diff --git a/.env.sample b/.env.sample
index fa58188..69534f3 100644
--- a/.env.sample
+++ b/.env.sample
@@ -1,2 +1,3 @@
 export GITHUB_KEY=[key]
 export GITHUB_SECRET=[secret]
+export GITHUB_TEAM_ID=[team_id]
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index bd1625c..3edeac8 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -1,11 +1,19 @@
 class SessionsController < ApplicationController
   def create
-    user = User.find_or_create_from_auth(auth)
-    session[:current_user_id] = user.id
-    redirect_to root_path
+    if org.nil? || in_organization?(org)
+      session[:token] = auth.credentials.token
+      user = User.find_or_create_from_auth(auth)
+      session[:current_user_id] = user.id
+      redirect_to root_path
+    else
+      flash[:error] = "You must be in the #{org} organization "\
+                      "to access that page"
+      redirect_to new_session_path
+    end
   end
 
   def destroy
+    session[:token] = nil
     session[:current_user_id] = nil
     @current_user = nil
     redirect_to root_path
@@ -13,6 +21,30 @@ class SessionsController < ApplicationController
 
   private
 
+  def org
+    ENV["GITHUB_ORG"]
+  end
+
+  def in_organization?(org_name)
+    organizations.select do |organization|
+      organization["login"] == org_name
+    end.any?
+  end
+
+  def organizations
+    JSON.parse(get_organizations.body)
+  end
+
+  def get_organizations
+    HTTP.
+      auth("token #{auth.credentials.token}").
+      get(organizations_url)
+  end
+
+  def organizations_url
+    "https://api.github.com/user/orgs"
+  end
+
   def auth
     request.env["omniauth.auth"]
   end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index e9a4eaa..f08f787 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -20,6 +20,10 @@
 
   <main>
     <div class="container">
+      <% flash.each do |name, msg| %>
+        <%= content_tag :div, msg, class: "alert alert-info" %>
+      <% end %>
+
       <%= yield %>
     </div>
   </main>
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index 90837ba..af877ac 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -1,3 +1,6 @@
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :github, ENV["GITHUB_KEY"], ENV["GITHUB_SECRET"]
+  provider :github,
+    ENV["GITHUB_KEY"],
+    ENV["GITHUB_SECRET"],
+    scope: "read:org"
 end