diff --git a/main/src/main/java/org/sopt/makers/crew/main/common/config/SecurityConfig.java b/main/src/main/java/org/sopt/makers/crew/main/common/config/SecurityConfig.java
index cf482cc0..e0a4cfdb 100644
--- a/main/src/main/java/org/sopt/makers/crew/main/common/config/SecurityConfig.java
+++ b/main/src/main/java/org/sopt/makers/crew/main/common/config/SecurityConfig.java
@@ -23,75 +23,78 @@
 @EnableWebSecurity
 public class SecurityConfig {
 
-    private final JwtTokenProvider jwtTokenProvider;
-    private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
+  private final JwtTokenProvider jwtTokenProvider;
+  private final JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
 
-    private static final String[] SWAGGER_URL = {
-            "/swagger-resources/**",
-            "/favicon.ico",
-            "/api-docs/**",
-            "/swagger-ui/**",
-            "/swagger-ui.html",
-            "/swagger-ui/index.html",
-            "/docs/swagger-ui/index.html",
-            "/swagger-ui/swagger-ui.css",
-    };
+  private static final String[] SWAGGER_URL = {
+      "/swagger-resources/**",
+      "/favicon.ico",
+      "/api-docs/**",
+      "/swagger-ui/**",
+      "/swagger-ui.html",
+      "/swagger-ui/index.html",
+      "/docs/swagger-ui/index.html",
+      "/swagger-ui/swagger-ui.css",
+  };
 
-    private static final String[] AUTH_WHITELIST = {
-            "/health"
-    };
+  private static final String[] AUTH_WHITELIST = {
+      "/health",
+      "meeting/v2/org-user/**"
+  };
 
-    @Bean
-    @Profile("dev")
-    SecurityFilterChain devSecurityFilterChain(HttpSecurity http) throws Exception {
-        http.csrf((csrfConfig) -> csrfConfig.disable())
-                .cors(Customizer.withDefaults())
-                .sessionManagement(
-                        (sessionManagement) -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .authorizeHttpRequests(
-                        authorize -> authorize.requestMatchers(AUTH_WHITELIST).permitAll()
-                                .requestMatchers(SWAGGER_URL).permitAll()
-                                .anyRequest().authenticated())
-                .addFilterBefore(
-                        new JwtAuthenticationFilter(this.jwtTokenProvider, this.jwtAuthenticationEntryPoint),
-                        UsernamePasswordAuthenticationFilter.class)
-                .exceptionHandling(exceptionHandling -> exceptionHandling
-                        .authenticationEntryPoint(this.jwtAuthenticationEntryPoint));
-        return http.build();
-    }
+  @Bean
+  @Profile("dev")
+  SecurityFilterChain devSecurityFilterChain(HttpSecurity http) throws Exception {
+    http.csrf((csrfConfig) -> csrfConfig.disable())
+        .cors(Customizer.withDefaults())
+        .sessionManagement(
+            (sessionManagement) -> sessionManagement.sessionCreationPolicy(
+                SessionCreationPolicy.STATELESS))
+        .authorizeHttpRequests(
+            authorize -> authorize.requestMatchers(AUTH_WHITELIST).permitAll()
+                .requestMatchers(SWAGGER_URL).permitAll()
+                .anyRequest().authenticated())
+        .addFilterBefore(
+            new JwtAuthenticationFilter(this.jwtTokenProvider, this.jwtAuthenticationEntryPoint),
+            UsernamePasswordAuthenticationFilter.class)
+        .exceptionHandling(exceptionHandling -> exceptionHandling
+            .authenticationEntryPoint(this.jwtAuthenticationEntryPoint));
+    return http.build();
+  }
 
-    @Bean
-    @Profile("prod")
-    SecurityFilterChain prodSecurityFilterChain(HttpSecurity http) throws Exception {
-        http.csrf((csrfConfig) -> csrfConfig.disable())
-                .cors(Customizer.withDefaults())
-                .sessionManagement(
-                        (sessionManagement) -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .authorizeHttpRequests(
-                        authorize -> authorize.requestMatchers(AUTH_WHITELIST).permitAll()
-                                .requestMatchers(SWAGGER_URL).permitAll()
-                                .anyRequest().authenticated())
-                .addFilterBefore(
-                        new JwtAuthenticationFilter(this.jwtTokenProvider, this.jwtAuthenticationEntryPoint),
-                        UsernamePasswordAuthenticationFilter.class)
-                .exceptionHandling(exceptionHandling -> exceptionHandling
-                        .authenticationEntryPoint(this.jwtAuthenticationEntryPoint));
-        return http.build();
-    }
+  @Bean
+  @Profile("prod")
+  SecurityFilterChain prodSecurityFilterChain(HttpSecurity http) throws Exception {
+    http.csrf((csrfConfig) -> csrfConfig.disable())
+        .cors(Customizer.withDefaults())
+        .sessionManagement(
+            (sessionManagement) -> sessionManagement.sessionCreationPolicy(
+                SessionCreationPolicy.STATELESS))
+        .authorizeHttpRequests(
+            authorize -> authorize.requestMatchers(AUTH_WHITELIST).permitAll()
+                .requestMatchers(SWAGGER_URL).permitAll()
+                .anyRequest().authenticated())
+        .addFilterBefore(
+            new JwtAuthenticationFilter(this.jwtTokenProvider, this.jwtAuthenticationEntryPoint),
+            UsernamePasswordAuthenticationFilter.class)
+        .exceptionHandling(exceptionHandling -> exceptionHandling
+            .authenticationEntryPoint(this.jwtAuthenticationEntryPoint));
+    return http.build();
+  }
 
-    @Bean
-    CorsConfigurationSource corsConfigurationSource() {
-        CorsConfiguration configuration = new CorsConfiguration();
-        configuration.setAllowedOrigins(
-                Arrays.asList("https://playground.sopt.org/", "http://localhost:3000/",
-                        "https://sopt-internal-dev.pages.dev/"));
-        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PATCH", "DELETE", "OPTIONS"));
-        configuration.addAllowedHeader("*");
-        configuration.setAllowCredentials(false);
+  @Bean
+  CorsConfigurationSource corsConfigurationSource() {
+    CorsConfiguration configuration = new CorsConfiguration();
+    configuration.setAllowedOrigins(
+        Arrays.asList("https://playground.sopt.org/", "http://localhost:3000/",
+            "https://sopt-internal-dev.pages.dev/"));
+    configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PATCH", "DELETE", "OPTIONS"));
+    configuration.addAllowedHeader("*");
+    configuration.setAllowCredentials(false);
 
-        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-        source.registerCorsConfiguration("/**", configuration);
-        return source;
-    }
+    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    source.registerCorsConfiguration("/**", configuration);
+    return source;
+  }
 
 }
diff --git a/main/src/main/java/org/sopt/makers/crew/main/entity/user/UserRepository.java b/main/src/main/java/org/sopt/makers/crew/main/entity/user/UserRepository.java
index 01c48e40..90c4e8bc 100644
--- a/main/src/main/java/org/sopt/makers/crew/main/entity/user/UserRepository.java
+++ b/main/src/main/java/org/sopt/makers/crew/main/entity/user/UserRepository.java
@@ -1,12 +1,20 @@
 package org.sopt.makers.crew.main.entity.user;
 
+import java.util.Optional;
 import org.sopt.makers.crew.main.common.exception.UnAuthorizedException;
 import org.springframework.data.jpa.repository.JpaRepository;
 
 public interface UserRepository extends JpaRepository<User, Integer> {
 
+  Optional<User> findByOrgId(Integer orgId);
+
   default User findByIdOrThrow(Integer userId) {
     return findById(userId)
         .orElseThrow(() -> new UnAuthorizedException());
   }
+
+  default User findByOrgIdOrThrow(Integer orgUserId) {
+    return findByOrgId(orgUserId)
+        .orElseThrow(() -> new UnAuthorizedException());
+  }
 }