider.GetDependency<IProviderRepository>();
+            providerRepository.GetByIdAsync(provider.Id).Returns(provider);
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetCountByProviderAsync(default, default, default).ReturnsForAnyArgs(1);
+
+            var result = await sutProvider.Sut.InviteUserAsync(provider.Id, default, providerUserInvite);
+            Assert.Empty(result);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task InviteUserAsync_Success(Provider provider, ProviderUserInvite providerUserInvite,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var providerRepository = sutProvider.GetDependency<IProviderRepository>();
+            providerRepository.GetByIdAsync(provider.Id).Returns(provider);
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetCountByProviderAsync(default, default, default).ReturnsForAnyArgs(0);
+
+            var result = await sutProvider.Sut.InviteUserAsync(provider.Id, default, providerUserInvite);
+            Assert.Equal(providerUserInvite.Emails.Count(), result.Count);
+            Assert.True(result.TrueForAll(pu => pu.Status == ProviderUserStatusType.Invited), "Status must be invited");
+            Assert.True(result.TrueForAll(pu => pu.ProviderId == provider.Id), "Provider Id must be correct");
+        }
+        
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task ResendInvitesAsync_Errors(Provider provider,
+            [ProviderUser(ProviderUserStatusType.Invited)]ProviderUser pu1,
+            [ProviderUser(ProviderUserStatusType.Accepted)]ProviderUser pu2,
+            [ProviderUser(ProviderUserStatusType.Confirmed)]ProviderUser pu3,
+            [ProviderUser(ProviderUserStatusType.Invited)]ProviderUser pu4,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var providerUsers = new[] {pu1, pu2, pu3, pu4};
+            pu1.ProviderId = pu2.ProviderId = pu3.ProviderId = provider.Id;
+
+            var providerRepository = sutProvider.GetDependency<IProviderRepository>();
+            providerRepository.GetByIdAsync(provider.Id).Returns(provider);
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetManyAsync(default).ReturnsForAnyArgs(providerUsers.ToList());
+
+            var result = await sutProvider.Sut.ResendInvitesAsync(provider.Id, default, providerUsers.Select(pu => pu.Id));
+            Assert.Equal("", result[0].Item2);
+            Assert.Equal("User invalid.", result[1].Item2);
+            Assert.Equal("User invalid.", result[2].Item2);
+            Assert.Equal("User invalid.", result[3].Item2);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task ResendInvitesAsync_Success(Provider provider, IEnumerable<ProviderUser> providerUsers,
+            SutProvider<ProviderService> sutProvider)
+        {
+            foreach (var providerUser in providerUsers)
+            {
+                providerUser.ProviderId = provider.Id;
+                providerUser.Status = ProviderUserStatusType.Invited;
+            }
+            
+            var providerRepository = sutProvider.GetDependency<IProviderRepository>();
+            providerRepository.GetByIdAsync(provider.Id).Returns(provider);
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetManyAsync(default).ReturnsForAnyArgs(providerUsers.ToList());
+
+            var result = await sutProvider.Sut.ResendInvitesAsync(provider.Id, default, providerUsers.Select(pu => pu.Id));
+            Assert.True(result.All(r => r.Item2 == ""));
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task AcceptUserAsync_UserIsInvalid_Throws(ProviderUser providerUser, User user,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.AcceptUserAsync(default, default, default));
+            Assert.Equal("User invalid.", exception.Message);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task AcceptUserAsync_AlreadyAccepted_Throws(
+            [ProviderUser(ProviderUserStatusType.Accepted)]ProviderUser providerUser, User user,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetByIdAsync(providerUser.Id).Returns(providerUser);
+            
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.AcceptUserAsync(providerUser.Id, user, default));
+            Assert.Equal("Already accepted.", exception.Message);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task AcceptUserAsync_TokenIsInvalid_Throws(
+            [ProviderUser(ProviderUserStatusType.Invited)]ProviderUser providerUser, User user,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetByIdAsync(providerUser.Id).Returns(providerUser);
+            
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.AcceptUserAsync(providerUser.Id, user, default));
+            Assert.Equal("Invalid token.", exception.Message);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task AcceptUserAsync_WrongEmail_Throws(
+            [ProviderUser(ProviderUserStatusType.Invited)]ProviderUser providerUser, User user,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetByIdAsync(providerUser.Id).Returns(providerUser);
+            
+            var dataProtectionProvider = DataProtectionProvider.Create("ApplicationName");
+            var protector = dataProtectionProvider.CreateProtector("ProviderServiceDataProtector");
+            sutProvider.GetDependency<IDataProtectionProvider>().CreateProtector("ProviderServiceDataProtector")
+                .Returns(protector);
+            sutProvider.Create();
+            
+            var token = protector.Protect($"ProviderUserInvite {providerUser.Id} {user.Email} {CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow)}");
+
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.AcceptUserAsync(providerUser.Id, user, token));
+            Assert.Equal("User email does not match invite.", exception.Message);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task AcceptUserAsync_Success(
+            [ProviderUser(ProviderUserStatusType.Invited)]ProviderUser providerUser, User user,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetByIdAsync(providerUser.Id).Returns(providerUser);
+            
+            var dataProtectionProvider = DataProtectionProvider.Create("ApplicationName");
+            var protector = dataProtectionProvider.CreateProtector("ProviderServiceDataProtector");
+            sutProvider.GetDependency<IDataProtectionProvider>().CreateProtector("ProviderServiceDataProtector")
+                .Returns(protector);
+            sutProvider.Create();
+
+            providerUser.Email = user.Email;
+            var token = protector.Protect($"ProviderUserInvite {providerUser.Id} {user.Email} {CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow)}");
+
+            var pu = await sutProvider.Sut.AcceptUserAsync(providerUser.Id, user, token);
+            Assert.Null(pu.Email);
+            Assert.Equal(ProviderUserStatusType.Accepted, pu.Status);
+            Assert.Equal(user.Id, pu.UserId);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task ConfirmUsersAsync_NoValid(
+            [ProviderUser(ProviderUserStatusType.Invited)]ProviderUser pu1,
+            [ProviderUser(ProviderUserStatusType.Accepted)]ProviderUser pu2,
+            [ProviderUser(ProviderUserStatusType.Confirmed)]ProviderUser pu3,
+            SutProvider<ProviderService> sutProvider)
+        {
+            pu1.ProviderId = pu3.ProviderId;
+            var providerUsers = new[] {pu1, pu2, pu3};
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetManyAsync(default).ReturnsForAnyArgs(providerUsers);
+
+            var dict = providerUsers.ToDictionary(pu => pu.Id, _ => "key");
+            var result = await sutProvider.Sut.ConfirmUsersAsync(pu1.ProviderId, dict, default);
+            
+            Assert.Empty(result);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task ConfirmUsersAsync_Success(
+            [ProviderUser(ProviderUserStatusType.Invited)]ProviderUser pu1, User u1,
+            [ProviderUser(ProviderUserStatusType.Accepted)]ProviderUser pu2, User u2,
+            [ProviderUser(ProviderUserStatusType.Confirmed)]ProviderUser pu3, User u3,
+            Provider provider, User user, SutProvider<ProviderService> sutProvider)
+        {
+            pu1.ProviderId = pu2.ProviderId = pu3.ProviderId = provider.Id;
+            pu1.UserId = u1.Id;
+            pu2.UserId = u2.Id;
+            pu3.UserId = u3.Id;
+            var providerUsers = new[] {pu1, pu2, pu3};
+
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetManyAsync(default).ReturnsForAnyArgs(providerUsers);
+            var providerRepository = sutProvider.GetDependency<IProviderRepository>();
+            providerRepository.GetByIdAsync(provider.Id).Returns(provider);
+            var userRepository = sutProvider.GetDependency<IUserRepository>();
+            userRepository.GetManyAsync(default).ReturnsForAnyArgs(new[] {u1, u2, u3});
+
+            var dict = providerUsers.ToDictionary(pu => pu.Id, _ => "key");
+            var result = await sutProvider.Sut.ConfirmUsersAsync(pu1.ProviderId, dict, user.Id);
+            
+            Assert.Equal("Invalid user.", result[0].Item2);
+            Assert.Equal("", result[1].Item2);
+            Assert.Equal("Invalid user.", result[2].Item2);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SaveUserAsync_UserIdIsInvalid_Throws(ProviderUser providerUser,
+            SutProvider<ProviderService> sutProvider)
+        {
+            providerUser.Id = default;
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.SaveUserAsync(providerUser, default));
+            Assert.Equal("Invite the user first.", exception.Message);
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SaveUserAsync_Success(
+            [ProviderUser(type: ProviderUserType.ProviderAdmin)]ProviderUser providerUser, User savingUser,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetByIdAsync(providerUser.Id).Returns(providerUser);
+
+            await sutProvider.Sut.SaveUserAsync(providerUser, savingUser.Id);
+            await providerUserRepository.Received().ReplaceAsync(providerUser);
+            await sutProvider.GetDependency<IEventService>().Received()
+                .LogProviderUserEventAsync(providerUser, EventType.ProviderUser_Updated, null);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task DeleteUsersAsync_NoRemainingOwner_Throws(Provider provider, User deletingUser,
+            ICollection<ProviderUser> providerUsers, SutProvider<ProviderService> sutProvider)
+        {
+            var userIds = providerUsers.Select(pu => pu.Id);
+
+            providerUsers.First().UserId = deletingUser.Id;
+            foreach (var providerUser in providerUsers)
+            {
+                providerUser.ProviderId = provider.Id;
+            }
+            providerUsers.Last().ProviderId = default;
+            
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetManyAsync(default).ReturnsForAnyArgs(providerUsers);
+            providerUserRepository.GetManyByProviderAsync(default, default).ReturnsForAnyArgs(new ProviderUser[] {});
+            
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.DeleteUsersAsync(provider.Id, userIds, deletingUser.Id));
+            Assert.Equal("Provider must have at least one confirmed ProviderAdmin.", exception.Message);
+        }
+        
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task DeleteUsersAsync_Success(Provider provider, User deletingUser,            ICollection<ProviderUser> providerUsers,
+            [ProviderUser(ProviderUserStatusType.Confirmed, ProviderUserType.ProviderAdmin)]ProviderUser remainingOwner,
+            SutProvider<ProviderService> sutProvider)
+        {
+            var userIds = providerUsers.Select(pu => pu.Id);
+
+            providerUsers.First().UserId = deletingUser.Id;
+            foreach (var providerUser in providerUsers)
+            {
+                providerUser.ProviderId = provider.Id;
+            }
+            providerUsers.Last().ProviderId = default;
+            
+            var providerUserRepository = sutProvider.GetDependency<IProviderUserRepository>();
+            providerUserRepository.GetManyAsync(default).ReturnsForAnyArgs(providerUsers);
+            providerUserRepository.GetManyByProviderAsync(default, default).ReturnsForAnyArgs(new[] {remainingOwner});
+            
+            var result = await sutProvider.Sut.DeleteUsersAsync(provider.Id, userIds, deletingUser.Id);
+            
+            Assert.NotEmpty(result);
+            Assert.Equal("You cannot remove yourself.", result[0].Item2);
+            Assert.Equal("", result[1].Item2);
+            Assert.Equal("Invalid user.", result[2].Item2);
+        }
+    }
+}
diff --git a/util/Migrator/DbScripts/2021-05-14_00_Provider.sql b/util/Migrator/DbScripts/2021-05-26_00_Provider.sql
similarity index 80%
rename from util/Migrator/DbScripts/2021-05-14_00_Provider.sql
rename to util/Migrator/DbScripts/2021-05-26_00_Provider.sql
index 40414e3667..97277e6d74 100644
--- a/util/Migrator/DbScripts/2021-05-14_00_Provider.sql
+++ b/util/Migrator/DbScripts/2021-05-26_00_Provider.sql
@@ -95,6 +95,12 @@ BEGIN
 END
 GO
 
+ALTER TABLE [dbo].[Provider] ALTER COLUMN [Name] NVARCHAR (50) NULL;
+GO
+
+ALTER TABLE [dbo].[Provider] ALTER COLUMN [BillingEmail] NVARCHAR (256) NULL;
+GO
+
 IF EXISTS(SELECT * FROM sys.views WHERE [Name] = 'ProviderView')
 BEGIN
     DROP VIEW [dbo].[ProviderView];
@@ -454,7 +460,8 @@ END
 GO
 
 CREATE PROCEDURE [dbo].[ProviderUser_ReadByProviderId]
-    @ProviderId UNIQUEIDENTIFIER
+    @ProviderId UNIQUEIDENTIFIER,
+    @Type TINYINT
 AS
 BEGIN
     SET NOCOUNT ON
@@ -465,6 +472,7 @@ BEGIN
         [dbo].[ProviderUserView]
     WHERE
         [ProviderId] = @ProviderId
+        AND [Type] = COALESCE(@Type, [Type])
 END
 GO
 
@@ -797,3 +805,182 @@ BEGIN
     EXEC [dbo].[User_BumpAccountRevisionDateByProviderUserId] @ProviderUserId
 END
 GO
+
+IF OBJECT_ID('[dbo].[ProviderUser_ReadCountByProviderIdEmail]') IS NOT NULL
+    BEGIN
+        DROP PROCEDURE [dbo].[ProviderUser_ReadCountByProviderIdEmail]
+    END
+GO
+
+CREATE PROCEDURE [dbo].[ProviderUser_ReadCountByProviderIdEmail]
+    @ProviderId UNIQUEIDENTIFIER,
+    @Email NVARCHAR(256),
+    @OnlyUsers BIT
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    SELECT
+        COUNT(1)
+    FROM
+        [dbo].[ProviderUser] OU
+            LEFT JOIN
+        [dbo].[User] U ON OU.[UserId] = U.[Id]
+    WHERE
+            OU.[ProviderId] = @ProviderId
+      AND (
+            (@OnlyUsers = 0 AND @Email IN (OU.[Email], U.[Email]))
+            OR (@OnlyUsers = 1 AND U.[Email] = @Email)
+        )
+END
+GO
+
+IF OBJECT_ID('[dbo].[ProviderUser_ReadByIds]') IS NOT NULL
+    BEGIN
+        DROP PROCEDURE [dbo].[ProviderUser_ReadByIds]
+    END
+GO
+
+CREATE PROCEDURE [dbo].[ProviderUser_ReadByIds]
+@Ids AS [dbo].[GuidIdArray] READONLY
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    IF (SELECT COUNT(1) FROM @Ids) < 1
+        BEGIN
+            RETURN(-1)
+        END
+
+    SELECT
+        *
+    FROM
+        [dbo].[ProviderUserView]
+    WHERE
+        [Id] IN (SELECT [Id] FROM @Ids)
+END
+GO
+
+
+IF OBJECT_ID('[dbo].[User_BumpAccountRevisionDateByProviderUserIds]') IS NOT NULL
+    BEGIN
+        DROP PROCEDURE [dbo].[User_BumpAccountRevisionDateByProviderUserIds]
+    END
+GO
+
+CREATE PROCEDURE [dbo].[User_BumpAccountRevisionDateByProviderUserIds]
+@ProviderUserIds [dbo].[GuidIdArray] READONLY
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    UPDATE
+        U
+    SET
+        U.[AccountRevisionDate] = GETUTCDATE()
+    FROM
+        @ProviderUserIds OUIDs
+            INNER JOIN
+        [dbo].[ProviderUser] PU ON OUIDs.Id = PU.Id AND PU.[Status] = 2 -- Confirmed
+            INNER JOIN
+        [dbo].[User] U ON PU.UserId = U.Id
+END
+GO
+
+IF OBJECT_ID('[dbo].[ProviderUser_DeleteByIds]') IS NOT NULL
+    BEGIN
+        DROP PROCEDURE [dbo].[ProviderUser_DeleteByIds]
+    END
+GO
+
+CREATE PROCEDURE [dbo].[ProviderUser_DeleteByIds]
+@Ids [dbo].[GuidIdArray] READONLY
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    EXEC [dbo].[User_BumpAccountRevisionDateByProviderUserIds] @Ids
+
+    DECLARE @UserAndProviderIds [dbo].[TwoGuidIdArray]
+
+    INSERT INTO @UserAndProviderIds
+    (Id1, Id2)
+    SELECT
+        UserId,
+        ProviderId
+    FROM
+        [dbo].[ProviderUser] PU
+            INNER JOIN
+        @Ids PUIds ON PUIds.Id = PU.Id
+    WHERE
+        UserId IS NOT NULL AND
+        ProviderId IS NOT NULL
+
+    DECLARE @BatchSize INT = 100
+
+    -- Delete ProviderUsers
+    WHILE @BatchSize > 0
+        BEGIN
+            BEGIN TRANSACTION ProviderUser_DeleteMany_PUs
+
+                DELETE TOP(@BatchSize) OU
+                FROM
+                    [dbo].[ProviderUser] PU
+                        INNER JOIN
+                    @Ids I ON I.Id = PU.Id
+
+                SET @BatchSize = @@ROWCOUNT
+
+            COMMIT TRANSACTION ProviderUser_DeleteMany_PUs
+        END
+END
+GO
+
+IF OBJECT_ID('[dbo].[Provider_Search]') IS NOT NULL
+    BEGIN
+        DROP PROCEDURE [dbo].[Provider_Search]
+    END
+GO
+
+CREATE PROCEDURE [dbo].[Provider_Search]
+    @Name NVARCHAR(50),
+    @UserEmail NVARCHAR(256),
+    @Skip INT = 0,
+    @Take INT = 25
+    WITH RECOMPILE
+AS
+BEGIN
+    SET NOCOUNT ON
+    DECLARE @NameLikeSearch NVARCHAR(55) = '%' + @Name + '%'
+
+    IF @UserEmail IS NOT NULL
+        BEGIN
+            SELECT
+                O.*
+            FROM
+                [dbo].[ProviderView] O
+                    INNER JOIN
+                [dbo].[ProviderUser] OU ON O.[Id] = OU.[ProviderId]
+                    INNER JOIN
+                [dbo].[User] U ON U.[Id] = OU.[UserId]
+            WHERE
+                (@Name IS NULL OR O.[Name] LIKE @NameLikeSearch)
+              AND U.[Email] = COALESCE(@UserEmail, U.[Email])
+            ORDER BY O.[CreationDate] DESC
+            OFFSET @Skip ROWS
+                FETCH NEXT @Take ROWS ONLY
+        END
+    ELSE
+        BEGIN
+            SELECT
+                O.*
+            FROM
+                [dbo].[ProviderView] O
+            WHERE
+                (@Name IS NULL OR O.[Name] LIKE @NameLikeSearch)
+            ORDER BY O.[CreationDate] DESC
+            OFFSET @Skip ROWS
+                FETCH NEXT @Take ROWS ONLY
+        END
+END
+GO