diff --git a/.env.test b/.env.test
index 47001204..69562c40 100644
--- a/.env.test
+++ b/.env.test
@@ -5,3 +5,4 @@ SYMFONY_DEPRECATIONS_HELPER=disabled
 DATABASE_URL=postgresql://resop:postgrespwd@postgres/resop-test?serverVersion=11&charset=utf8
 PANTHER_CHROME_ARGUMENTS="--headless --no-sandbox"
 PANTHER_APP_ENV=panther
+APP_SLOT_INTERVAL="+2 hours"
diff --git a/assets/js/_planning-missions.js b/assets/js/_planning-missions.js
index cfd92dbf..0b1b019b 100644
--- a/assets/js/_planning-missions.js
+++ b/assets/js/_planning-missions.js
@@ -16,11 +16,11 @@ function setSlotMisssion(mission, $slot) {
   missionsText += ' ';
 
   // User part
-  let url = Routing.generate('app_user_availability_mission_modal', { id: mission.id });
+  let url = Routing.generate('app_user_availability_mission_modal', { mission: mission.id });
 
   if (window.location.pathname.indexOf('organizations') >= 0 && !!mission?.organization?.id) {
     // Organization part
-    url = Routing.generate('app_organization_mission_modal', { organization: mission.organization.id, id: mission.id });
+    url = Routing.generate('app_organization_mission_modal', { organization: mission.organization.id, mission: mission.id });
   }
 
   missionsText += $(`<button type="button" class="btn btn-link" data-toggle="ajax-modal" data-href="${url}">`).text(mission.name)[0].outerHTML;
diff --git a/assets/js/fos_js_routes.json b/assets/js/fos_js_routes.json
index 31815131..c727826a 100644
--- a/assets/js/fos_js_routes.json
+++ b/assets/js/fos_js_routes.json
@@ -1 +1 @@
-{"base_url":"","routes":{"app_user_availability_mission_modal":{"tokens":[["text","\/modal"],["variable","\/","\\d+","id",true],["text","\/user\/availability\/missions"]],"defaults":[],"requirements":{"id":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]},"app_organization_mission_modal":{"tokens":[["text","\/modal"],["variable","\/","\\d+","id",true],["text","\/missions"],["variable","\/","\\d+","organization",true],["text","\/organizations"]],"defaults":[],"requirements":{"id":"\\d+","organization":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]},"app_organization_mission_find_by_filters":{"tokens":[["text","\/missions\/find"],["variable","\/","\\d+","organization",true],["text","\/organizations"]],"defaults":[],"requirements":{"organization":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]}},"prefix":"","host":"localhost","port":"","scheme":"http","locale":[]}
\ No newline at end of file
+{"base_url":"","routes":{"app_user_availability_mission_modal":{"tokens":[["text","\/modal"],["variable","\/","\\d+","mission",true],["text","\/user\/availability\/missions"]],"defaults":[],"requirements":{"mission":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]},"app_organization_mission_modal":{"tokens":[["text","\/modal"],["variable","\/","\\d+","mission",true],["text","\/missions"],["variable","\/","\\d+","organization",true],["text","\/organizations"]],"defaults":[],"requirements":{"mission":"\\d+","organization":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]},"app_organization_mission_find_by_filters":{"tokens":[["text","\/missions\/find"],["variable","\/","\\d+","organization",true],["text","\/organizations"]],"defaults":[],"requirements":{"organization":"\\d+"},"hosttokens":[],"methods":["GET"],"schemes":[]}},"prefix":"","host":"localhost","port":"","scheme":"http","locale":[]}
\ No newline at end of file
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index e5ca42c3..1d712f10 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -5,37 +5,18 @@ security:
             entity:
                 class: App\Entity\User
 
-        organizations:
-            entity:
-                class: App\Entity\Organization
-
     encoders:
         Symfony\Component\Security\Core\User\UserInterface:
             algorithm: auto
 
+    role_hierarchy:
+        ROLE_VOLUNTEER: ROLE_USER
+
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
 
-        organizations:
-            pattern: ^/organizations
-            anonymous: lazy
-            provider: organizations
-            guard:
-                authenticators:
-                    - App\Security\OrganizationLoginFormAuthenticator
-
-            logout:
-                path: app_organization_logout
-                target: app_organization_index
-
-            remember_me:
-                name: remember_me_organization
-                secret:   '%kernel.secret%'
-                lifetime: 604800 # 1 week in seconds
-                path:     /
-
         main:
             anonymous: lazy
             provider: users
@@ -54,6 +35,7 @@ security:
                 path:     /
 
     access_control:
-        - { path: ^/(user\/new|login|organizations\/login)$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/organizations, roles: ROLE_ORGANIZATION }
+        - { path: ^/user/new$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/login$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/, roles: ROLE_USER }
+        - { path: ^/organizations/, roles: ROLE_ORGANIZATION }
diff --git a/config/services_test.yaml b/config/services_test.yaml
index 75c469d6..9e4924ec 100644
--- a/config/services_test.yaml
+++ b/config/services_test.yaml
@@ -7,7 +7,13 @@ services:
         resource: '../tests/Behat/*'
 
     App\Tests\Behat\FixturesContext:
-        $aliceFixturesLoader: '@hautelook_alice.loader'
+        arguments:
+            $aliceFixturesLoader: '@hautelook_alice.loader'
 
     App\Tests\Behat\TraversingContext:
-        $projectDir: '%kernel.project_dir%'
+        arguments:
+            $projectDir: '%kernel.project_dir%'
+
+    App\Tests\Behat\UserPlanningContext:
+        arguments:
+            $slotInterval: '%app.slot_interval%'
diff --git a/features/organization/assets.feature b/features/organization/assets.feature
index e865be9e..db50f14d 100644
--- a/features/organization/assets.feature
+++ b/features/organization/assets.feature
@@ -4,10 +4,10 @@ Feature:
     I must be able to list, edit and delete assets in my organization.
 
     Scenario: As an admin of an organization, I can list the assets from my organization
-        Given I am authenticated as "admin203@resop.com"
-        And I am on "/organizations/203"
+        Given I am authenticated as "admin201@resop.com"
+        And I am on "/organizations/201"
         When I follow "Afficher la liste de mes véhicules"
-        Then I should be on "/organizations/203/assets"
+        Then I should be on "/organizations/201/assets/"
         And the response status code should be 200
         And I should see "75992"
         And I should see "75996"
@@ -32,12 +32,12 @@ Feature:
 
     Scenario: As an admin of an organization, I cannot list the assets from an organization I don't have access to
         Given I am authenticated as "admin201@resop.com"
-        When I go to "/organizations/202/assets"
+        When I go to "/organizations/202/assets/"
         Then the response status code should be 403
 
     Scenario: As an admin of a child organization, I cannot list the assets from the parent organization
-        Given I am authenticated as "admin203@resop.com"
-        When I go to "/organizations/201/assets"
+        Given I am authenticated as "admin204@resop.com"
+        When I go to "/organizations/202/assets/"
         Then the response status code should be 403
 
     Scenario Outline: As an admin of an organization, I can add an asset on my organization or children organizations
@@ -50,58 +50,34 @@ Feature:
         And I press "Continuer"
         Then the response status code should be 200
         And I should be on "<add_url>"
-        When I fill in the following:
-            | commissionable_asset[type]            | VL                    |
-            | commissionable_asset[name]            | new vehicule          |
-            | commissionable_asset[hasMobileRadio]  | 1                     |
-            | commissionable_asset[hasFirstAidKit]  | 1                     |
-            | commissionable_asset[parkingLocation] | some parking location |
-            | commissionable_asset[contact]         | some contact          |
-            | commissionable_asset[seatingCapacity] | 5                     |
-            | commissionable_asset[licensePlate]    | some license plate    |
-            | commissionable_asset[comments]        | some comments         |
+        When I fill in "commissionable_asset[name]" with "new vehicule"
         And I press "Enregistrer"
         Then I should be on "<list_url>"
         And the response status code should be 200
         And I should see "Véhicule créé"
-        And I should see "VL - new vehicule"
-        When I follow the last "Modifier"
-        Then I should be on "/organizations/203/assets/1/edit"
-        And the response status code should be 200
-        And the "commissionable_asset_type" field should contain "VL"
-        And the "commissionable_asset_name" field should contain "new vehicule"
-        And the "commissionable_asset_hasMobileRadio_0" checkbox is checked
-        And the "commissionable_asset_hasFirstAidKit_0" checkbox is checked
-        And the "commissionable_asset_parkingLocation" field should contain "some parking location"
-        And the "commissionable_asset_contact" field should contain "some contact"
-        And the "commissionable_asset_seatingCapacity" field should contain "5"
-        And the "commissionable_asset_licensePlate" field should contain "some license plate"
-        And the "commissionable_asset_comments" field should contain "some comments"
+        And I should see "new vehicule"
         Examples:
-            | login              | list_url                  | preAdd_url                       | add_url                       |
-#            todo: there is a bug when using parent organization: https://github.com/crf-devs/resop/issues/360
-#            todo: how to create a new asset on a children organization (but not on current one)?
-#            | admin201@resop.com     | /organizations/201/assets?organization=203 | /organizations/201/assets/preAdd | /organizations/201/assets/add |
-            | admin203@resop.com | /organizations/203/assets | /organizations/203/assets/preAdd | /organizations/203/assets/add |
+            | login              | list_url                                      | preAdd_url                                          | add_url                                          |
+            | admin201@resop.com | /organizations/201/assets/?organizationId=203 | /organizations/201/assets/preAdd?organizationId=203 | /organizations/201/assets/add?organizationId=203 |
+            | admin204@resop.com | /organizations/204/assets/                    | /organizations/204/assets/preAdd                    | /organizations/204/assets/add                    |
 
     @javascript
     Scenario: As an admin of an admin of an organization, I can display an asset modal
         Given I am authenticated as "admin201@resop.com"
-        When I go to "/organizations/201/assets"
+        When I go to "/organizations/201/assets/"
         And I press "Afficher"
         And I wait for ".modal-show-asset-inner" to be visible
         Then I should see "Modifier"
         And I follow "Modifier"
-        Then I should be on "/organizations/201/assets/75012/edit?organizationId=203"
+        Then I should be on "/organizations/201/assets/75992/edit"
 
     Scenario Outline: As an admin of an organization, I can update an asset from my organization or children organizations
         Given I am authenticated as "<login>"
         When I go to "<edit_url>"
         Then I should be on "<edit_url>"
         And the response status code should be 200
-        And the "commissionable_asset_name" field should contain "75012"
-        When I fill in the following:
-            | commissionable_asset[name] | new name |
+        And the "commissionable_asset_name" field should contain "<name>"
+        When I fill in "commissionable_asset[name]" with "new name"
         And I press "Enregistrer"
         Then I should be on "<list_url>"
         And the response status code should be 200
@@ -109,10 +85,9 @@ Feature:
         When I go to "<edit_url>"
         And the "commissionable_asset_name" field should contain "new name"
         Examples:
-            | login              | edit_url                             | list_url                  |
-#            todo: there is a bug when using parent organization: https://github.com/crf-devs/resop/issues/360
-#            | admin201@resop.com     | /organizations/201/assets/75012/edit | /organizations/201/assets?organization=203 |
-            | admin203@resop.com | /organizations/203/assets/75012/edit | /organizations/203/assets |
+            | login              | name  | edit_url                             | list_url                                      |
+            | admin201@resop.com | 75012 | /organizations/201/assets/75012/edit | /organizations/201/assets/?organizationId=203 |
+            | admin204@resop.com | 77102 | /organizations/204/assets/77102/edit | /organizations/204/assets/                    |
 
     Scenario: As an admin of a parent organization, I cannot update an asset from an organization I don't have access to
         Given I am authenticated as "admin201@resop.com"
@@ -149,7 +124,7 @@ Feature:
 
     Scenario: As an admin of a parent organization, I cannot delete an asset from another organization
         Given I am authenticated as "admin201@resop.com"
-        When I go to "/organizations/202/assets"
+        When I go to "/organizations/202/assets/"
         Then the response status code should be 403
         When I go to "/organizations/202/assets/77992/delete"
         Then the response status code should be 403
diff --git a/features/organization/forecast.feature b/features/organization/forecast.feature
index 0956020d..659be806 100644
--- a/features/organization/forecast.feature
+++ b/features/organization/forecast.feature
@@ -5,12 +5,12 @@ Feature:
     I must be able to search for available users and assets.
 
     Scenario: As an authenticated children organization, I cannot use the forecast search form
-        Given I am authenticated as "UL 01-02"
-        When I go to "/organizations/201/forecast/"
+        Given I am authenticated as "admin204@resop.com"
+        When I go to "/organizations/202/forecast/"
         Then the response status code should be 403
 
     Scenario: As an authenticated parent organization, I can access the forecast search form
-        Given I am authenticated as "DT75"
+        Given I am authenticated as "admin201@resop.com"
         When I go to "/organizations/201"
         Then I should see "Projections"
         When I follow "Projections"
@@ -20,7 +20,7 @@ Feature:
 
     @javascript
     Scenario: As an authenticated parent organization, I can use the forecast search form
-        Given I am authenticated as "DT75"
+        Given I am authenticated as "admin201@resop.com"
         And I am on "/organizations/201/forecast/"
         When I click on "#availableRange"
         Then I wait for ".daterangepicker" to be visible
diff --git a/features/organization/home.feature b/features/organization/home.feature
index aa46ffe3..dcfa63f6 100644
--- a/features/organization/home.feature
+++ b/features/organization/home.feature
@@ -21,21 +21,20 @@ Feature:
         When I go to "<url>"
         Then the response status code should be 403
         Examples:
-            | url                     |
-            | /organizations/203        |
-            | /organizations/203/new    |
-            | /organizations/203/search |
-            | /organizations/203/edit   |
-            | /organizations/203/assets |
-            | /organizations/203/users  |
-            | /organizations/planning |
+            | url                             |
+            | /organizations/203              |
+            | /organizations/203/children/new |
+            | /organizations/203/search       |
+            | /organizations/203/assets/      |
+            | /organizations/203/users/       |
+            | /organizations/203/planning     |
 
     Scenario Outline: As an admin of an organization, I cannot go to the homepage of another organization
         Given I am authenticated as "admin201@resop.com"
         When I go to "<url>"
         Then the response status code should be 403
         Examples:
-            | url              |
-            | /organizations/2 |
+            | url                |
+            | /organizations/202 |
             | /organizations/203 |
             | /organizations/204 |
diff --git a/features/organization/mission_type.feature b/features/organization/mission_type.feature
index fbb4d2dc..3532a8c0 100644
--- a/features/organization/mission_type.feature
+++ b/features/organization/mission_type.feature
@@ -5,7 +5,7 @@ Feature:
     I must be able to list, edit and delete mission types.
 
     Scenario: As an organization, I can list my mission types
-        Given I am authenticated as "DT75"
+        Given I am authenticated as "admin201@resop.com"
         And I am on "/organizations/201"
         When I follow "Modifier les types de missions"
         Then I should be on "/organizations/201/mission_type/"
@@ -17,7 +17,7 @@ Feature:
 
     @javascript
     Scenario: As an organization, I can create a mission type
-        Given I am authenticated as "DT75"
+        Given I am authenticated as "admin201@resop.com"
         And I am on "/organizations/201/mission_type/"
         When I follow "Ajouter un nouveau type de mission"
         Then I should be on "/organizations/201/mission_type/new"
@@ -43,7 +43,7 @@ Feature:
 
     @javascript
     Scenario: As an organization, I cannot create a mission type with duplicate requirements
-        Given I am authenticated as "DT75"
+        Given I am authenticated as "admin201@resop.com"
         And I am on "/organizations/201/mission_type/"
         When I follow "Ajouter un nouveau type de mission"
         Then I should be on "/organizations/201/mission_type/new"
@@ -69,7 +69,7 @@ Feature:
 
     @javascript
     Scenario: As an organization, I can edit a mission type
-        Given I am authenticated as "DT75"
+        Given I am authenticated as "admin201@resop.com"
         And I am on "/organizations/201/mission_type/"
         When I follow "Modifier"
         Then I should be on "/organizations/201/mission_type/751/edit"
@@ -84,13 +84,13 @@ Feature:
         And I should see "CI Réseau BSPP"
 
     Scenario: As an organization, I cannot edit a mission type of another organization
-        Given I am authenticated as "DT75"
+        Given I am authenticated as "admin201@resop.com"
         And I am on "/organizations/201/mission_type/771/edit"
         Then the response status code should be 403
 
     @javascript
     Scenario: As an organization, I can delete a mission type
-        Given I am authenticated as "DT75"
+        Given I am authenticated as "admin201@resop.com"
         And I am on "/organizations/201/mission_type/"
         When I follow "Supprimer"
         And I wait for "#delete-item-modal" to be visible
@@ -101,7 +101,7 @@ Feature:
         And I should not see "Mission type DT75 1"
 
     Scenario: As an organization, I cannot delete a mission type of another organization
-        Given I am authenticated as "DT75"
+        Given I am authenticated as "admin201@resop.com"
         And I am on "/organizations/201/mission_type/771/delete"
         Then the response status code should be 403
 
diff --git a/features/organization/planning.feature b/features/organization/planning.feature
index 74f1fca2..59943de1 100644
--- a/features/organization/planning.feature
+++ b/features/organization/planning.feature
@@ -6,37 +6,35 @@ Feature:
     I must have access to the planning and I can filter what is displayed.
 
     Scenario: As an organization, I have access to the planning and I can see my resources
-        Given I am authenticated as "UL 01-02"
-        And I am on "/organizations/203"
+        Given I am authenticated as "admin204@resop.com"
+        And I am on "/organizations/204"
         When I follow "Afficher les disponibilités de mes bénévoles pour la semaine prochaine"
         Then the response status code should be 200
-        And I should be on "/organizations/203/planning/"
-        And I should see "VPSP - 75012"
-        And I should see "VPSP - 75014"
-        And I should see "VL - 75016"
-        And I should see "VL - 75018"
+        And I should be on "/organizations/204/planning/"
+        And I should see "VPSP - 77102"
+        And I should see "VPSP - 77104"
+        And I should see "VL - 77106"
+        And I should see "VL - 77108"
         And I should not see "7599"
-        And I should not see "7799"
-        And I should not see "7710"
-        And I should see "Jane DOE"
+        And I should not see "7510"
+        And I should see "Chuck NORRIS"
+        And I should see "Freddy MERCURY"
         And I should not see "John DOE"
+        And I should not see "Jane DOE"
 
     Scenario: As an organization, I have access to the planning and I can see my resources' availability
-        Given I am authenticated as "UL 01-02"
-        And I am on "/organizations/203"
+        Given I am authenticated as "admin201@resop.com"
+        And I am on "/organizations/201"
         When I follow "Afficher les disponibilités de mes bénévoles pour la semaine prochaine"
-        Then the response status code should be 200
-        And availability of user "Jane DOE" should be "unknown" on "next monday" at 02:00
-        And availability of user "Jane DOE" should be "booked" on "next monday" at 06:00
-        And availability of user "Jane DOE" should be "available" on "next monday" at 10:00
-        And availability of user "Jane DOE" should be "locked" on "next monday" at 14:00
-        And availability of asset "VPSP - 75012" should be "unknown" on "tuesday next week" at 02:00
-        And availability of asset "VPSP - 75012" should be "locked" on "tuesday next week" at 06:00
-        And availability of asset "VPSP - 75012" should be "available" on "tuesday next week" at 10:00
-        And availability of asset "VPSP - 75012" should be "booked" on "tuesday next week" at 14:00
+        Then I should be on "/organizations/201/planning/"
+        And the response status code should be 200
+        And availability of user "John DOE" should be "booked" on "next monday" at 02:00
+        And availability of user "John DOE" should be "unknown" on "next monday" at 10:00
+        And availability of user "John DOE" should be "available" on "next tuesday" at 10:00
+        And availability of asset "VPSP - 75992" should be "unknown" on "tuesday next week" at 02:00
 
     Scenario: As a parent organization, I have access to the planning of my children organizations
-        Given I am authenticated as "DT75"
+        Given I am authenticated as "admin201@resop.com"
         And I am on "/organizations/201"
         When I follow "Afficher les disponibilités de mes bénévoles pour la semaine prochaine"
         Then the response status code should be 200
@@ -50,8 +48,8 @@ Feature:
         And I should be on "/organizations/201/planning/"
         And I should see "Jane DOE"
 
-    Scenario: As an organization, I can filter the resources displayed on planing
-        Given I am authenticated as "DT75"
+    Scenario: As an organization, I can filter the resources displayed on planning
+        Given I am authenticated as "admin201@resop.com"
         And I am on "/organizations/201/planning/"
         Then I should see "Jane DOE"
         And I should see "John DOE"
@@ -60,19 +58,18 @@ Feature:
         When I select "VPSP" from "assetTypes[]"
         And I select "1" from "userPropertyFilters[vulnerable]"
         And I press "search-planning-button"
-        Then the response status code should be 200
+        Then I should be on "/organizations/201/planning/"
         And I should see "John DOE"
         And I should not see "Jane DOE"
         And I should see "VPSP - 75992"
         And I should not see "VL - 75996"
         And I select "0" from "userPropertyFilters[vulnerable]"
         And I press "search-planning-button"
-        Then the response status code should be 200
+        Then I should be on "/organizations/201/planning/"
         And I should not see "John DOE"
         And I should see "Jane DOE"
-        When I fill in the following:
-            | hideUsers  | 1 |
-            | hideAssets | 1 |
+        When I check "hideUsers"
+        And I check "hideAssets"
         And I press "search-planning-button"
-        Then the response status code should be 200
+        Then I should be on "/organizations/201/planning/"
         And I should see "Aucune resource ne correspond à votre recherche"
diff --git a/features/organization/search.feature b/features/organization/search.feature
index 111d875d..617194a0 100644
--- a/features/organization/search.feature
+++ b/features/organization/search.feature
@@ -20,23 +20,23 @@ Feature:
             | jAnE dOe reSOp | admin203@resop.com | 990002A              |
 
     Scenario: As an admin of a children organization, I can search for a volunteer in my organization
-        Given I am authenticated as "admin203@resop.com"
-        And I am on "/organizations/203"
-        When I fill in "query" with " jAnE dOe reSOp "
+        Given I am authenticated as "admin204@resop.com"
+        And I am on "/organizations/204"
+        When I fill in "query" with " FrEdDy MeRcUrY reSOp "
         And I press "Rechercher"
-        Then I should be on "/organizations/203/search"
+        Then I should be on "/organizations/204/search"
         And the response status code should be 200
-        And I should see "Rechercher \"jAnE dOe reSOp\""
-        And I should see "990002A"
-        And I should see "admin203@resop.com"
+        And I should see "Rechercher \"FrEdDy MeRcUrY reSOp\""
+        And I should see "990004A"
+        And I should see "admin204@resop.com"
         And I should see "Aucun véhicule ne correspond à votre recherche."
 
     Scenario: As an admin of an organization, I cannot search for a user in another organization
-        Given I am authenticated as "admin203@resop.com"
-        And I am on "/organizations/203"
+        Given I am authenticated as "admin201@resop.com"
+        And I am on "/organizations/201"
         When I fill in "query" with " cHuCk nOrRiS reSOp "
         And I press "Rechercher"
-        Then I should be on "/organizations/203/search"
+        Then I should be on "/organizations/201/search"
         And the response status code should be 200
         And I should see "Rechercher \"cHuCk nOrRiS reSOp\""
         And I should see "Aucun bénévole ne correspond à votre recherche."
@@ -54,16 +54,16 @@ Feature:
         And I should see "<type>"
         And I should see "Aucun bénévole ne correspond à votre recherche."
         Examples:
-            | search | name   | type |
-            | 75992  | 75992  | VPSP |
-            | 75012  | 75012  | VPSP |
+            | search | name  | type |
+            | 75992  | 75992 | VPSP |
+            | 75012  | 75012 | VPSP |
 
     Scenario: As an admin of a children organization, I can search for a user in my organization
-        Given I am authenticated as "admin203@resop.com"
-        And I am on "/organizations/203"
+        Given I am authenticated as "admin201@resop.com"
+        And I am on "/organizations/201"
         When I fill in "query" with " 75012 "
         And I press "Rechercher"
-        Then I should be on "/organizations/203/search"
+        Then I should be on "/organizations/201/search"
         And the response status code should be 200
         And I should see "Rechercher \"75012\""
         And I should see "VPSP"
@@ -71,11 +71,11 @@ Feature:
         And I should see "Aucun bénévole ne correspond à votre recherche."
 
     Scenario: As an admin of an organization, I cannot search for a user in another organization
-        Given I am authenticated as "admin203@resop.com"
-        And I am on "/organizations/203"
+        Given I am authenticated as "admin201@resop.com"
+        And I am on "/organizations/201"
         When I fill in "query" with " 77282 "
         And I press "Rechercher"
-        Then I should be on "/organizations/203/search"
+        Then I should be on "/organizations/201/search"
         And the response status code should be 200
         And I should see "Rechercher \"77282\""
         And I should see "Aucun bénévole ne correspond à votre recherche."
diff --git a/features/organization/users.feature b/features/organization/users.feature
index 76446193..5cff31f8 100644
--- a/features/organization/users.feature
+++ b/features/organization/users.feature
@@ -48,14 +48,9 @@ Feature:
 
     Scenario Outline: As an admin of an organization, I can update a user from my organization or children organizations
         Given I am authenticated as "<login>"
-        When I go to "<list_url>"
-        And I follow "Modifier"
+        When I go to "<edit_url>"
         Then I should be on "<edit_url>"
         And the response status code should be 200
-        And the "user_identificationNumber" field should contain "990002A"
-        And the "user_emailAddress" field should contain "admin203@resop.com"
-        And the "user_firstName" field should contain "Jane"
-        And the "user_lastName" field should contain "DOE"
         When I fill in the following:
             | user[identificationNumber]               | 999999A                 |
             | user[emailAddress]                       | john.bon.jovi@resop.com |
@@ -91,18 +86,18 @@ Feature:
         And the "user[properties][drivingLicence]" field should contain "0"
         And the "user[properties][occupation][choice]" field should contain "Pompier"
         Examples:
-            | login    | list_url                                     | edit_url                          |
-            | DT75     | /organizations/201/users/?organizationId=203 | /organizations/201/users/102/edit |
-            | UL 01-02 | /organizations/203/users/                    | /organizations/203/users/102/edit |
+            | login              | list_url                                     | edit_url                          |
+            | admin201@resop.com | /organizations/201/users/?organizationId=203 | /organizations/201/users/102/edit |
+            | admin204@resop.com | /organizations/204/users/                    | /organizations/204/users/104/edit |
 
     Scenario Outline: As an admin of an organization, I cannot update a user from another organizations
         Given I am authenticated as "admin201@resop.com"
         When I go to "<url>"
-        Then the response status code should be 403
+        Then the response status code should be 404
         Examples:
             | url                               |
-            | /organizations/201/users/103/edit |
-            | /organizations/204/users/103/edit |
+            | /organizations/201/users/104/edit |
+            | /organizations/201/users/105/edit |
 
     @javascript
     Scenario Outline: As an organization, I can delete a user from my organization or children organizations
@@ -114,12 +109,12 @@ Feature:
         When I press "Supprimer"
         Then I should be on "<list_url>"
         And I should see "Le bénévole a été supprimé avec succès."
-        And I should not see "jill.doe@resop.com"
+        And I should not see "jane.doe@resop.com"
         Examples:
-            | login    | list_url                                     | edit_url                          |
-            | DT75     | /organizations/201/users/?organizationId=203 | /organizations/201/users/102/edit |
-            | UL 01-02 | /organizations/203/users/                    | /organizations/203/users/102/edit |
+            | login              | list_url                                     | edit_url                          |
+            | admin201@resop.com | /organizations/201/users/?organizationId=203 | /organizations/201/users/102/edit |
 
+#    TODO: Waiting for https://github.com/crf-devs/resop/issues/348
 #    Scenario: As an admin of an organization, I cannot directly delete a user from my organization
 #        Given I am authenticated as "admin201@resop.com"
 #        When I go to "/organizations/201/users/3/delete?organizationId=203"
@@ -142,40 +137,44 @@ Feature:
         When I go to "/organizations/201/users/2/edit"
         Then the response status code should be 404
 
-    Scenario Outline: As an admin of an organization, I can promote a user as admin of an organization and this user has admin privilege
-        Given I am authenticated as "admin204@resop.com"
-        When I go to "<url>"
-        And I follow "Promouvoir administrateur de UL DE BRIE ET CHANTEREINE"
-        Then I should be on "<url>"
-        And the response status code should be 200
-        And I should see "L'utilisateur \"<name>\" a été promu administrateur de UL DE BRIE ET CHANTEREINE avec succès."
-        And I should see "Révoquer la fonction d'administrateur de UL DE BRIE ET CHANTEREINE"
-        Given I am authenticated as "<email>"
-        When I go to "/organizations/204"
-        Then the response status code should be 200
-        Examples:
-            | url                               | name         | email                  |
-            | /organizations/204/users/105/edit | Chuck NORRIS | chuck.norris@resop.com |
-            | /organizations/204/users/101/edit | John DOE     | admin201@resop.com     |
+#    TODO: Write feature
+#    Scenario Outline: As an admin of an organization, I can promote a user as admin of an organization and this user has admin privilege
+#        Given I am authenticated as "admin204@resop.com"
+#        When I go to "<url>"
+#        And I follow "Promouvoir administrateur de UL DE BRIE ET CHANTEREINE"
+#        Then I should be on "<url>"
+#        And the response status code should be 200
+#        And I should see "L'utilisateur \"<name>\" a été promu administrateur de UL DE BRIE ET CHANTEREINE avec succès."
+#        And I should see "Révoquer la fonction d'administrateur de UL DE BRIE ET CHANTEREINE"
+#        Given I am authenticated as "<email>"
+#        When I go to "/organizations/204"
+#        Then the response status code should be 200
+#        Examples:
+#            | url                               | name         | email                  |
+#            | /organizations/204/users/105/edit | Chuck NORRIS | chuck.norris@resop.com |
+#            | /organizations/204/users/101/edit | John DOE     | admin201@resop.com     |
 
-    Scenario: As an admin of an organization, I can revoke user's admin privilege of an organization and this user doesn't have admin privilege anymore
-        Given I am authenticated as "admin202@resop.com"
-        When I go to "/organizations/204/users/4/edit"
-        And I follow "Révoquer la fonction d'administrateur de UL DE BRIE ET CHANTEREINE"
-        Then I should be on "/organizations/204/users/4/edit"
-        And the response status code should be 200
-        And I should see "Le privilège d'administrateur pour la structure UL-DE-BRIE-ET-CHANTEREINE de \"Freddy MERCURY\" a été révoquée avec succès."
-        And I should see "Promouvoir administrateur de UL DE BRIE ET CHANTEREINE"
-        Given I am authenticated as "admin204@resop.com"
-        When I go to "/organizations/204"
-        Then the response status code should be 403
+#    TODO: Write feature
+#    Scenario: As an admin of an organization, I can revoke user's admin privilege of an organization and this user doesn't have admin privilege anymore
+#        Given I am authenticated as "admin202@resop.com"
+#        When I go to "/organizations/204/users/4/edit"
+#        And I follow "Révoquer la fonction d'administrateur de UL DE BRIE ET CHANTEREINE"
+#        Then I should be on "/organizations/204/users/4/edit"
+#        And the response status code should be 200
+#        And I should see "Le privilège d'administrateur pour la structure UL-DE-BRIE-ET-CHANTEREINE de \"Freddy MERCURY\" a été révoquée avec succès."
+#        And I should see "Promouvoir administrateur de UL DE BRIE ET CHANTEREINE"
+#        Given I am authenticated as "admin204@resop.com"
+#        When I go to "/organizations/204"
+#        Then the response status code should be 403
 
-    Scenario: As an admin of an organization, I cannot promote admin a user who is already admin
-        Given I am authenticated as "admin202@resop.com"
-        When I go to "/organizations/204/users/4/promote-admin"
-        Then the response status code should be 400
+#    TODO: Write feature
+#    Scenario: As an admin of an organization, I cannot promote admin a user who is already admin
+#        Given I am authenticated as "admin202@resop.com"
+#        When I go to "/organizations/204/users/4/promote-admin"
+#        Then the response status code should be 400
 
-    Scenario: As an admin of an organization, I cannot revoke a user who is not an admin
-        Given I am authenticated as "admin202@resop.com"
-        When I go to "/organizations/204/users/5/revoke-admin"
-        Then the response status code should be 400
+#    TODO: Write feature
+#    Scenario: As an admin of an organization, I cannot revoke a user who is not an admin
+#        Given I am authenticated as "admin202@resop.com"
+#        When I go to "/organizations/204/users/5/revoke-admin"
+#        Then the response status code should be 400
diff --git a/features/user/availabilities.feature b/features/user/availabilities.feature
index 1b8614ef..a235643a 100644
--- a/features/user/availabilities.feature
+++ b/features/user/availabilities.feature
@@ -20,7 +20,7 @@ Feature:
         And the response status code should be 200
 
     Scenario Outline: As authenticated user, I cannot add an availability on a booked/locked slot
-        Given I am authenticated as "admin203@resop.com"
+        Given I am authenticated as "admin201@resop.com"
         And I am on "/"
         When I follow "Semaine prochaine"
         Then the url should match "/user/availability"
@@ -60,7 +60,7 @@ Feature:
         And the availability checkbox "<time>" should be unchecked
         Examples:
             | time                      |
-            | next week monday 3 pm     |
+            | next week monday 6 pm     |
             | next week tuesday 8 am    |
             | next week wednesday 12 pm |
             | next week thursday 2pm    |
@@ -87,4 +87,5 @@ Feature:
         And the availability checkbox "<time>" should be unchecked
         Examples:
             | time                    |
-            | tuesday next week 10 am |
+            | next week monday 10 am |
+            | next week monday 12 pm |
diff --git a/features/user/edit.feature b/features/user/edit.feature
index 3e227a42..88bcd0ea 100644
--- a/features/user/edit.feature
+++ b/features/user/edit.feature
@@ -116,12 +116,11 @@ Feature:
         And I press "Valider"
         Then I should be on "/"
         And I should see "Vos informations ont été mises à jour avec succès."
+        And I should see "NIVOL : 899999A"
         When I follow "Déconnexion"
         And I fill in the following:
-            | user_login[identifier]      | <login> |
-            | user_login[birthday][day]   | 01      |
-            | user_login[birthday][month] | 01      |
-            | user_login[birthday][year]  | 1990    |
+            | user_login[identifier] | <login> |
+            | user_login[password]   | covid19 |
         And I press "Je me connecte"
         Then I should be on "/"
         And I should see "NIVOL : 899999A"
diff --git a/features/user/login.feature b/features/user/login.feature
index 9e6fab71..447a48ef 100644
--- a/features/user/login.feature
+++ b/features/user/login.feature
@@ -29,7 +29,6 @@ Feature:
             | user_login[password]   | invalid |
         And I press "Je me connecte"
         Then I should be on "/login"
-        And the response status code should be 400
         And I should see "Veuillez saisir un numéro NIVOL ou une adresse e-mail valide, ou la date de naissance ne corresponds pas à ce NIVOL/email."
         Examples:
             | login              |
@@ -45,7 +44,6 @@ Feature:
             | user_login[birthday][year]  | 1990    |
         And I press "Je me connecte"
         Then I should be on "/login"
-        And the response status code should be 400
         And I should see "Veuillez saisir un numéro NIVOL ou une adresse e-mail valide, ou la date de naissance ne corresponds pas à ce NIVOL/email."
         Examples:
             | login              |
@@ -62,11 +60,11 @@ Feature:
         And I press "Je me connecte"
         Then I should be on "/"
         And the response status code should be 200
-        And I should see "NIVOL : 990002A"
+        And I should see "NIVOL : <identificationNumber>"
         Examples:
-            | login              |
-            | admin203@resop.com |
-            | 990001A            |
+            | login              | identificationNumber |
+            | admin203@resop.com | 990002A              |
+            | 990003A            | 990003A              |
 
     Scenario Outline: As a user without a password, I cannot log in with an invalid birth date
         Given I am on "/login"
@@ -77,12 +75,11 @@ Feature:
             | user_login[birthday][year]  | 1992    |
         And I press "Je me connecte"
         Then I should be on "/login"
-        And the response status code should be 400
         And I should see "Veuillez saisir un numéro NIVOL ou une adresse e-mail valide, ou la date de naissance ne corresponds pas à ce NIVOL/email."
         Examples:
             | login              |
             | admin203@resop.com |
-            | 990001A            |
+            | 990003A            |
 
     Scenario: As an authenticated user, I can log out
         Given I am authenticated as "admin201@resop.com"
diff --git a/features/user/password.feature b/features/user/password.feature
index d5d4c539..98204dad 100644
--- a/features/user/password.feature
+++ b/features/user/password.feature
@@ -11,55 +11,57 @@ Feature:
     Scenario: As an admin of an organization with no password set, I see a warning
         Given I am authenticated as "admin203@resop.com"
         When I go to "/"
-        Then I should see "Vous devez renseigner votre mot de passe afin d'administrer votre structure."
-        And the response status code should be 400
+        Then I should be on "/"
+        And the response status code should be 200
+        And I should see "Vous devez renseigner votre mot de passe afin d'administrer votre structure."
 
-    Scenario: As a user, I cannot update my password with empty data
+    Scenario: As a user, I cannot set my password with empty data
         Given I am authenticated as "admin203@resop.com"
         And I am on "/user/password"
+        And I should not see a "input#user_password_currentPassword" element
         When I fill in the following:
-            | password[password][first]  |  |
-            | password[password][second] |  |
+            | user_password[plainPassword][first]  |  |
+            | user_password[plainPassword][second] |  |
         And I press "Valider"
         Then I should be on "/user/password"
         And the response status code should be 400
-        And I should see "Cette valeur ne doit pas être vide." in the "label[for=password_password_first] .form-error-message" element
-        And I should see "Cette valeur ne doit pas être vide." in the "label[for=password_password_second] .form-error-message" element
+        And I should see "Cette valeur ne doit pas être vide." in the "label[for=user_password_plainPassword_first] .form-error-message" element
 
-    Scenario: As a user, I cannot update my password with invalid data
+    Scenario: As a user, I cannot set my password with invalid data
         Given I am authenticated as "admin203@resop.com"
         And I am on "/user/password"
+        And I should not see a "input#user_password_currentPassword" element
         When I fill in the following:
-            | password[password][first]  | foo |
-            | password[password][second] | bar |
+            | user_password[plainPassword][first]  | foo |
+            | user_password[plainPassword][second] | bar |
         And I press "Valider"
         Then I should be on "/user/password"
         And the response status code should be 400
-        And I should see "Les mots de passe ne correspondent pas." in the "label[for=password_password_first] .form-error-message" element
+        And I should see "Cette valeur n'est pas valide." in the "label[for=user_password_plainPassword_first] .form-error-message" element
 
     Scenario Outline: As a user with a password, I cannot update it with an empty or invalid current one
         Given I am authenticated as "admin201@resop.com"
         And I am on "/user/password"
         When I fill in the following:
-            | password[current]          | <value> |
-            | password[password][first]  | foo     |
-            | password[password][second] | foo     |
+            | user_password[currentPassword]       | <value> |
+            | user_password[plainPassword][first]  | foo     |
+            | user_password[plainPassword][second] | foo     |
         And I press "Valider"
         Then I should be on "/user/password"
         And the response status code should be 400
-        And I should see "<message>" in the "label[for=password_current] .form-error-message" element
+        And I should see "<message>" in the "label[for=user_password_currentPassword] .form-error-message" element
         Examples:
-            | value   | message                             |
-            |         | Cette valeur ne doit pas être vide. |
-            | invalid | Cette valeur est invalide.          |
+            | value   | message                        |
+            |         | Cette valeur n'est pas valide. |
+            | invalid | Cette valeur n'est pas valide. |
 
     Scenario Outline: As a user with a password, I can update it
         Given I am authenticated as "admin201@resop.com"
         And I am on "/user/password"
         When I fill in the following:
-            | password[current]          | covid19 |
-            | password[password][first]  | covid20 |
-            | password[password][second] | covid20 |
+            | user_password[currentPassword]       | covid19 |
+            | user_password[plainPassword][first]  | covid20 |
+            | user_password[plainPassword][second] | covid20 |
         And I press "Valider"
         Then I should be on "/"
         And the response status code should be 200
@@ -80,10 +82,10 @@ Feature:
     Scenario Outline: As a user without a password, I can set it
         Given I am authenticated as "admin203@resop.com"
         And I am on "/user/password"
+        And I should not see a "input#user_password_currentPassword" element
         When I fill in the following:
-            | password[current]          |         |
-            | password[password][first]  | covid20 |
-            | password[password][second] | covid20 |
+            | user_password[plainPassword][first]  | covid20 |
+            | user_password[plainPassword][second] | covid20 |
         And I press "Valider"
         Then I should be on "/"
         And the response status code should be 200
diff --git a/fixtures/organizations.yaml b/fixtures/organizations.yaml
index 5bc4b542..f53c5691 100644
--- a/fixtures/organizations.yaml
+++ b/fixtures/organizations.yaml
@@ -2,18 +2,14 @@ App\Entity\Organization:
   Organization.DT75:
     id: 201
     name: DT75
-    plainPassword: covid19
   Organization.DT77:
     id: 202
     name: DT77
-    plainPassword: covid19
   Organization.UL-01-02:
     id: 203
     name: UL 01-02
-    plainPassword: covid19
     parent: '@Organization.DT75'
   Organization.UL-DE-BRIE-ET-CHANTEREINE:
     id: 204
     name: UL DE BRIE ET CHANTEREINE
-    plainPassword: covid19
     parent: '@Organization.DT77'
diff --git a/fixtures/users.yaml b/fixtures/users.yaml
index 6f00266c..928996a6 100644
--- a/fixtures/users.yaml
+++ b/fixtures/users.yaml
@@ -7,7 +7,7 @@ App\Entity\User:
     lastName: DOE
     organization: '@Organization.DT75'
     identificationNumber: 990001A
-    emailAddress (unique): admin201@resop.com
+    emailAddress: admin201@resop.com
     plainPassword: covid19
     phoneNumber: '<phoneNumberObject("0612345678", "FR")>'
     birthday: '1990-01-01'
@@ -24,7 +24,7 @@ App\Entity\User:
     lastName: DOE
     organization: '@Organization.UL-01-02'
     identificationNumber: 990002A
-    emailAddress (unique): admin203@resop.com
+    emailAddress: admin203@resop.com
     phoneNumber: '<phoneNumberObject("0612345678", "FR")>'
     birthday: '1990-01-01'
     skillSet: '<randomSkillSet()>'
@@ -40,7 +40,7 @@ App\Entity\User:
     lastName: DOE
     organization: '@Organization.UL-01-02'
     identificationNumber: 990003A
-    emailAddress (unique): jill.doe@resop.com
+    emailAddress: jill.doe@resop.com
     phoneNumber: '<phoneNumberObject("0612345678", "FR")>'
     birthday: '1990-01-01'
     skillSet: '<randomSkillSet()>'
@@ -56,7 +56,7 @@ App\Entity\User:
     lastName: MERCURY
     organization: '@Organization.UL-DE-BRIE-ET-CHANTEREINE'
     identificationNumber: 990004A
-    emailAddress (unique): admin204@resop.com
+    emailAddress: admin204@resop.com
     plainPassword: covid19
     phoneNumber: '<phoneNumberObject("0612345678", "FR")>'
     birthday: '1990-01-01'
@@ -73,7 +73,7 @@ App\Entity\User:
     lastName: NORRIS
     organization: '@Organization.UL-DE-BRIE-ET-CHANTEREINE'
     identificationNumber: 990005A
-    emailAddress (unique): chuck.norris@resop.com
+    emailAddress: chuck.norris@resop.com
     plainPassword: covid19
     phoneNumber: '<phoneNumberObject("0612345678", "FR")>'
     birthday: '1990-01-01'
@@ -89,7 +89,7 @@ App\Entity\User:
     lastName: GAGA
     organization: '@Organization.DT77'
     identificationNumber: 990006A
-    emailAddress (unique): admin202@resop.com
+    emailAddress: admin202@resop.com
     plainPassword: covid19
     phoneNumber: '<phoneNumberObject("0612345678", "FR")>'
     birthday: '1990-01-01'
diff --git a/src/Command/LoadOrganizationsCommand.php b/src/Command/LoadOrganizationsCommand.php
index 36a45a4c..32f72245 100644
--- a/src/Command/LoadOrganizationsCommand.php
+++ b/src/Command/LoadOrganizationsCommand.php
@@ -10,7 +10,6 @@
 use Symfony\Component\Console\Input\InputInterface;
 use Symfony\Component\Console\Output\OutputInterface;
 use Symfony\Component\Console\Style\SymfonyStyle;
-use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
 
 class LoadOrganizationsCommand extends Command
 {
@@ -41,14 +40,11 @@ class LoadOrganizationsCommand extends Command
 
     private EntityManagerInterface $entityManager;
 
-    private EncoderFactoryInterface $encoders;
-
     private array $outputTable = [];
 
-    public function __construct(EntityManagerInterface $entityManager, EncoderFactoryInterface $encoders)
+    public function __construct(EntityManagerInterface $entityManager)
     {
         $this->entityManager = $entityManager;
-        $this->encoders = $encoders;
 
         parent::__construct();
     }
@@ -115,19 +111,10 @@ private function createOrganization(string $organizationName, Organization $pare
         $organization->name = $organizationName;
         $organization->parent = $parentOrganization;
 
-        $encoder = $this->encoders->getEncoder(Organization::class);
-        $plainPassword = $this->getPlainPassword();
-        $organization->setPassword($encoder->encodePassword($plainPassword, null));
-
         $this->entityManager->persist($organization);
 
-        $this->outputTable[] = [$organization->getName(), $plainPassword];
+        $this->outputTable[] = [$organization->getName()];
 
         return $organization;
     }
-
-    private function getPlainPassword(): string
-    {
-        return substr(sha1(random_bytes(6)), 0, 6);
-    }
 }
diff --git a/src/Controller/Organization/AbstractOrganizationController.php b/src/Controller/Organization/AbstractOrganizationController.php
index 9e22a2d1..3c9023ae 100644
--- a/src/Controller/Organization/AbstractOrganizationController.php
+++ b/src/Controller/Organization/AbstractOrganizationController.php
@@ -6,6 +6,7 @@
 
 use App\Entity\Organization;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 
 abstract class AbstractOrganizationController extends AbstractController
@@ -16,11 +17,13 @@ abstract class AbstractOrganizationController extends AbstractController
     protected function generateUrl(string $route, array $parameters = [], int $referenceType = UrlGeneratorInterface::ABSOLUTE_PATH): string
     {
         if (preg_match('/^app_organization_.*$/', $route)) {
-            /** @var Organization $user */
-            $user = $this->getUser();
+            /** @var Request $request */
+            $request = $this->get('request_stack')->getCurrentRequest();
+            /** @var Organization $currentOrganization */
+            $currentOrganization = $request->attributes->get('currentOrganization');
             $organization = $parameters['organization'] ?? null;
-            $parameters = array_merge($parameters, ['organization' => $user->getId()]);
-            if (null !== $organization && $user->getId() !== $organization) {
+            $parameters = array_merge($parameters, ['organization' => $currentOrganization->getId()]);
+            if (null !== $organization && $currentOrganization->getId() !== $organization) {
                 $parameters['organizationId'] = $organization;
             }
         }
diff --git a/src/Controller/Organization/AssetType/AssetTypeEditController.php b/src/Controller/Organization/AssetType/AssetTypeEditController.php
index 7b83b6d1..a0b854bf 100644
--- a/src/Controller/Organization/AssetType/AssetTypeEditController.php
+++ b/src/Controller/Organization/AssetType/AssetTypeEditController.php
@@ -15,16 +15,13 @@
 
 /**
  * @Route("/new", name="app_organization_assetType_new", methods={"GET", "POST"})
- * @Route("/{id<\d+>}/edit", name="app_organization_assetType_edit", methods={"GET", "POST"})
- * @Security("is_granted('ROLE_PARENT_ORGANIZATION')")
+ * @Route("/{assetType<\d+>}/edit", name="app_organization_assetType_edit", methods={"GET", "POST"})
+ * @Security("organization.isParent() and (null === assetType or is_granted('ROLE_PARENT_ORGANIZATION', assetType.organization))")
  */
 class AssetTypeEditController extends AbstractOrganizationController
 {
-    public function __invoke(Request $request, ?AssetType $assetType): Response
+    public function __invoke(Request $request, Organization $organization, ?AssetType $assetType): Response
     {
-        /** @var Organization $organization */
-        $organization = $this->getUser();
-
         if (null === $assetType) {
             $assetType = new AssetType();
             $assetType->organization = $organization;
@@ -47,6 +44,7 @@ public function __invoke(Request $request, ?AssetType $assetType): Response
         return $this->render('organization/assetType/edit.html.twig', [
             'persistedKeys' => $persistedKeys,
             'form' => $form->createView(),
+            'organization' => $organization,
         ]);
     }
 }
diff --git a/src/Controller/Organization/AssetType/AssetTypeListController.php b/src/Controller/Organization/AssetType/AssetTypeListController.php
index 0334f4f6..c8f880a9 100644
--- a/src/Controller/Organization/AssetType/AssetTypeListController.php
+++ b/src/Controller/Organization/AssetType/AssetTypeListController.php
@@ -13,7 +13,7 @@
 
 /**
  * @Route(name="app_organization_assetType_list", methods={"GET"})
- * @Security("is_granted('ROLE_PARENT_ORGANIZATION')")
+ * @Security("organization.isParent()")
  */
 class AssetTypeListController extends AbstractController
 {
@@ -24,13 +24,11 @@ public function __construct(AssetTypeRepository $assetTypeRepository)
         $this->assetTypeRepository = $assetTypeRepository;
     }
 
-    public function __invoke(): Response
+    public function __invoke(Organization $organization): Response
     {
-        /** @var Organization $organization */
-        $organization = $this->getUser();
-
         return $this->render('organization/assetType/list.html.twig', [
             'assetTypes' => $this->assetTypeRepository->findByOrganization($organization),
+            'organization' => $organization,
         ]);
     }
 }
diff --git a/src/Controller/Organization/Children/EditController.php b/src/Controller/Organization/Children/EditController.php
index 36e1d196..816bb2f7 100644
--- a/src/Controller/Organization/Children/EditController.php
+++ b/src/Controller/Organization/Children/EditController.php
@@ -7,28 +7,27 @@
 use App\Controller\Organization\AbstractOrganizationController;
 use App\Entity\Organization;
 use App\Form\Type\OrganizationType;
-use App\Security\Voter\OrganizationVoter;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * @Route("/{object<\d+>}/edit", name="app_organization_edit", methods={"GET", "POST"})
- * @IsGranted(OrganizationVoter::CAN_MANAGE, subject="object")
+ * @Route("/{organizationToEdit<\d+>}/edit", name="app_organization_edit", methods={"GET", "POST"})
+ * @Security("organization.isParent() and !organizationToEdit.isParent() and is_granted('ROLE_PARENT_ORGANIZATION', organizationToEdit)")
  */
 class EditController extends AbstractOrganizationController
 {
-    public function __invoke(Request $request, Organization $object): Response
+    public function __invoke(Request $request, Organization $organizationToEdit): Response
     {
-        $form = $this->createForm(OrganizationType::class, $object);
+        $form = $this->createForm(OrganizationType::class, $organizationToEdit);
         $form->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
             $flashMessage = 'La structure a été mise à jour avec succès.';
 
             $entityManager = $this->getDoctrine()->getManager();
-            $entityManager->persist($object);
+            $entityManager->persist($organizationToEdit);
             $entityManager->flush();
 
             $this->addFlash('success', $flashMessage);
@@ -39,7 +38,7 @@ public function __invoke(Request $request, Organization $object): Response
         return $this->render(
             'organization/edit.html.twig',
             [
-                'organization' => $object,
+                'organization' => $organizationToEdit,
                 'form' => $form->createView(),
             ]
         )->setStatusCode($form->isSubmitted() ? Response::HTTP_BAD_REQUEST : Response::HTTP_OK);
diff --git a/src/Controller/Organization/Children/ListController.php b/src/Controller/Organization/Children/ListController.php
index 8a7f95f6..9c164536 100644
--- a/src/Controller/Organization/Children/ListController.php
+++ b/src/Controller/Organization/Children/ListController.php
@@ -5,35 +5,21 @@
 namespace App\Controller\Organization\Children;
 
 use App\Entity\Organization;
-use App\Repository\OrganizationRepository;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
-use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 
 /**
  * @Route(name="app_organization_list", methods={"GET"})
+ * @Security("organization.isParent()")
  */
 class ListController extends AbstractController
 {
-    protected OrganizationRepository $organizationRepository;
-
-    public function __construct(OrganizationRepository $organizationRepository)
-    {
-        $this->organizationRepository = $organizationRepository;
-    }
-
-    public function __invoke(): Response
+    public function __invoke(Organization $organization): Response
     {
-        $organization = $this->getUser();
-        if (!$organization instanceof Organization || !$organization->isParent()) {
-            throw new AccessDeniedException();
-        }
-
-        $organizations = $this->organizationRepository->findBy(['parent' => $organization], ['name' => 'ASC']);
-
         return $this->render('organization/list.html.twig', [
-            'organizations' => $organizations,
+            'organization' => $organization,
         ]);
     }
 }
diff --git a/src/Controller/Organization/Children/NewController.php b/src/Controller/Organization/Children/NewController.php
index e6d5e57e..c73b507c 100644
--- a/src/Controller/Organization/Children/NewController.php
+++ b/src/Controller/Organization/Children/NewController.php
@@ -7,32 +7,28 @@
 use App\Controller\Organization\AbstractOrganizationController;
 use App\Entity\Organization;
 use App\Form\Type\OrganizationType;
-use App\Security\Voter\OrganizationVoter;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
  * @Route("/new", name="app_organization_new", methods={"GET", "POST"})
- * @IsGranted(OrganizationVoter::CAN_CREATE)
+ * @Security("organization.isParent()")
  */
 class NewController extends AbstractOrganizationController
 {
-    public function __invoke(Request $request): Response
+    public function __invoke(Request $request, Organization $organization): Response
     {
-        /** @var Organization $currentOrganization */
-        $currentOrganization = $this->getUser();
+        $child = new Organization();
+        $child->parent = $organization;
 
-        $organization = new Organization();
-        $organization->parent = $currentOrganization;
-
-        $form = $this->createForm(OrganizationType::class, $organization);
+        $form = $this->createForm(OrganizationType::class, $child);
         $form->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
             $entityManager = $this->getDoctrine()->getManager();
-            $entityManager->persist($organization);
+            $entityManager->persist($child);
             $entityManager->flush();
 
             $this->addFlash('success', 'La structure a été ajoutée avec succès.');
@@ -43,7 +39,7 @@ public function __invoke(Request $request): Response
         return $this->render(
             'organization/edit.html.twig',
             [
-                'organization' => $organization,
+                'organization' => $child,
                 'form' => $form->createView(),
             ]
         )->setStatusCode($form->isSubmitted() ? Response::HTTP_BAD_REQUEST : Response::HTTP_OK);
diff --git a/src/Controller/Organization/CommissionableAsset/AssetAddController.php b/src/Controller/Organization/CommissionableAsset/AssetAddController.php
index 4093c514..d7f219b8 100644
--- a/src/Controller/Organization/CommissionableAsset/AssetAddController.php
+++ b/src/Controller/Organization/CommissionableAsset/AssetAddController.php
@@ -9,8 +9,7 @@
 use App\Entity\Organization;
 use App\Form\Type\CommissionableAssetType;
 use App\Repository\AssetTypeRepository;
-use App\Security\Voter\OrganizationVoter;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
@@ -18,7 +17,7 @@
 
 /**
  * @Route("/add", name="app_organization_asset_add", methods={"GET", "POST"})
- * @IsGranted(OrganizationVoter::CAN_MANAGE, subject="organization")
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
  */
 class AssetAddController extends AbstractOrganizationController
 {
@@ -33,7 +32,7 @@ public function __invoke(Request $request, Organization $organization): Response
     {
         $assetType = null;
         if ($request->query->has('type')) {
-            $assetType = $this->assetTypeRepository->findByOrganizationAndId($organization, (int) $request->query->get('type'));
+            $assetType = $this->assetTypeRepository->findByOrganizationAndId($organization, $request->query->getInt('type'));
         }
 
         if (null === $assetType) {
diff --git a/src/Controller/Organization/CommissionableAsset/AssetDeleteController.php b/src/Controller/Organization/CommissionableAsset/AssetDeleteController.php
index 14675c4c..a2d7b7b6 100644
--- a/src/Controller/Organization/CommissionableAsset/AssetDeleteController.php
+++ b/src/Controller/Organization/CommissionableAsset/AssetDeleteController.php
@@ -7,15 +7,14 @@
 use App\Controller\Organization\AbstractOrganizationController;
 use App\Entity\CommissionableAsset;
 use App\Repository\CommissionableAssetAvailabilityRepository;
-use App\Security\Voter\CommissionableAssetVoter;
 use Doctrine\ORM\EntityManagerInterface;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
  * @Route("/{asset<\d+>}/delete", name="app_organization_asset_delete", methods={"GET"})
- * @IsGranted(CommissionableAssetVoter::CAN_EDIT, subject="asset")
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', asset.organization)")
  */
 class AssetDeleteController extends AbstractOrganizationController
 {
diff --git a/src/Controller/Organization/CommissionableAsset/AssetEditController.php b/src/Controller/Organization/CommissionableAsset/AssetEditController.php
index fe964c71..9ac0d488 100644
--- a/src/Controller/Organization/CommissionableAsset/AssetEditController.php
+++ b/src/Controller/Organization/CommissionableAsset/AssetEditController.php
@@ -7,15 +7,14 @@
 use App\Controller\Organization\AbstractOrganizationController;
 use App\Entity\CommissionableAsset;
 use App\Form\Type\CommissionableAssetType;
-use App\Security\Voter\CommissionableAssetVoter;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
  * @Route("/{asset<\d+>}/edit", name="app_organization_asset_edit", methods={"GET", "POST"})
- * @IsGranted(CommissionableAssetVoter::CAN_EDIT, subject="asset")
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', asset.organization)")
  */
 class AssetEditController extends AbstractOrganizationController
 {
diff --git a/src/Controller/Organization/CommissionableAsset/AssetShowModalController.php b/src/Controller/Organization/CommissionableAsset/AssetShowModalController.php
index b8308240..7de28640 100644
--- a/src/Controller/Organization/CommissionableAsset/AssetShowModalController.php
+++ b/src/Controller/Organization/CommissionableAsset/AssetShowModalController.php
@@ -5,17 +5,21 @@
 namespace App\Controller\Organization\CommissionableAsset;
 
 use App\Entity\CommissionableAsset;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
  * @Route("/{asset<\d+>}/modal", name="app_organization_asset_show_modal", methods={"GET", "POST"})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', asset.organization)")
  */
 class AssetShowModalController extends AbstractController
 {
     public function __invoke(CommissionableAsset $asset): Response
     {
-        return $this->render('organization/commissionable_asset/show-modal-content.html.twig', ['asset' => $asset]);
+        return $this->render('organization/commissionable_asset/show-modal-content.html.twig', [
+            'asset' => $asset,
+        ]);
     }
 }
diff --git a/src/Controller/Organization/CommissionableAsset/AssetsListController.php b/src/Controller/Organization/CommissionableAsset/AssetsListController.php
index 97c74c50..073800e2 100644
--- a/src/Controller/Organization/CommissionableAsset/AssetsListController.php
+++ b/src/Controller/Organization/CommissionableAsset/AssetsListController.php
@@ -7,8 +7,7 @@
 use App\Entity\Organization;
 use App\Form\Factory\OrganizationSelectorFormFactory;
 use App\Repository\CommissionableAssetRepository;
-use App\Security\Voter\OrganizationVoter;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
@@ -16,7 +15,7 @@
 
 /**
  * @Route(name="app_organization_assets", methods={"GET"})
- * @IsGranted(OrganizationVoter::CAN_MANAGE, subject="organization")
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
  */
 class AssetsListController extends AbstractController
 {
@@ -29,11 +28,8 @@ public function __construct(CommissionableAssetRepository $assetRepository, Orga
         $this->organizationSelectorFormFactory = $organizationSelectorFormFactory;
     }
 
-    public function __invoke(Request $request, Organization $organization): Response
+    public function __invoke(Request $request, Organization $organization, Organization $currentOrganization): Response
     {
-        /** @var Organization $currentOrganization */
-        $currentOrganization = $this->getUser();
-
         return $this->render(
             'organization/commissionable_asset/list.html.twig',
             [
diff --git a/src/Controller/Organization/CommissionableAsset/AvailabilityController.php b/src/Controller/Organization/CommissionableAsset/AvailabilityController.php
index 4a44a483..28cad1ad 100644
--- a/src/Controller/Organization/CommissionableAsset/AvailabilityController.php
+++ b/src/Controller/Organization/CommissionableAsset/AvailabilityController.php
@@ -12,12 +12,14 @@
 use App\Form\Type\AvailabilitiesDomainType;
 use App\Repository\CommissionableAssetAvailabilityRepository;
 use Doctrine\ORM\EntityManagerInterface;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
  * @Route("/{asset<\d+>}/availability/{week<\d{4}-W\d{2}>?}", name="app_organization_asset_availability", methods={"GET", "POST"})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', asset.organization)")
  */
 final class AvailabilityController extends AbstractOrganizationController
 {
diff --git a/src/Controller/Organization/CommissionableAsset/AvailabilityMissionsFindController.php b/src/Controller/Organization/CommissionableAsset/AvailabilityMissionsFindController.php
index 38489100..305a0ce1 100644
--- a/src/Controller/Organization/CommissionableAsset/AvailabilityMissionsFindController.php
+++ b/src/Controller/Organization/CommissionableAsset/AvailabilityMissionsFindController.php
@@ -7,6 +7,7 @@
 use App\Controller\User\Availability\UserAvailabityControllerTrait;
 use App\Entity\CommissionableAsset;
 use App\Repository\MissionRepository;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
@@ -16,6 +17,7 @@
 /**
  * @Route("/{asset<\d+>}/availability/missions", name="app_organization_asset_availability_missions", methods={"GET"})
  * @Route("/{asset<\d+>}/availability/{week<\d{4}-W\d{2}>?}/missions", name="app_organization_asset_availability_missions_week", methods={"GET"})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', asset.organization)")
  */
 class AvailabilityMissionsFindController extends AbstractController
 {
diff --git a/src/Controller/Organization/CommissionableAsset/PreAddAssetController.php b/src/Controller/Organization/CommissionableAsset/PreAddAssetController.php
index 24bef18a..25675af4 100644
--- a/src/Controller/Organization/CommissionableAsset/PreAddAssetController.php
+++ b/src/Controller/Organization/CommissionableAsset/PreAddAssetController.php
@@ -6,15 +6,14 @@
 
 use App\Entity\Organization;
 use App\Form\Type\PreAddAssetType;
-use App\Security\Voter\OrganizationVoter;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
  * @Route("/preAdd", name="app_organization_commissionable_pre_add_asset", methods={"GET"})
- * @IsGranted(OrganizationVoter::CAN_MANAGE, subject="organization")
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
  */
 class PreAddAssetController extends AbstractController
 {
@@ -22,7 +21,7 @@ public function __invoke(Organization $organization): Response
     {
         $form = $this->createForm(
             PreAddAssetType::class,
-            ['organizationId' => $organization->getId()],
+            ['organizationId' => $organization->id],
             ['organization' => $organization]
         )->createView();
 
diff --git a/src/Controller/Organization/DashboardController.php b/src/Controller/Organization/DashboardController.php
index 62634ae0..5f053e4d 100644
--- a/src/Controller/Organization/DashboardController.php
+++ b/src/Controller/Organization/DashboardController.php
@@ -4,19 +4,22 @@
 
 namespace App\Controller\Organization;
 
+use App\Entity\Organization;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * {organization} parameter is useless for the moment, but will be useful in ticket https://github.com/crf-devs/resop/issues/338
- *
  * @Route("/{organization<\d+>}", name="app_organization_dashboard", methods={"GET"})
+ * @Security("is_granted('ROLE_ORGANIZATION', organization)")
  */
 final class DashboardController extends AbstractController
 {
-    public function __invoke(): Response
+    public function __invoke(Organization $organization): Response
     {
-        return $this->render('organization/home.html.twig');
+        return $this->render('organization/home.html.twig', [
+            'organization' => $organization,
+        ]);
     }
 }
diff --git a/src/Controller/Organization/Forecast/PlanningForecastController.php b/src/Controller/Organization/Forecast/PlanningForecastController.php
index 2cad5241..5343edea 100644
--- a/src/Controller/Organization/Forecast/PlanningForecastController.php
+++ b/src/Controller/Organization/Forecast/PlanningForecastController.php
@@ -6,6 +6,7 @@
 
 use App\Domain\MissionTypeForecastDomain;
 use App\Domain\PlanningDomain;
+use App\Entity\Organization;
 use App\Form\Type\PlanningForecastType;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -15,7 +16,7 @@
 
 /**
  * @Route(name="app_organization_forecast", methods={"GET"})
- * @Security("is_granted('ROLE_PARENT_ORGANIZATION')")
+ * @Security("organization.isParent()")
  */
 class PlanningForecastController extends AbstractController
 {
@@ -28,10 +29,10 @@ public function __construct(PlanningDomain $planningDomain, MissionTypeForecastD
         $this->missionTypeForecastDomain = $missionTypeForecastDomain;
     }
 
-    public function __invoke(Request $request): Response
+    public function __invoke(Request $request, Organization $organization): Response
     {
-        $form = $this->planningDomain->generateForm(PlanningForecastType::class);
-        $filters = $this->planningDomain->generateFilters($form);
+        $form = $this->planningDomain->generateForm($organization, PlanningForecastType::class);
+        $filters = $this->planningDomain->generateFilters($form, $organization);
 
         return $this->render('organization/forecast/forecast.html.twig', [
             'filters' => $filters,
diff --git a/src/Controller/Organization/IndexController.php b/src/Controller/Organization/IndexController.php
deleted file mode 100644
index 36a5a05a..00000000
--- a/src/Controller/Organization/IndexController.php
+++ /dev/null
@@ -1,19 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Controller\Organization;
-
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Routing\Annotation\Route;
-
-/**
- * @Route(name="app_organization_index", methods={"GET"})
- */
-final class IndexController extends AbstractOrganizationController
-{
-    public function __invoke(): Response
-    {
-        return $this->redirectToRoute('app_organization_dashboard');
-    }
-}
diff --git a/src/Controller/Organization/Mission/AddUserAjaxController.php b/src/Controller/Organization/Mission/AddUserAjaxController.php
index fb1d314c..78cc03b1 100644
--- a/src/Controller/Organization/Mission/AddUserAjaxController.php
+++ b/src/Controller/Organization/Mission/AddUserAjaxController.php
@@ -6,6 +6,7 @@
 
 use App\Entity\Mission;
 use App\Entity\User;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Response;
@@ -13,6 +14,7 @@
 
 /**
  * @Route("/{mission<\d+>}/users/add/{userToAdd<\d+>}", name="app_organization_mission_add_user", methods={"POST"})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', mission.organization)")
  */
 class AddUserAjaxController extends AbstractController
 {
diff --git a/src/Controller/Organization/Mission/MissionController.php b/src/Controller/Organization/Mission/MissionController.php
index cbad0e11..1924e2f2 100644
--- a/src/Controller/Organization/Mission/MissionController.php
+++ b/src/Controller/Organization/Mission/MissionController.php
@@ -21,7 +21,6 @@
 
 /**
  * @Route("/")
- * @Security("is_granted('ROLE_PARENT_ORGANIZATION')")
  */
 class MissionController extends AbstractOrganizationController
 {
@@ -36,10 +35,11 @@ public function __construct(MissionRepository $missionRepository, PlanningDomain
 
     /**
      * @Route(name="app_organization_mission_index", methods={"GET"})
+     * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
      */
-    public function index(): Response
+    public function index(Organization $organization): Response
     {
-        $form = $this->planningDomain->generateForm(MissionsSearchType::class);
+        $form = $this->planningDomain->generateForm($organization, MissionsSearchType::class);
         $filters = $form->getData();
 
         return $this->render('organization/mission/index.html.twig', [
@@ -51,10 +51,11 @@ public function index(): Response
 
     /**
      * @Route("/full", name="app_organization_mission_full_list", methods={"GET"})
+     * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
      */
-    public function fullList(): Response
+    public function fullList(Organization $organization): Response
     {
-        $form = $this->planningDomain->generateForm(MissionsSearchType::class);
+        $form = $this->planningDomain->generateForm($organization, MissionsSearchType::class);
         $filters = $form->getData();
 
         return $this->render('organization/mission/list_full.html.twig', [
@@ -66,10 +67,11 @@ public function fullList(): Response
 
     /**
      * @Route("/full/export", name="app_organization_mission_full_list_export", methods={"GET"})
+     * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
      */
-    public function fullListExport(MissionDomain $missionDomain): Response
+    public function fullListExport(Organization $organization, MissionDomain $missionDomain): Response
     {
-        $form = $this->planningDomain->generateForm(MissionsSearchType::class);
+        $form = $this->planningDomain->generateForm($organization, MissionsSearchType::class);
         $filters = $form->getData();
         $query = $this->missionRepository->findByFiltersQb($filters)->getQuery();
         $em = $this->getDoctrine()->getManager();
@@ -109,12 +111,10 @@ public function fullListExport(MissionDomain $missionDomain): Response
 
     /**
      * @Route("/new", name="app_organization_mission_new", methods={"GET","POST"})
+     * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
      */
-    public function new(Request $request): Response
+    public function new(Request $request, Organization $organization): Response
     {
-        /** @var Organization $organization */
-        $organization = $this->getUser();
-
         $mission = new Mission();
         $mission->organization = $organization;
         $form = $this->createForm(MissionType::class, $mission);
@@ -136,7 +136,7 @@ public function new(Request $request): Response
 
     /**
      * @Route("/{id<\d+>}", name="app_organization_mission_show", methods={"GET"})
-     * @Security("mission.organization == user")
+     * @Security("is_granted('ROLE_PARENT_ORGANIZATION', mission.organization)")
      */
     public function show(Mission $mission): Response
     {
@@ -147,7 +147,7 @@ public function show(Mission $mission): Response
 
     /**
      * @Route("/{id<\d+>}/edit", name="app_organization_mission_edit", methods={"GET","POST"})
-     * @Security("mission.organization == user")
+     * @Security("is_granted('ROLE_PARENT_ORGANIZATION', mission.organization)")
      */
     public function edit(Request $request, Mission $mission): Response
     {
@@ -168,7 +168,7 @@ public function edit(Request $request, Mission $mission): Response
 
     /**
      * @Route("/{id<\d+>}/delete", name="app_organization_mission_delete", methods={"GET"})
-     * @Security("mission.organization == user")
+     * @Security("is_granted('ROLE_PARENT_ORGANIZATION', mission.organization)")
      */
     public function delete(Mission $mission): RedirectResponse
     {
diff --git a/src/Controller/Organization/Mission/MissionModalController.php b/src/Controller/Organization/Mission/MissionModalController.php
index 335810fc..057db7a1 100644
--- a/src/Controller/Organization/Mission/MissionModalController.php
+++ b/src/Controller/Organization/Mission/MissionModalController.php
@@ -5,19 +5,23 @@
 namespace App\Controller\Organization\Mission;
 
 use App\Entity\Mission;
+use App\Entity\Organization;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * @Route("/{id<\d+>}/modal", name="app_organization_mission_modal", methods={"GET"}, options={"expose"=true})
+ * @Route("/{mission<\d+>}/modal", name="app_organization_mission_modal", methods={"GET"}, options={"expose"=true})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
  */
 class MissionModalController extends AbstractController
 {
-    public function __invoke(Mission $mission): Response
+    public function __invoke(Organization $organization, Mission $mission): Response
     {
         return $this->render('organization/mission/show-modal-content.html.twig', [
             'mission' => $mission,
+            'organization' => $organization,
         ]);
     }
 }
diff --git a/src/Controller/Organization/Mission/MissionsFindByFiltersController.php b/src/Controller/Organization/Mission/MissionsFindByFiltersController.php
index 6eb57c05..2a3547b0 100644
--- a/src/Controller/Organization/Mission/MissionsFindByFiltersController.php
+++ b/src/Controller/Organization/Mission/MissionsFindByFiltersController.php
@@ -5,13 +5,16 @@
 namespace App\Controller\Organization\Mission;
 
 use App\Domain\PlanningDomain;
+use App\Entity\Organization;
 use App\Repository\MissionRepository;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Serializer\SerializerInterface;
 
 /**
  * @Route("/find", name="app_organization_mission_find_by_filters", methods={"GET"}, options={"expose"=true})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
  */
 class MissionsFindByFiltersController
 {
@@ -26,10 +29,10 @@ public function __construct(PlanningDomain $planningDomain, MissionRepository $m
         $this->serializer = $serializer;
     }
 
-    public function __invoke(): JsonResponse
+    public function __invoke(Organization $organization): JsonResponse
     {
-        $form = $this->planningDomain->generateForm();
-        $filters = $this->planningDomain->generateFilters($form);
+        $form = $this->planningDomain->generateForm($organization);
+        $filters = $this->planningDomain->generateFilters($form, $organization);
 
         $data = $this->missionRepository->findByPlanningFilters($filters, $this->planningDomain->getAvailableResources($filters, true));
 
diff --git a/src/Controller/Organization/MissionType/MissionTypeController.php b/src/Controller/Organization/MissionType/MissionTypeController.php
index d35b1944..da140152 100644
--- a/src/Controller/Organization/MissionType/MissionTypeController.php
+++ b/src/Controller/Organization/MissionType/MissionTypeController.php
@@ -16,7 +16,6 @@
 
 /**
  * @Route("/")
- * @Security("is_granted('ROLE_PARENT_ORGANIZATION')")
  */
 class MissionTypeController extends AbstractOrganizationController
 {
@@ -29,11 +28,10 @@ public function __construct(MissionTypeRepository $missionTypeRepository)
 
     /**
      * @Route(name="app_organization_mission_type_index", methods={"GET"})
+     * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
      */
-    public function index(): Response
+    public function index(Organization $organization): Response
     {
-        /** @var Organization $organization */
-        $organization = $this->getUser();
         $missionTypes = $this->missionTypeRepository->findByOrganization($organization);
 
         return $this->render('organization/mission_type/index.html.twig', [
@@ -43,12 +41,10 @@ public function index(): Response
 
     /**
      * @Route("/new", name="app_organization_mission_type_new", methods={"GET","POST"})
+     * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
      */
-    public function new(Request $request): Response
+    public function new(Request $request, Organization $organization): Response
     {
-        /** @var Organization $organization */
-        $organization = $this->getUser();
-
         $missionType = new MissionType();
         $missionType->organization = $organization;
         $form = $this->createForm(MissionTypeType::class, $missionType);
@@ -70,7 +66,7 @@ public function new(Request $request): Response
 
     /**
      * @Route("/{id}/edit", name="app_organization_mission_type_edit", methods={"GET","POST"})
-     * @Security("missionType.organization == user")
+     * @Security("is_granted('ROLE_PARENT_ORGANIZATION', missionType.organization)")
      */
     public function edit(Request $request, MissionType $missionType): Response
     {
diff --git a/src/Controller/Organization/MissionType/MissionTypeDeleteController.php b/src/Controller/Organization/MissionType/MissionTypeDeleteController.php
index 9648ee0a..4c389200 100644
--- a/src/Controller/Organization/MissionType/MissionTypeDeleteController.php
+++ b/src/Controller/Organization/MissionType/MissionTypeDeleteController.php
@@ -14,7 +14,7 @@
 
 /**
  * @Route("/{id}/delete", name="app_organization_mission_type_delete", methods={"GET"})
- * @Security("missionType.organization == user")
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', missionType.organization)")
  */
 class MissionTypeDeleteController extends AbstractOrganizationController
 {
diff --git a/src/Controller/Organization/Planning/PlanningCheckLastUpdateController.php b/src/Controller/Organization/Planning/PlanningCheckLastUpdateController.php
index ba9e82e8..eb9e2789 100644
--- a/src/Controller/Organization/Planning/PlanningCheckLastUpdateController.php
+++ b/src/Controller/Organization/Planning/PlanningCheckLastUpdateController.php
@@ -5,12 +5,15 @@
 namespace App\Controller\Organization\Planning;
 
 use App\Domain\PlanningDomain;
+use App\Entity\Organization;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
  * @Route("/last-update", name="app_organization_planning_last_update", methods={"GET"})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
  */
 class PlanningCheckLastUpdateController
 {
@@ -21,10 +24,10 @@ public function __construct(PlanningDomain $planningDomain)
         $this->planningDomain = $planningDomain;
     }
 
-    public function __invoke(Request $request): JsonResponse
+    public function __invoke(Request $request, Organization $currentOrganization): JsonResponse
     {
-        $form = $this->planningDomain->generateForm();
-        $filters = $this->planningDomain->generateFilters($form);
+        $form = $this->planningDomain->generateForm($currentOrganization);
+        $filters = $this->planningDomain->generateFilters($form, $currentOrganization);
 
         return new JsonResponse($this->planningDomain->generateLastUpdateAndCount($filters));
     }
diff --git a/src/Controller/Organization/Planning/PlanningController.php b/src/Controller/Organization/Planning/PlanningController.php
index d6d6b208..419817e1 100644
--- a/src/Controller/Organization/Planning/PlanningController.php
+++ b/src/Controller/Organization/Planning/PlanningController.php
@@ -10,6 +10,7 @@
 use App\Entity\Organization;
 use App\Repository\AssetTypeRepository;
 use Psr\Cache\CacheItemPoolInterface;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\Cache\CacheItem;
 use Symfony\Component\HttpFoundation\Request;
@@ -19,6 +20,7 @@
 
 /**
  * @Route(name="app_organization_planning", methods={"GET"})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
  */
 class PlanningController extends AbstractController
 {
@@ -42,13 +44,10 @@ public function __construct(
         $this->cacheTwig = $cacheTwig;
     }
 
-    public function __invoke(Request $request, string $slotInterval): Response
+    public function __invoke(Request $request, Organization $organization, string $slotInterval): Response
     {
-        /** @var Organization $organization */
-        $organization = $this->getUser();
-
-        $form = $this->planningDomain->generateForm();
-        $filters = $this->planningDomain->generateFilters($form);
+        $form = $this->planningDomain->generateForm($organization);
+        $filters = $this->planningDomain->generateFilters($form, $organization);
 
         if (!isset($filters['from'], $filters['to'])) {
             // This may happen if the passed date is invalid. TODO check it before, the format must be 2020-03-30T00:00:00
@@ -77,6 +76,7 @@ public function __invoke(Request $request, string $slotInterval): Response
 
         return $this->render('organization/planning/planning.html.twig', [
             'filters' => $filters,
+            'organization' => $organization,
             'form' => $form->createView(),
             'periodCalculator' => $periodCalculator,
             'assetsTypes' => $assetTypes,
diff --git a/src/Controller/Organization/Planning/PlanningUpdateController.php b/src/Controller/Organization/Planning/PlanningUpdateController.php
index 0a94b945..c685e894 100644
--- a/src/Controller/Organization/Planning/PlanningUpdateController.php
+++ b/src/Controller/Organization/Planning/PlanningUpdateController.php
@@ -10,15 +10,16 @@
 use App\Repository\CommissionableAssetRepository;
 use App\Repository\UserAvailabilityRepository;
 use App\Repository\UserRepository;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Routing\Annotation\Route;
-use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 
 /**
  * @Route("/update/{action}", name="app_organization_planning_update", methods={"POST"})
+ * @Security("organization.isParent()")
  */
 class PlanningUpdateController extends AbstractController
 {
@@ -35,13 +36,8 @@ public function __construct(UserRepository $userRepository, CommissionableAssetR
         $this->assetAvailabilityRepository = $assetAvailabilityRepository;
     }
 
-    public function __invoke(Request $request, string $action): JsonResponse
+    public function __invoke(Request $request, Organization $organization, string $action): JsonResponse
     {
-        $organization = $this->getUser();
-        if (!($organization instanceof Organization) || !empty($organization->parent)) {
-            throw new AccessDeniedException('Organization is required and must not have a parent');
-        }
-
         try {
             $json = json_decode($request->getContent(), true, 512, \JSON_THROW_ON_ERROR);
         } catch (\Exception $e) {
diff --git a/src/Controller/Organization/SearchController.php b/src/Controller/Organization/SearchController.php
index 6103afc4..5cf39c79 100644
--- a/src/Controller/Organization/SearchController.php
+++ b/src/Controller/Organization/SearchController.php
@@ -8,22 +8,19 @@
 use App\Repository\CommissionableAssetRepository;
 use App\Repository\OrganizationRepository;
 use App\Repository\UserRepository;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * {organization} parameter is useless for the moment, but will be useful in ticket https://github.com/crf-devs/resop/issues/338
- *
  * @Route("/{organization<\d+>}/search", name="app_organization_search", methods={"GET"}, requirements={"id"="\d+"})
+ * @Security("is_granted('ROLE_ORGANIZATION', organization)")
  */
 final class SearchController extends AbstractOrganizationController
 {
-    public function __invoke(Request $request, UserRepository $userRepository, CommissionableAssetRepository $commissionableAssetRepository, OrganizationRepository $organizationRepository): Response
+    public function __invoke(Request $request, Organization $organization, UserRepository $userRepository, CommissionableAssetRepository $commissionableAssetRepository, OrganizationRepository $organizationRepository): Response
     {
-        /** @var Organization $organization */
-        $organization = $this->getUser();
-
         /** @var string $query */
         $query = preg_replace('/\s+/', ' ', trim($request->query->get('query')));
         if (empty($query)) {
@@ -31,6 +28,7 @@ public function __invoke(Request $request, UserRepository $userRepository, Commi
         }
 
         return $this->render('organization/search.html.twig', [
+            'organization' => $organization,
             'query' => $query,
             'users' => $userRepository->search($organization, $query),
             'assets' => $commissionableAssetRepository->search($organization, $query),
diff --git a/src/Controller/Organization/Security/LoginController.php b/src/Controller/Organization/Security/LoginController.php
deleted file mode 100644
index 17777955..00000000
--- a/src/Controller/Organization/Security/LoginController.php
+++ /dev/null
@@ -1,47 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Controller\Organization\Security;
-
-use App\Controller\Organization\AbstractOrganizationController;
-use App\Entity\Organization;
-use App\Entity\User;
-use App\Repository\OrganizationRepository;
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Routing\Annotation\Route;
-use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
-
-/**
- * @Route("/login", name="app_organization_login")
- */
-final class LoginController extends AbstractOrganizationController
-{
-    private AuthenticationUtils $authenticationUtils;
-    private OrganizationRepository $organizationRepository;
-
-    public function __construct(AuthenticationUtils $authenticationUtils, OrganizationRepository $organizationRepository)
-    {
-        $this->authenticationUtils = $authenticationUtils;
-        $this->organizationRepository = $organizationRepository;
-    }
-
-    public function __invoke(): Response
-    {
-        /** @var Organization|User|null $user */
-        $user = $this->getUser();
-        if (\is_object($user)) {
-            if ($user instanceof User) {
-                return $this->redirectToRoute('app_user_home');
-            }
-
-            return $this->redirectToRoute('app_organization_dashboard', ['organization' => $user->getId()]);
-        }
-
-        return $this->render('organization/login.html.twig', [
-            'organizations' => $this->organizationRepository->loadActiveOrganizations(),
-            'last_username' => $this->authenticationUtils->getLastUsername(),
-            'error' => $this->authenticationUtils->getLastAuthenticationError(),
-        ]);
-    }
-}
diff --git a/src/Controller/Organization/Security/LogoutController.php b/src/Controller/Organization/Security/LogoutController.php
deleted file mode 100644
index 77b6be24..00000000
--- a/src/Controller/Organization/Security/LogoutController.php
+++ /dev/null
@@ -1,20 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Controller\Organization\Security;
-
-use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Routing\Annotation\Route;
-
-/**
- * @Route("/logout", name="app_organization_logout")
- */
-final class LogoutController extends AbstractController
-{
-    public function __invoke(): Response
-    {
-        throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
-    }
-}
diff --git a/src/Controller/Organization/User/AddToMissionModalController.php b/src/Controller/Organization/User/AddToMissionModalController.php
index 0a6bda1a..32df7030 100644
--- a/src/Controller/Organization/User/AddToMissionModalController.php
+++ b/src/Controller/Organization/User/AddToMissionModalController.php
@@ -5,15 +5,18 @@
 namespace App\Controller\Organization\User;
 
 use App\Domain\PlanningDomain;
+use App\Entity\Organization;
 use App\Entity\User;
 use App\Form\Type\MissionsSearchType;
 use App\Repository\MissionRepository;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * @Route("/{userToAdd<\d+>}/missions/add/modal", name="app_organization_user_add_to_mission_modal", methods={"GET"})
+ * @Route("/{user<\d+>}/missions/add/modal", name="app_organization_user_add_to_mission_modal", methods={"GET"})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', user.organization)")
  */
 class AddToMissionModalController extends AbstractController
 {
@@ -26,13 +29,13 @@ public function __construct(PlanningDomain $planningDomain, MissionRepository $m
         $this->missionRepository = $missionRepository;
     }
 
-    public function __invoke(User $userToAdd): Response
+    public function __invoke(User $user, Organization $organization): Response
     {
-        $form = $this->planningDomain->generateForm(MissionsSearchType::class);
+        $form = $this->planningDomain->generateForm($organization, MissionsSearchType::class);
         $filters = $form->getData();
 
         return $this->render('organization/mission/add-to-mission-modal-content.html.twig', [
-            'userToAdd' => $userToAdd,
+            'userToAdd' => $user,
             'filters' => $filters,
             'form' => $form->createView(),
             'missions' => $this->missionRepository->findByFilters($filters),
diff --git a/src/Controller/Organization/User/UserDeleteController.php b/src/Controller/Organization/User/UserDeleteController.php
index 1cf2f643..6c41eb66 100644
--- a/src/Controller/Organization/User/UserDeleteController.php
+++ b/src/Controller/Organization/User/UserDeleteController.php
@@ -7,15 +7,14 @@
 use App\Controller\Organization\AbstractOrganizationController;
 use App\Entity\User;
 use App\Repository\UserAvailabilityRepository;
-use App\Security\Voter\UserVoter;
 use Doctrine\ORM\EntityManagerInterface;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * @Route("/{userToDelete<\d+>}/delete", name="app_organization_user_delete", methods={"GET"})
- * @IsGranted(UserVoter::CAN_EDIT, subject="userToDelete")
+ * @Route("/{user<\d+>}/delete", name="app_organization_user_delete", methods={"GET"})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', user.organization)")
  */
 class UserDeleteController extends AbstractOrganizationController
 {
@@ -26,16 +25,16 @@ public function __construct(UserAvailabilityRepository $userAvailabilityReposito
         $this->userAvailabilityRepository = $userAvailabilityRepository;
     }
 
-    public function __invoke(EntityManagerInterface $entityManager, User $userToDelete): RedirectResponse
+    public function __invoke(EntityManagerInterface $entityManager, User $user): RedirectResponse
     {
         $entityManager->beginTransaction();
-        $this->userAvailabilityRepository->deleteByOwner($userToDelete);
-        $entityManager->remove($userToDelete);
+        $this->userAvailabilityRepository->deleteByOwner($user);
+        $entityManager->remove($user);
         $entityManager->flush();
         $entityManager->commit();
 
         $this->addFlash('success', 'Le bénévole a été supprimé avec succès.');
 
-        return $this->redirectToRoute('app_organization_user_list', ['organization' => $userToDelete->getNotNullOrganization()->id]);
+        return $this->redirectToRoute('app_organization_user_list', ['organization' => $user->getNotNullOrganization()->id]);
     }
 }
diff --git a/src/Controller/Organization/User/UserEditController.php b/src/Controller/Organization/User/UserEditController.php
index 1a41fb02..8c789519 100644
--- a/src/Controller/Organization/User/UserEditController.php
+++ b/src/Controller/Organization/User/UserEditController.php
@@ -7,36 +7,35 @@
 use App\Controller\Organization\AbstractOrganizationController;
 use App\Entity\User;
 use App\Form\Type\UserType;
-use App\Security\Voter\UserVoter;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * @Route("/{userToEdit<\d+>}/edit", name="app_organization_user_edit", methods={"GET", "POST"})
- * @IsGranted(UserVoter::CAN_EDIT, subject="userToEdit")
+ * @Route("/{user<\d+>}/edit", name="app_organization_user_edit", methods={"GET", "POST"})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', user.organization)")
  */
 class UserEditController extends AbstractOrganizationController
 {
-    public function __invoke(Request $request, User $userToEdit): Response
+    public function __invoke(Request $request, User $user): Response
     {
         $form = $this
-            ->createForm(UserType::class, $userToEdit, ['display_type' => UserType::DISPLAY_ORGANIZATION])
+            ->createForm(UserType::class, $user, ['display_type' => UserType::DISPLAY_ORGANIZATION])
             ->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
             $entityManager = $this->getDoctrine()->getManager();
-            $entityManager->persist($userToEdit);
+            $entityManager->persist($user);
             $entityManager->flush();
 
             $this->addFlash('success', 'Les informations ont été mises à jour avec succès.');
 
-            return $this->redirectToRoute('app_organization_user_list', ['organization' => $userToEdit->getNotNullOrganization()->id]);
+            return $this->redirectToRoute('app_organization_user_list', ['organization' => $user->getNotNullOrganization()->id]);
         }
 
         return $this->render('organization/user/edit.html.twig', [
-            'user' => $userToEdit,
+            'user' => $user,
             'form' => $form->createView(),
         ])->setStatusCode($form->isSubmitted() ? Response::HTTP_BAD_REQUEST : Response::HTTP_OK);
     }
diff --git a/src/Controller/Organization/User/UserListController.php b/src/Controller/Organization/User/UserListController.php
index ee3057d2..ada3e4b8 100644
--- a/src/Controller/Organization/User/UserListController.php
+++ b/src/Controller/Organization/User/UserListController.php
@@ -8,8 +8,7 @@
 use App\Form\Factory\OrganizationSelectorFormFactory;
 use App\Repository\OrganizationRepository;
 use App\Repository\UserRepository;
-use App\Security\Voter\OrganizationVoter;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
@@ -17,7 +16,7 @@
 
 /**
  * @Route(name="app_organization_user_list", methods={"GET"})
- * @IsGranted(OrganizationVoter::CAN_MANAGE, subject="organization")
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', organization)")
  */
 class UserListController extends AbstractController
 {
@@ -32,11 +31,8 @@ public function __construct(OrganizationRepository $organizationRepository, User
         $this->organizationSelectorFormFactory = $organizationSelectorFormFactory;
     }
 
-    public function __invoke(Request $request, Organization $organization): Response
+    public function __invoke(Request $request, Organization $organization, Organization $currentOrganization): Response
     {
-        /** @var Organization $currentOrganization */
-        $currentOrganization = $this->getUser();
-
         return $this->render(
             'organization/user/list.html.twig',
             [
diff --git a/src/Controller/Organization/User/UserMissionsListController.php b/src/Controller/Organization/User/UserMissionsListController.php
index 65cb41f8..b861a3c5 100644
--- a/src/Controller/Organization/User/UserMissionsListController.php
+++ b/src/Controller/Organization/User/UserMissionsListController.php
@@ -5,20 +5,22 @@
 namespace App\Controller\Organization\User;
 
 use App\Entity\User;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * @Route("/{item<\d+>}/missions", name="app_organization_user_missions_list", methods={"GET"})
+ * @Route("/{user<\d+>}/missions", name="app_organization_user_missions_list", methods={"GET"})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', user.organization)")
  */
 class UserMissionsListController extends AbstractController
 {
-    public function __invoke(User $item): Response
+    public function __invoke(User $user): Response
     {
         return $this->render('organization/user/missions_list.html.twig', [
-            'user' => $item,
-            'missions' => $item->missions,
+            'user' => $user,
+            'missions' => $user->missions,
         ]);
     }
 }
diff --git a/src/Controller/Organization/User/UserShowModalController.php b/src/Controller/Organization/User/UserShowModalController.php
index 69414a0b..4ee7589d 100644
--- a/src/Controller/Organization/User/UserShowModalController.php
+++ b/src/Controller/Organization/User/UserShowModalController.php
@@ -5,19 +5,21 @@
 namespace App\Controller\Organization\User;
 
 use App\Entity\User;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * @Route("/{userToShow<\d+>}/modal", name="app_organization_user_show_modal", methods={"GET"})
+ * @Route("/{user<\d+>}/modal", name="app_organization_user_show_modal", methods={"GET"})
+ * @Security("is_granted('ROLE_PARENT_ORGANIZATION', user.organization)")
  */
 class UserShowModalController extends AbstractController
 {
-    public function __invoke(User $userToShow): Response
+    public function __invoke(User $user): Response
     {
         return $this->render('organization/user/show-modal-content.html.twig', [
-            'user' => $userToShow,
+            'user' => $user,
         ]);
     }
 }
diff --git a/src/Controller/User/Account/CreateAccountController.php b/src/Controller/User/Account/CreateAccountController.php
index a2b4520c..36633028 100644
--- a/src/Controller/User/Account/CreateAccountController.php
+++ b/src/Controller/User/Account/CreateAccountController.php
@@ -46,7 +46,7 @@ public function __invoke(Request $request): Response
         $bdate = $request->getSession()->get(UserLoginFormAuthenticator::SECURITY_LAST_BIRTHDAY);
         if (!empty($bdate)) {
             $request->getSession()->remove(UserLoginFormAuthenticator::SECURITY_LAST_BIRTHDAY);
-            $user->setBirthday($bdate);
+            $user->birthday = $bdate;
         }
 
         $form = $this->createForm(UserType::class, $user)->handleRequest($request);
diff --git a/src/Controller/User/Account/EditAccountController.php b/src/Controller/User/Account/EditAccountController.php
index 720468de..3fb7aa22 100644
--- a/src/Controller/User/Account/EditAccountController.php
+++ b/src/Controller/User/Account/EditAccountController.php
@@ -26,12 +26,9 @@ public function __construct(EntityManagerInterface $entityManager)
 
     public function __invoke(Request $request): Response
     {
+        /** @var User $user */
         $user = $this->getUser();
 
-        if (!$user instanceof User) {
-            throw $this->createAccessDeniedException();
-        }
-
         $form = $this->createForm(UserType::class, $user)->handleRequest($request);
 
         if ($form->isSubmitted() && $form->isValid()) {
diff --git a/src/Controller/User/Account/PasswordController.php b/src/Controller/User/Account/PasswordController.php
new file mode 100644
index 00000000..b56aa8fe
--- /dev/null
+++ b/src/Controller/User/Account/PasswordController.php
@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Controller\User\Account;
+
+use App\Entity\User;
+use App\Form\Type\UserPasswordType;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+
+/**
+ * @Route("/user/password", name="app_user_password", methods={"GET", "POST"})
+ */
+final class PasswordController extends AbstractController
+{
+    private EntityManagerInterface $entityManager;
+    private UserPasswordEncoderInterface $encoder;
+
+    public function __construct(EntityManagerInterface $entityManager, UserPasswordEncoderInterface $encoder)
+    {
+        $this->entityManager = $entityManager;
+        $this->encoder = $encoder;
+    }
+
+    public function __invoke(Request $request): Response
+    {
+        /** @var User $user */
+        $user = $this->getUser();
+
+        $form = $this->createForm(UserPasswordType::class, $user)->handleRequest($request);
+
+        if ($form->isSubmitted() && $form->isValid()) {
+            /** @var string $plainPassword */
+            $plainPassword = $user->plainPassword;
+            $user->setPassword($this->encoder->encodePassword($user, $plainPassword));
+            $user->eraseCredentials();
+
+            $this->entityManager->persist($user);
+            $this->entityManager->flush();
+
+            $this->addFlash('success', 'Votre mot de passe a été mis à jour avec succès.');
+
+            return $this->redirectToRoute('app_user_home');
+        }
+
+        return $this->render('user/password-form.html.twig', [
+            'form' => $form->createView(),
+        ])->setStatusCode($form->isSubmitted() ? Response::HTTP_BAD_REQUEST : Response::HTTP_OK);
+    }
+}
diff --git a/src/Controller/User/Availability/ManageAvailabilityController.php b/src/Controller/User/Availability/ManageAvailabilityController.php
index 3b45cdf3..fb408f7a 100644
--- a/src/Controller/User/Availability/ManageAvailabilityController.php
+++ b/src/Controller/User/Availability/ManageAvailabilityController.php
@@ -35,12 +35,8 @@ public function __construct(
 
     public function __invoke(Request $request, string $slotInterval): Response
     {
+        /** @var User $user */
         $user = $this->getUser();
-
-        if (!$user instanceof User) {
-            throw $this->createAccessDeniedException();
-        }
-
         [$start, $end] = $this->getDatesByWeek($request->attributes->get('week'));
 
         $blockedSlotsInterval = new \DateInterval('PT12H');
diff --git a/src/Controller/User/Availability/MissionModalController.php b/src/Controller/User/Availability/MissionModalController.php
index a7219941..d05c8ef6 100644
--- a/src/Controller/User/Availability/MissionModalController.php
+++ b/src/Controller/User/Availability/MissionModalController.php
@@ -11,7 +11,7 @@
 use Symfony\Component\Routing\Annotation\Route;
 
 /**
- * @Route("/user/availability/missions/{id<\d+>}/modal", name="app_user_availability_mission_modal", methods={"GET"}, options={"expose"=true})
+ * @Route("/user/availability/missions/{mission<\d+>}/modal", name="app_user_availability_mission_modal", methods={"GET"}, options={"expose"=true})
  * @Security("mission.users.contains(user)")
  */
 class MissionModalController extends AbstractController
diff --git a/src/Controller/User/Availability/MissionsFindController.php b/src/Controller/User/Availability/MissionsFindController.php
index 7e713071..2857125a 100644
--- a/src/Controller/User/Availability/MissionsFindController.php
+++ b/src/Controller/User/Availability/MissionsFindController.php
@@ -31,11 +31,8 @@ public function __construct(MissionRepository $missionRepository, SerializerInte
 
     public function __invoke(Request $request): JsonResponse
     {
+        /** @var User $user */
         $user = $this->getUser();
-        if (!$user instanceof User) {
-            throw $this->createAccessDeniedException();
-        }
-
         [$start, $end] = $this->getDatesByWeek($request->attributes->get('week'));
 
         $data = $this->missionRepository->findByPlanningFilters(['from' => $start, 'to' => $end], [[(int) $user->getId()], []]);
diff --git a/src/Controller/User/Security/LoginController.php b/src/Controller/User/Security/LoginController.php
index b63d6314..a8a025cd 100644
--- a/src/Controller/User/Security/LoginController.php
+++ b/src/Controller/User/Security/LoginController.php
@@ -4,7 +4,6 @@
 
 namespace App\Controller\User\Security;
 
-use App\Entity\Organization;
 use App\Entity\User;
 use App\Form\Type\UserLoginType;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -27,14 +26,10 @@ public function __construct(AuthenticationUtils $authenticationUtils)
 
     public function __invoke(Session $session): Response
     {
-        /** @var Organization|User|null $user */
+        /** @var User|null $user */
         $user = $this->getUser();
         if (\is_object($user)) {
-            if ($user instanceof User) {
-                return $this->redirectToRoute('app_user_home');
-            }
-
-            return $this->redirectToRoute('app_organization_dashboard', ['organization' => $user->getId()]);
+            return $this->redirectToRoute('app_user_home');
         }
 
         $loginForm = $this->createForm(UserLoginType::class, [
diff --git a/src/DataFixtures/ApplicationFixtures.php b/src/DataFixtures/ApplicationFixtures.php
index 45bc8c17..a2858287 100644
--- a/src/DataFixtures/ApplicationFixtures.php
+++ b/src/DataFixtures/ApplicationFixtures.php
@@ -20,7 +20,6 @@
 use Doctrine\ORM\EntityManagerInterface;
 use Doctrine\Persistence\ObjectManager;
 use libphonenumber\PhoneNumberUtil;
-use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
 use Symfony\Component\Validator\Validator\ValidatorInterface;
 
 final class ApplicationFixtures extends Fixture
@@ -82,8 +81,6 @@ final class ApplicationFixtures extends Fixture
 
     private ValidatorInterface $validator;
 
-    private EncoderFactoryInterface $encoders;
-
     /** @var Organization[] */
     private array $organizations = [];
 
@@ -111,7 +108,6 @@ final class ApplicationFixtures extends Fixture
     private PhoneNumberUtil $phoneNumberUtil;
 
     public function __construct(
-        EncoderFactoryInterface $encoders,
         ValidatorInterface $validator,
         SkillSetDomain $skillSetDomain,
         SlotBookingGuesser $slotBookingGuesser,
@@ -121,7 +117,6 @@ public function __construct(
         int $nbUsers = null,
         int $nbAvailabilities = null
     ) {
-        $this->encoders = $encoders;
         $this->validator = $validator;
         $this->skillSetDomain = $skillSetDomain;
         $this->nbUsers = $nbUsers ?: random_int(10, 20);
@@ -246,16 +241,11 @@ private function loadMissionTypes(ObjectManager $manager): void
 
     private function loadOrganizations(ObjectManager $manager): void
     {
-        // Yield same password for all organizations.
-        // Password generation can be expensive and time consuming.
-        $encoder = $this->encoders->getEncoder(Organization::class);
-        $password = $encoder->encodePassword('covid19', null);
-
         foreach (self::ORGANIZATIONS as $parentName => $organizations) {
-            $this->addOrganization($this->makeOrganization($parentName, $password));
+            $this->addOrganization($this->makeOrganization($parentName));
 
             foreach ($organizations as $name) {
-                $this->addOrganization($this->makeOrganization($name, $password, $this->organizations[$parentName]));
+                $this->addOrganization($this->makeOrganization($name, $this->organizations[$parentName]));
             }
         }
 
@@ -322,6 +312,9 @@ private function loadUsers(ObjectManager $manager): void
                 $user->firstName = $firstNames[array_rand($firstNames)];
                 $user->lastName = $lastNames[array_rand($lastNames)];
                 $user->organization = $organization;
+                // Set encoded password directly for performances on fixtures loading
+                // Plain password is: covid19
+                $user->password = '$argon2id$v=19$m=65536,t=4,p=1$cEjk39WnLC+QRVJfNI5nmw$eM0J3UZ75hwFJRGQmph2OiBGRzJU6/NGVWcj0j+WVYw';
 
                 // e.g. 990001A
                 $user->setIdentificationNumber(str_pad(''.++$startIdNumber.'', 10, '0', \STR_PAD_LEFT).'A');
@@ -538,16 +531,12 @@ private function closeInterval(\DateTimeImmutable $dateTime): \DateTimeInterface
         return $dateTime->add(\DateInterval::createFromDateString($this->slotInterval));
     }
 
-    private function makeOrganization(string $name, string $password = null, Organization $parent = null): Organization
+    private function makeOrganization(string $name, Organization $parent = null): Organization
     {
         $organization = new Organization();
         $organization->name = $name;
         $organization->parent = $parent;
 
-        if ($password) {
-            $organization->password = $password;
-        }
-
         return $organization;
     }
 
diff --git a/src/Domain/PlanningDomain.php b/src/Domain/PlanningDomain.php
index dbcf6b83..69b62374 100644
--- a/src/Domain/PlanningDomain.php
+++ b/src/Domain/PlanningDomain.php
@@ -18,6 +18,7 @@
 use App\Repository\UserRepository;
 use Symfony\Component\Form\FormFactoryInterface;
 use Symfony\Component\Form\FormInterface;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Security;
 
@@ -58,28 +59,18 @@ public function __construct(
         $this->missionTypeRepository = $missionTypeRepository;
     }
 
-    public function generateForm(string $formType = PlanningSearchType::class): FormInterface
+    public function generateForm(Organization $organization, string $formType = PlanningSearchType::class): FormInterface
     {
-        $organization = $this->security->getUser();
+        /** @var Request $request */
         $request = $this->requestStack->getCurrentRequest();
-
-        if (!$organization instanceof Organization) {
-            throw new \LogicException();
-        }
-
         $form = $this->formFactory->createNamed('', $formType, ['organization' => $organization], ['method' => 'GET', 'attr' => ['autocomplete' => 'off']]);
         $form->handleRequest($request);
 
         return $form;
     }
 
-    public function generateFilters(FormInterface $form): array
+    public function generateFilters(FormInterface $form, Organization $organization): array
     {
-        $organization = $this->security->getUser();
-        if (!$organization instanceof Organization) {
-            throw new \LogicException('Bad user type');
-        }
-
         $filters = $form->getData();
 
         // $filters['organizations'] is an ArrayCollection
diff --git a/src/Entity/Organization.php b/src/Entity/Organization.php
index 8b7f6287..7c288e27 100644
--- a/src/Entity/Organization.php
+++ b/src/Entity/Organization.php
@@ -4,7 +4,6 @@
 
 namespace App\Entity;
 
-use App\EntityListener\UserPasswordEntityListener;
 use Doctrine\Common\Collections\ArrayCollection;
 use Doctrine\Common\Collections\Collection;
 use Doctrine\ORM\Mapping as ORM;
@@ -18,9 +17,8 @@
  *   }
  * )
  * @ORM\Entity(repositoryClass="App\Repository\OrganizationRepository")
- * @ORM\EntityListeners({UserPasswordEntityListener::class})
  */
-class Organization implements UserPasswordInterface, UserSerializableInterface
+class Organization
 {
     /**
      * @ORM\Id
@@ -36,16 +34,6 @@ class Organization implements UserPasswordInterface, UserSerializableInterface
      */
     public string $name = '';
 
-    /**
-     * @ORM\Column(nullable=true)
-     */
-    public ?string $password = null;
-
-    /**
-     * Not persisted in database, used to encode password.
-     */
-    public ?string $plainPassword = null;
-
     /**
      * @ORM\ManyToOne(targetEntity="App\Entity\Organization", inversedBy="children")
      */
@@ -53,12 +41,19 @@ class Organization implements UserPasswordInterface, UserSerializableInterface
 
     /**
      * @ORM\OneToMany(targetEntity="App\Entity\Organization", mappedBy="parent", fetch="EXTRA_LAZY")
+     * @ORM\OrderBy({"name"="ASC"})
      */
     public Collection $children;
 
+    /**
+     * @ORM\ManyToMany(targetEntity="App\Entity\User", mappedBy="organizations")
+     */
+    public Collection $admins;
+
     public function __construct()
     {
         $this->children = new ArrayCollection();
+        $this->admins = new ArrayCollection();
     }
 
     public function __toString(): string
@@ -70,14 +65,6 @@ public function __toString(): string
         return $this->name;
     }
 
-    public function userSerialize(): array
-    {
-        return [
-            'id' => $this->id,
-            'name' => $this->__toString(),
-        ];
-    }
-
     public function getId(): int
     {
         if (null === $this->id) {
@@ -87,41 +74,6 @@ public function getId(): int
         return $this->id;
     }
 
-    public function getRoles(): array
-    {
-        $roles = ['ROLE_ORGANIZATION'];
-
-        if ($this->isParent()) {
-            $roles[] = 'ROLE_PARENT_ORGANIZATION';
-        }
-
-        return $roles;
-    }
-
-    public function getPlainPassword(): ?string
-    {
-        return $this->plainPassword;
-    }
-
-    public function getPassword(): ?string
-    {
-        return $this->password;
-    }
-
-    public function getSalt(): ?string
-    {
-        return null;
-    }
-
-    public function getUsername(): string
-    {
-        return $this->name;
-    }
-
-    public function eraseCredentials(): void
-    {
-    }
-
     public function getName(): string
     {
         return $this->name;
@@ -173,8 +125,24 @@ public function removeChild(self $organization): void
         $this->children->removeElement($organization);
     }
 
-    public function setPassword(?string $password): void
+    /**
+     * @return Collection|User[]
+     */
+    public function getAdmins(): Collection
+    {
+        return $this->admins;
+    }
+
+    public function addAdmin(User $admin): void
+    {
+        if (!$this->admins->contains($admin)) {
+            $this->admins[] = $admin;
+            $admin->addOrganization($this);
+        }
+    }
+
+    public function removeAdmin(User $admin): void
     {
-        $this->password = $password;
+        $this->admins->removeElement($admin);
     }
 }
diff --git a/src/Entity/User.php b/src/Entity/User.php
index 8572badd..d8da92ca 100644
--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@@ -5,11 +5,14 @@
 namespace App\Entity;
 
 use App\EntityListener\AddDependantSkillsEntityListener;
+use App\EntityListener\UserPasswordEntityListener;
+use App\Validator\Constraints\CurrentPassword;
+use Doctrine\Common\Collections\ArrayCollection;
+use Doctrine\Common\Collections\Collection;
 use Doctrine\ORM\Mapping as ORM;
 use libphonenumber\PhoneNumber;
 use Misd\PhoneNumberBundle\Validator\Constraints\PhoneNumber as AssertPhoneNumber;
 use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
-use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Serializer\Annotation\Groups;
 use function Symfony\Component\String\u;
 use Symfony\Component\Validator\Constraints as Assert;
@@ -26,9 +29,10 @@
  * @ORM\Entity(repositoryClass="App\Repository\UserRepository")
  * @UniqueEntity("emailAddress")
  * @UniqueEntity("identificationNumber")
- * @ORM\EntityListeners({AddDependantSkillsEntityListener::class})
+ * @CurrentPassword(groups={"Default", "user:password"})
+ * @ORM\EntityListeners({AddDependantSkillsEntityListener::class, UserPasswordEntityListener::class})
  */
-class User implements UserInterface, AvailabilitableInterface, UserSerializableInterface, \Serializable
+class User implements UserPasswordInterface, AvailabilitableInterface, UserSerializableInterface /*, \Serializable*/
 {
     public const NIVOL_FORMAT = '#^\d+[A-Z]$#';
 
@@ -90,6 +94,14 @@ class User implements UserInterface, AvailabilitableInterface, UserSerializableI
      */
     public ?Organization $organization = null;
 
+    /**
+     * Organizations whose user is admin.
+     *
+     * @ORM\ManyToMany(targetEntity="App\Entity\Organization", inversedBy="admins")
+     * @ORM\OrderBy({"name"="ASC"})
+     */
+    public Collection $organizations;
+
     /**
      * @ORM\Column(type="text[]", nullable=true)
      * @Assert\NotBlank
@@ -115,6 +127,28 @@ class User implements UserInterface, AvailabilitableInterface, UserSerializableI
      */
     public array $properties = [];
 
+    /**
+     * @ORM\Column(nullable=true)
+     */
+    public ?string $password = null;
+
+    /**
+     * Not persisted in database, used to encode password.
+     *
+     * @Assert\NotBlank(groups={"user:password"})
+     */
+    public ?string $plainPassword = null;
+
+    /**
+     * Not persisted in database, used to update password.
+     */
+    public ?string $currentPassword = null;
+
+    /**
+     * @ORM\Column(type="array")
+     */
+    public array $roles = ['ROLE_USER'];
+
     public static function bootstrap(string $identifier = null): self
     {
         $user = new self();
@@ -145,6 +179,11 @@ public static function normalizeEmailAddress(string $emailAddress): string
         return u($emailAddress)->trim()->lower()->toString();
     }
 
+    public function __construct()
+    {
+        $this->organizations = new ArrayCollection();
+    }
+
     public function __toString(): string
     {
         if (null === $this->organization) {
@@ -181,6 +220,7 @@ public function serialize(): string
             $this->identificationNumber,
             $this->emailAddress,
             $this->birthday,
+            $this->password,
         ]);
     }
 
@@ -193,7 +233,8 @@ public function unserialize($serialized): void
             $this->id,
             $this->identificationNumber,
             $this->emailAddress,
-            $this->birthday) = unserialize($serialized);
+            $this->birthday,
+            $this->password) = unserialize($serialized);
     }
 
     public function getId(): ?int
@@ -233,12 +274,22 @@ public function getShortFullName(): string
 
     public function getRoles(): array
     {
-        return ['ROLE_USER'];
+        return $this->roles;
+    }
+
+    public function getPlainPassword(): ?string
+    {
+        return $this->plainPassword;
     }
 
-    public function getPassword(): string
+    public function getPassword(): ?string
     {
-        return '';
+        return $this->password;
+    }
+
+    public function setPassword(string $password): void
+    {
+        $this->password = $password;
     }
 
     public function getSalt(): ?string
@@ -255,18 +306,29 @@ public function eraseCredentials(): void
     {
     }
 
-    public function getBirthday(): string
+    public function getAvailabilities(): iterable
+    {
+        return $this->availabilities;
+    }
+
+    /**
+     * @return Collection|Organization[]
+     */
+    public function getOrganizations(): Collection
     {
-        return $this->birthday;
+        return $this->organizations;
     }
 
-    public function setBirthday(string $birthday): void
+    public function addOrganization(Organization $organization): void
     {
-        $this->birthday = $birthday;
+        if (!$this->organizations->contains($organization) && !$this->organizations->contains($organization->getParentOrganization())) {
+            $this->organizations[] = $organization;
+            $organization->addAdmin($this);
+        }
     }
 
-    public function getAvailabilities(): iterable
+    public function removeOrganization(Organization $organization): void
     {
-        return $this->availabilities;
+        $this->organizations->removeElement($organization);
     }
 }
diff --git a/src/EventListener/OrganizationListener.php b/src/EventListener/OrganizationListener.php
new file mode 100644
index 00000000..438547f9
--- /dev/null
+++ b/src/EventListener/OrganizationListener.php
@@ -0,0 +1,67 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\EventListener;
+
+use App\Repository\OrganizationRepository;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+use Symfony\Component\HttpKernel\KernelEvents;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+
+final class OrganizationListener implements EventSubscriberInterface
+{
+    private OrganizationRepository $organizationRepository;
+    private AuthorizationCheckerInterface $authorizationChecker;
+
+    public function __construct(OrganizationRepository $organizationRepository, AuthorizationCheckerInterface $authorizationChecker)
+    {
+        $this->organizationRepository = $organizationRepository;
+        $this->authorizationChecker = $authorizationChecker;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            KernelEvents::REQUEST => 'onKernelRequest',
+        ];
+    }
+
+    public function onKernelRequest(RequestEvent $event): void
+    {
+        $request = $event->getRequest();
+        if (!($route = $request->attributes->get('_route')) || !preg_match('/^app_organization_.*$/', $route)) {
+            return;
+        }
+
+        $id = $request->attributes->getInt('organization');
+        $organization = $this->organizationRepository->find($id);
+        if (!$organization) {
+            throw new NotFoundHttpException(sprintf('Organization with id "%d" not found.', $id));
+        }
+
+        if (!$this->authorizationChecker->isGranted('ROLE_ORGANIZATION', $organization)) {
+            throw new AccessDeniedException('Access denied.');
+        }
+
+        $request->attributes->set('currentOrganization', $organization);
+        $request->attributes->set('organization', $organization);
+
+        if (null === ($organizationId = $request->query->get('organizationId'))) {
+            return;
+        }
+
+        $organization = $this->organizationRepository->find($organizationId);
+        if (!$organization) {
+            throw new NotFoundHttpException(sprintf('Organization with id "%d" not found.', $organizationId));
+        }
+
+        $request->attributes->set('organization', $organization);
+    }
+}
diff --git a/src/Form/Factory/OrganizationSelectorFormFactory.php b/src/Form/Factory/OrganizationSelectorFormFactory.php
index 93eb928f..5b827a6d 100644
--- a/src/Form/Factory/OrganizationSelectorFormFactory.php
+++ b/src/Form/Factory/OrganizationSelectorFormFactory.php
@@ -18,12 +18,12 @@ public function __construct(FormFactoryInterface $formFactory)
         $this->formFactory = $formFactory;
     }
 
-    public function createForm(Organization $organization, Organization $loggedOrganization): FormInterface
+    public function createForm(Organization $organization, Organization $currentOrganization): FormInterface
     {
         return $this->formFactory->create(
             OrganizationSelectorType::class,
             ['organization' => $organization],
-            ['currentOrganization' => $loggedOrganization]
+            ['currentOrganization' => $currentOrganization]
         );
     }
 }
diff --git a/src/Form/Type/MissionTypeAssetTypesType.php b/src/Form/Type/MissionTypeAssetTypesType.php
index 2d76f0ad..4cf408fc 100644
--- a/src/Form/Type/MissionTypeAssetTypesType.php
+++ b/src/Form/Type/MissionTypeAssetTypesType.php
@@ -4,28 +4,24 @@
 
 namespace App\Form\Type;
 
-use App\Entity\Organization;
 use App\Repository\AssetTypeRepository;
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
 use Symfony\Component\Form\Extension\Core\Type\IntegerType;
 use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\OptionsResolver\OptionsResolver;
-use Symfony\Component\Security\Core\Security;
 
 class MissionTypeAssetTypesType extends AbstractType
 {
-    protected array $assetTypes;
+    private RequestStack $requestStack;
+    private AssetTypeRepository $assetTypeRepository;
 
-    public function __construct(Security $security, AssetTypeRepository $assetTypeRepository)
+    public function __construct(RequestStack $requestStack, AssetTypeRepository $assetTypeRepository)
     {
-        /** @var Organization $organization */
-        $organization = $security->getUser();
-
-        $assetTypes = $assetTypeRepository->findByOrganization($organization->getParentOrganization());
-        foreach ($assetTypes as $assetType) {
-            $this->assetTypes[$assetType->id] = $assetType->name;
-        }
+        $this->requestStack = $requestStack;
+        $this->assetTypeRepository = $assetTypeRepository;
     }
 
     public function buildForm(FormBuilderInterface $builder, array $options): void
@@ -34,7 +30,7 @@ public function buildForm(FormBuilderInterface $builder, array $options): void
         $builder
             ->add('type', ChoiceType::class, [
                 'label' => 'organization.missionType.assetTypes.type',
-                'choices' => array_flip($this->assetTypes),
+                'choices' => array_flip($this->getAssetTypes()),
                 'placeholder' => '',
                 'row_attr' => ['class' => 'row'],
                 'label_attr' => ['class' => 'col-sm-2'],
@@ -58,4 +54,18 @@ public function configureOptions(OptionsResolver $resolver): void
             ],
         ]);
     }
+
+    private function getAssetTypes(): array
+    {
+        /** @var Request $request */
+        $request = $this->requestStack->getCurrentRequest();
+        $organization = $request->attributes->get('organization');
+        $assetTypes = $this->assetTypeRepository->findByOrganization($organization->getParentOrganization());
+        $data = [];
+        foreach ($assetTypes as $assetType) {
+            $data[$assetType->id] = $assetType->name;
+        }
+
+        return $data;
+    }
 }
diff --git a/src/Form/Type/UserLoginType.php b/src/Form/Type/UserLoginType.php
index 0cfcf792..8e50cb73 100644
--- a/src/Form/Type/UserLoginType.php
+++ b/src/Form/Type/UserLoginType.php
@@ -6,6 +6,7 @@
 
 use Symfony\Component\Form\AbstractType;
 use Symfony\Component\Form\Extension\Core\Type\BirthdayType;
+use Symfony\Component\Form\Extension\Core\Type\PasswordType;
 use Symfony\Component\Form\Extension\Core\Type\TextType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
@@ -22,6 +23,11 @@ public function buildForm(FormBuilderInterface $builder, array $options): void
                 'format' => 'dd MMMM yyyy',
                 'input' => 'string',
                 'label' => 'user.dob',
+                'required' => false,
+            ])
+            ->add('password', PasswordType::class, [
+                'label' => 'user.password',
+                'required' => false,
             ]);
     }
 
diff --git a/src/Form/Type/UserPasswordType.php b/src/Form/Type/UserPasswordType.php
new file mode 100644
index 00000000..e03c3ccc
--- /dev/null
+++ b/src/Form/Type/UserPasswordType.php
@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Form\Type;
+
+use App\Entity\User;
+use Symfony\Component\Form\AbstractType;
+use Symfony\Component\Form\Extension\Core\Type\PasswordType;
+use Symfony\Component\Form\Extension\Core\Type\RepeatedType;
+use Symfony\Component\Form\FormBuilderInterface;
+use Symfony\Component\Form\FormEvent;
+use Symfony\Component\Form\FormEvents;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+
+class UserPasswordType extends AbstractType
+{
+    public function buildForm(FormBuilderInterface $builder, array $options): void
+    {
+        $builder->add('plainPassword', RepeatedType::class, [
+            'type' => PasswordType::class,
+            'required' => true,
+            'first_options' => [
+                'label' => 'Mot de passe',
+            ],
+            'second_options' => [
+                'label' => 'Confirmation',
+            ],
+        ]);
+
+        $builder->addEventListener(FormEvents::PRE_SET_DATA, function (FormEvent $event): void {
+            /** @var User $user */
+            $user = $event->getData();
+            if (!empty($user->getPassword())) {
+                $event->getForm()->add('currentPassword', PasswordType::class, [
+                    'required' => true,
+                ]);
+            }
+        });
+    }
+
+    public function configureOptions(OptionsResolver $resolver): void
+    {
+        $resolver->setDefaults([
+            'data_class' => User::class,
+            'validation_groups' => ['user:password'],
+        ]);
+    }
+}
diff --git a/src/Migrations/Version20200516150857.php b/src/Migrations/Version20200516150857.php
new file mode 100644
index 00000000..c5683e37
--- /dev/null
+++ b/src/Migrations/Version20200516150857.php
@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+final class Version20200516150857 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return 'Remove Organization.password, add User.password and User.roles, and add Organizations.admins relation.';
+    }
+
+    public function up(Schema $schema): void
+    {
+        $this->abortIf('postgresql' !== $this->connection->getDatabasePlatform()->getName(), 'Migration can only be executed safely on \'postgresql\'.');
+
+        $this->addSql('CREATE TABLE user_organization (user_id INT NOT NULL, organization_id INT NOT NULL, PRIMARY KEY(user_id, organization_id))');
+        $this->addSql('CREATE INDEX IDX_41221F7EA76ED395 ON user_organization (user_id)');
+        $this->addSql('CREATE INDEX IDX_41221F7E32C8A3DE ON user_organization (organization_id)');
+        $this->addSql('ALTER TABLE user_organization ADD CONSTRAINT FK_41221F7EA76ED395 FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE NOT DEFERRABLE INITIALLY IMMEDIATE');
+        $this->addSql('ALTER TABLE user_organization ADD CONSTRAINT FK_41221F7E32C8A3DE FOREIGN KEY (organization_id) REFERENCES organization (id) ON DELETE CASCADE NOT DEFERRABLE INITIALLY IMMEDIATE');
+        $this->addSql('ALTER TABLE users ADD password VARCHAR(255) DEFAULT NULL');
+        $this->addSql('ALTER TABLE users ADD roles TEXT NOT NULL DEFAULT \'a:1:{i:0;s:14:"ROLE_VOLUNTEER";}\'');
+        $this->addSql('ALTER TABLE users ALTER roles DROP DEFAULT');
+        $this->addSql('COMMENT ON COLUMN users.roles IS \'(DC2Type:array)\'');
+        $this->addSql('ALTER TABLE organization DROP password');
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->abortIf('postgresql' !== $this->connection->getDatabasePlatform()->getName(), 'Migration can only be executed safely on \'postgresql\'.');
+
+        $this->addSql('DROP TABLE user_organization');
+        $this->addSql('ALTER TABLE users DROP password');
+        $this->addSql('ALTER TABLE users DROP roles');
+        $this->addSql('ALTER TABLE organization ADD password VARCHAR(255) DEFAULT NULL');
+    }
+}
diff --git a/src/ParamConverter/AssetParamConverter.php b/src/ParamConverter/AssetParamConverter.php
index d3a93de5..f9d2f596 100644
--- a/src/ParamConverter/AssetParamConverter.php
+++ b/src/ParamConverter/AssetParamConverter.php
@@ -15,12 +15,10 @@
 class AssetParamConverter implements ParamConverterInterface
 {
     private CommissionableAssetRepository $assetRepository;
-    private OrganizationParamConverter $organizationParamConverter;
 
-    public function __construct(CommissionableAssetRepository $assetRepository, OrganizationParamConverter $organizationParamConverter)
+    public function __construct(CommissionableAssetRepository $assetRepository)
     {
         $this->assetRepository = $assetRepository;
-        $this->organizationParamConverter = $organizationParamConverter;
     }
 
     /**
@@ -30,15 +28,8 @@ public function apply(Request $request, ParamConverter $configuration): bool
     {
         $name = $configuration->getName();
 
-        /** @var Organization|int|null $organization */
+        /** @var Organization $organization */
         $organization = $request->attributes->get('organization');
-
-        // Force OrganizationParamConverter to retrieve the organization
-        if (!\is_object($organization)) {
-            $this->organizationParamConverter->apply($request, new ParamConverter(['name' => 'organization']));
-            $organization = $request->attributes->get('organization');
-        }
-
         $id = $request->attributes->getInt($name);
         $asset = $this->assetRepository->findOneByIdAndOrganization($id, $organization);
 
diff --git a/src/ParamConverter/OrganizationParamConverter.php b/src/ParamConverter/OrganizationParamConverter.php
deleted file mode 100644
index a2b381d1..00000000
--- a/src/ParamConverter/OrganizationParamConverter.php
+++ /dev/null
@@ -1,54 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\ParamConverter;
-
-use App\Entity\Organization;
-use App\Repository\OrganizationRepository;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
-use Sensio\Bundle\FrameworkExtraBundle\Request\ParamConverter\ParamConverterInterface;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
-
-class OrganizationParamConverter implements ParamConverterInterface
-{
-    private OrganizationRepository $organizationRepository;
-
-    public function __construct(OrganizationRepository $organizationRepository)
-    {
-        $this->organizationRepository = $organizationRepository;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function apply(Request $request, ParamConverter $configuration): bool
-    {
-        $name = $configuration->getName();
-        $id = $request->attributes->getInt($name);
-
-        if (!empty($organizationId = $request->query->getInt('organizationId'))
-        ) {
-            $id = $organizationId;
-        }
-
-        $organization = $this->organizationRepository->find($id);
-
-        if (null === $organization) {
-            throw new NotFoundHttpException(sprintf('Organization with id "%d" does not exist.', $id));
-        }
-
-        $request->attributes->set($name, $organization);
-
-        return true;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function supports(ParamConverter $configuration): bool
-    {
-        return Organization::class === $configuration->getClass();
-    }
-}
diff --git a/src/ParamConverter/UserParamConverter.php b/src/ParamConverter/UserParamConverter.php
index 9f7a9441..db3485af 100644
--- a/src/ParamConverter/UserParamConverter.php
+++ b/src/ParamConverter/UserParamConverter.php
@@ -15,12 +15,10 @@
 class UserParamConverter implements ParamConverterInterface
 {
     private UserRepository $userRepository;
-    private OrganizationParamConverter $organizationParamConverter;
 
-    public function __construct(UserRepository $userRepository, OrganizationParamConverter $organizationParamConverter)
+    public function __construct(UserRepository $userRepository)
     {
         $this->userRepository = $userRepository;
-        $this->organizationParamConverter = $organizationParamConverter;
     }
 
     /**
@@ -31,15 +29,9 @@ public function apply(Request $request, ParamConverter $configuration): bool
         $name = $configuration->getName();
         $id = $request->attributes->getInt($name);
 
-        /** @var Organization|int|null $organization */
+        /** @var Organization|null $organization */
         $organization = $request->attributes->get('organization');
         if (null !== $organization) {
-            // Force OrganizationParamConverter to retrieve the organization
-            if (!\is_object($organization)) {
-                $this->organizationParamConverter->apply($request, new ParamConverter(['name' => 'organization']));
-                $organization = $request->attributes->get('organization');
-            }
-
             $user = $this->userRepository->findOneByIdAndOrganization($id, $organization);
         } else {
             $user = $this->userRepository->find($id);
diff --git a/src/Repository/OrganizationRepository.php b/src/Repository/OrganizationRepository.php
index dfe791d5..62ae253d 100644
--- a/src/Repository/OrganizationRepository.php
+++ b/src/Repository/OrganizationRepository.php
@@ -8,7 +8,6 @@
 use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
 use Doctrine\Common\Persistence\ManagerRegistry;
 use Doctrine\ORM\QueryBuilder;
-use Symfony\Bridge\Doctrine\Security\User\UserLoaderInterface;
 
 /**
  * @method Organization|null find($id, $lockMode = null, $lockVersion = null)
@@ -16,25 +15,13 @@
  * @method Organization[]    findAll()
  * @method Organization[]    findBy(array $criteria, array $orderBy = null, $limit = null, $offset = null)
  */
-class OrganizationRepository extends ServiceEntityRepository implements UserLoaderInterface
+class OrganizationRepository extends ServiceEntityRepository
 {
     public function __construct(ManagerRegistry $registry)
     {
         parent::__construct($registry, Organization::class);
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function loadUserByUsername(string $username): ?Organization
-    {
-        return $this->createQueryBuilder('o')
-            ->where('o.name = :value')
-            ->setParameter('value', $username)
-            ->getQuery()
-            ->getOneOrNullResult();
-    }
-
     /**
      * @return Organization[][]
      */
diff --git a/src/Security/OrganizationLoginFormAuthenticator.php b/src/Security/OrganizationLoginFormAuthenticator.php
deleted file mode 100644
index fdc1a876..00000000
--- a/src/Security/OrganizationLoginFormAuthenticator.php
+++ /dev/null
@@ -1,115 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Security;
-
-use App\Entity\Organization;
-use App\Repository\OrganizationRepository;
-use Symfony\Component\HttpFoundation\RedirectResponse;
-use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
-use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
-use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
-use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
-use Symfony\Component\Security\Core\Security;
-use Symfony\Component\Security\Core\User\UserInterface;
-use Symfony\Component\Security\Core\User\UserProviderInterface;
-use Symfony\Component\Security\Csrf\CsrfToken;
-use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
-use Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator;
-use Symfony\Component\Security\Guard\PasswordAuthenticatedInterface;
-use Symfony\Component\Security\Http\Util\TargetPathTrait;
-
-final class OrganizationLoginFormAuthenticator extends AbstractFormLoginAuthenticator implements PasswordAuthenticatedInterface
-{
-    use TargetPathTrait;
-
-    private $organizationRepository;
-    private $urlGenerator;
-    private $csrfTokenManager;
-    private $passwordChecker;
-
-    public function __construct(
-        OrganizationRepository $organizationRepository,
-        UrlGeneratorInterface $urlGenerator,
-        CsrfTokenManagerInterface $csrfTokenManager,
-        UserPasswordEncoderInterface $passwordChecker
-    ) {
-        $this->organizationRepository = $organizationRepository;
-        $this->urlGenerator = $urlGenerator;
-        $this->csrfTokenManager = $csrfTokenManager;
-        $this->passwordChecker = $passwordChecker;
-    }
-
-    public function supports(Request $request)
-    {
-        return 'app_organization_login' === $request->attributes->get('_route')
-            && $request->isMethod('POST');
-    }
-
-    public function getCredentials(Request $request)
-    {
-        $credentials = [
-            'identifier' => $request->request->get('identifier', ''),
-            'password' => $request->request->get('password'),
-            'csrf_token' => $request->request->get('_csrf_token'),
-        ];
-
-        $request->getSession()->set(Security::LAST_USERNAME, $credentials['identifier']);
-
-        return $credentials;
-    }
-
-    public function getUser($credentials, UserProviderInterface $userProvider)
-    {
-        $token = new CsrfToken('authenticate', $credentials['csrf_token']);
-
-        if (!$this->csrfTokenManager->isTokenValid($token)) {
-            throw new InvalidCsrfTokenException();
-        }
-
-        if (!$user = $this->organizationRepository->find($credentials['identifier'])) {
-            throw new CustomUserMessageAuthenticationException('Organization could not be found.');
-        }
-
-        return $user;
-    }
-
-    public function checkCredentials($credentials, UserInterface $user)
-    {
-        return $this->passwordChecker->isPasswordValid($user, $credentials['password']);
-    }
-
-    /**
-     * @param array $credentials The submitted credentials
-     */
-    public function getPassword($credentials): ?string
-    {
-        return $credentials['password'];
-    }
-
-    /**
-     * @param string $providerKey
-     *
-     * @return Response|null
-     */
-    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
-    {
-        if ($targetPath = $this->getTargetPath($request->getSession(), $providerKey)) {
-            return new RedirectResponse($targetPath);
-        }
-
-        /** @var Organization $user */
-        $user = $token->getUser();
-
-        return new RedirectResponse($this->urlGenerator->generate('app_organization_dashboard', ['organization' => $user->getId()]));
-    }
-
-    protected function getLoginUrl(): string
-    {
-        return $this->urlGenerator->generate('app_organization_login');
-    }
-}
diff --git a/src/Security/UserAutomaticLoginHandler.php b/src/Security/UserAutomaticLoginHandler.php
index 87413abb..773c0d57 100644
--- a/src/Security/UserAutomaticLoginHandler.php
+++ b/src/Security/UserAutomaticLoginHandler.php
@@ -15,10 +15,8 @@ final class UserAutomaticLoginHandler
     private GuardAuthenticatorHandler $guardHandler;
     private UserLoginFormAuthenticator $formAuthenticator;
 
-    public function __construct(
-        GuardAuthenticatorHandler $guardHandler,
-        UserLoginFormAuthenticator $formAuthenticator
-    ) {
+    public function __construct(GuardAuthenticatorHandler $guardHandler, UserLoginFormAuthenticator $formAuthenticator)
+    {
         $this->guardHandler = $guardHandler;
         $this->formAuthenticator = $formAuthenticator;
     }
@@ -28,10 +26,6 @@ public function __construct(
      */
     public function handleAuthentication(Request $request, UserInterface $user): Response
     {
-        if (!$user instanceof User) {
-            throw new \InvalidArgumentException(sprintf('Method %s only accepts a %s instance as its second argument.', __METHOD__, User::class));
-        }
-
         $response = $this->guardHandler->authenticateUserAndHandleSuccess(
             $user,
             $request,
diff --git a/src/Security/UserLoginFormAuthenticator.php b/src/Security/UserLoginFormAuthenticator.php
index a9b9b024..cb358735 100644
--- a/src/Security/UserLoginFormAuthenticator.php
+++ b/src/Security/UserLoginFormAuthenticator.php
@@ -10,6 +10,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\RouterInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Exception\BadCredentialsException;
 use Symfony\Component\Security\Core\Exception\InvalidCsrfTokenException;
@@ -31,13 +32,15 @@ final class UserLoginFormAuthenticator extends AbstractFormLoginAuthenticator
     private RouterInterface $router;
     private CsrfTokenManagerInterface $csrfTokenManager;
     private ValidatorInterface $validator;
+    private UserPasswordEncoderInterface $userPasswordEncoder;
 
-    public function __construct(UserRepository $userRepository, RouterInterface $router, CsrfTokenManagerInterface $csrfTokenManager, ValidatorInterface $validator)
+    public function __construct(UserRepository $userRepository, RouterInterface $router, CsrfTokenManagerInterface $csrfTokenManager, ValidatorInterface $validator, UserPasswordEncoderInterface $userPasswordEncoder)
     {
         $this->userRepository = $userRepository;
         $this->router = $router;
         $this->csrfTokenManager = $csrfTokenManager;
         $this->validator = $validator;
+        $this->userPasswordEncoder = $userPasswordEncoder;
     }
 
     public function supports(Request $request)
@@ -52,6 +55,7 @@ public function getCredentials(Request $request)
         $credentials = [
             'identifier' => $loginCredentials['identifier'] ?? null,
             'birthday' => $loginCredentials['birthday'] ?? false ? $this->formatBirthday($loginCredentials['birthday']) : null,
+            'password' => $loginCredentials['password'] ?? null,
             'csrf_token' => $loginCredentials['_token'] ?? null,
         ];
 
@@ -78,13 +82,18 @@ public function getUser($credentials, UserProviderInterface $userProvider)
         return $this->userRepository->loadUserByUsername($credentials['identifier']);
     }
 
-    public function checkCredentials($credentials, UserInterface $user)
+    /**
+     * @param array              $credentials
+     * @param UserInterface|User $user
+     */
+    public function checkCredentials($credentials, UserInterface $user): bool
     {
-        if (!$user instanceof User) {
-            throw new \RuntimeException('Bad user type');
+        /** @var User $user */
+        if (null === $user->getPassword()) {
+            return $credentials['birthday'] === $user->birthday;
         }
 
-        return $credentials['birthday'] === $user->getBirthday();
+        return !empty($credentials['password']) && $this->userPasswordEncoder->isPasswordValid($user, $credentials['password']);
     }
 
     public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $providerKey)
diff --git a/src/Security/Voter/CommissionableAssetVoter.php b/src/Security/Voter/CommissionableAssetVoter.php
deleted file mode 100644
index 362ac4d6..00000000
--- a/src/Security/Voter/CommissionableAssetVoter.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Security\Voter;
-
-use App\Entity\CommissionableAsset;
-use App\Entity\Organization;
-use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\Authorization\Voter\Voter;
-
-class CommissionableAssetVoter extends Voter
-{
-    public const CAN_EDIT = 'CAN_EDIT_ASSET';
-
-    protected function supports($attribute, $subject): bool
-    {
-        return self::CAN_EDIT === $attribute
-            && $subject instanceof CommissionableAsset;
-    }
-
-    /**
-     * @param string              $attribute
-     * @param CommissionableAsset $subject
-     */
-    protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
-    {
-        $loggedOrganization = $token->getUser();
-
-        if (!$loggedOrganization instanceof Organization) {
-            return false;
-        }
-
-        return $subject->organization === $loggedOrganization || $subject->organization->parent === $loggedOrganization;
-    }
-}
diff --git a/src/Security/Voter/OrganizationVoter.php b/src/Security/Voter/OrganizationVoter.php
index af100e70..0079832e 100644
--- a/src/Security/Voter/OrganizationVoter.php
+++ b/src/Security/Voter/OrganizationVoter.php
@@ -5,41 +5,44 @@
 namespace App\Security\Voter;
 
 use App\Entity\Organization;
+use App\Entity\User;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
-class OrganizationVoter extends Voter
+final class OrganizationVoter extends Voter
 {
-    public const CAN_MANAGE = 'CAN_MANAGE_ORGANIZATION';
-    public const CAN_CREATE = 'CAN_CREATE_ORGANIZATION';
+    public const ROLE_ORGANIZATION = 'ROLE_ORGANIZATION';
+    public const ROLE_PARENT_ORGANIZATION = 'ROLE_PARENT_ORGANIZATION';
 
     protected function supports($attribute, $subject): bool
     {
-        return self::CAN_MANAGE === $attribute && $subject instanceof Organization
-            || self::CAN_CREATE === $attribute && null === $subject;
+        return \in_array($attribute, [
+            self::ROLE_ORGANIZATION,
+            self::ROLE_PARENT_ORGANIZATION,
+        ], true) && (null === $subject || $subject instanceof Organization);
     }
 
     /**
-     * @param string       $attribute
-     * @param Organization $subject
+     * @param string            $attribute
+     * @param Organization|null $subject
      */
     protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
     {
-        $loggedOrganization = $token->getUser();
+        /** @var User|null $user */
+        $user = $token->getUser();
 
-        if (!$loggedOrganization instanceof Organization) {
+        if (!$user instanceof User || null === $user->getPassword()) {
             return false;
         }
 
-        if (self::CAN_CREATE === $attribute) {
-            return $loggedOrganization->isParent();
+        if (null === $subject) {
+            return true;
         }
 
-        return $this->canManageOrganization($loggedOrganization, $subject);
-    }
+        if (self::ROLE_PARENT_ORGANIZATION === $attribute) {
+            return $subject->getAdmins()->contains($user) || $subject->getParentOrganization()->getAdmins()->contains($user);
+        }
 
-    private function canManageOrganization(Organization $loggedOrganization, Organization $organization): bool
-    {
-        return $loggedOrganization === $organization || $loggedOrganization === $organization->parent;
+        return $subject->getAdmins()->contains($user);
     }
 }
diff --git a/src/Security/Voter/UserVoter.php b/src/Security/Voter/UserVoter.php
deleted file mode 100644
index 02c785d8..00000000
--- a/src/Security/Voter/UserVoter.php
+++ /dev/null
@@ -1,35 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Security\Voter;
-
-use App\Entity\Organization;
-use App\Entity\User;
-use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\Authorization\Voter\Voter;
-
-class UserVoter extends Voter
-{
-    public const CAN_EDIT = 'CAN_EDIT_USER';
-
-    protected function supports($attribute, $subject): bool
-    {
-        return self::CAN_EDIT === $attribute && $subject instanceof User;
-    }
-
-    /**
-     * @param string $attribute
-     * @param User   $subject
-     */
-    protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
-    {
-        $loggedOrganization = $token->getUser();
-
-        if (!$loggedOrganization instanceof Organization || null === $subject->organization) {
-            return false;
-        }
-
-        return $subject->organization === $loggedOrganization || $subject->getNotNullOrganization()->parent === $loggedOrganization;
-    }
-}
diff --git a/src/Twig/Extension/OrganizationExtension.php b/src/Twig/Extension/OrganizationExtension.php
index d4a25df0..36da8746 100644
--- a/src/Twig/Extension/OrganizationExtension.php
+++ b/src/Twig/Extension/OrganizationExtension.php
@@ -5,20 +5,19 @@
 namespace App\Twig\Extension;
 
 use App\Entity\Organization;
-use App\Entity\User;
 use Symfony\Bridge\Twig\Extension\RoutingExtension;
-use Symfony\Component\Security\Core\Security;
+use Symfony\Component\HttpFoundation\RequestStack;
 use Twig\Extension\AbstractExtension;
 use Twig\TwigFunction;
 
 final class OrganizationExtension extends AbstractExtension
 {
-    private Security $security;
+    private RequestStack $requestStack;
     private RoutingExtension $routingExtension;
 
-    public function __construct(Security $security, RoutingExtension $routingExtension)
+    public function __construct(RequestStack $requestStack, RoutingExtension $routingExtension)
     {
-        $this->security = $security;
+        $this->requestStack = $requestStack;
         $this->routingExtension = $routingExtension;
     }
 
@@ -45,16 +44,19 @@ public function getOrganizationUrl(string $name, array $parameters = [], bool $s
 
     private function buildParameters(string $name, array $parameters): array
     {
-        /** @var Organization|User|null $user */
-        $user = $this->security->getUser();
-        if (!preg_match('/^app_organization_.*$/', $name) || !$user instanceof Organization) {
+        $request = $this->requestStack->getCurrentRequest();
+        if (!preg_match('/^app_organization_.*$/', $name)
+            || !$request
+            || !($organization = $request->attributes->get('currentOrganization'))
+            || !$organization instanceof Organization
+        ) {
             return $parameters;
         }
 
-        $organization = $parameters['organization'] ?? null;
-        $parameters = array_merge($parameters, ['organization' => $user->getId()]);
-        if (null !== $organization && $parameters['organization'] !== $organization) {
-            $parameters['organizationId'] = $organization;
+        $parameter = $parameters['organization'] ?? null;
+        $parameters = array_merge($parameters, ['organization' => $organization->getId()]);
+        if (null !== $parameter && $parameters['organization'] !== $parameter) {
+            $parameters['organizationId'] = $parameter;
         }
 
         return $parameters;
diff --git a/src/Validator/Constraints/CurrentPassword.php b/src/Validator/Constraints/CurrentPassword.php
new file mode 100644
index 00000000..0ed87354
--- /dev/null
+++ b/src/Validator/Constraints/CurrentPassword.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Validator\Constraints;
+
+use Symfony\Component\Validator\Constraint;
+
+/**
+ * @Annotation
+ */
+final class CurrentPassword extends Constraint
+{
+    public function getMessage(): string
+    {
+        return 'Cette valeur n\'est pas valide.';
+    }
+
+    public function getTargets()
+    {
+        return self::CLASS_CONSTRAINT;
+    }
+}
diff --git a/src/Validator/Constraints/CurrentPasswordValidator.php b/src/Validator/Constraints/CurrentPasswordValidator.php
new file mode 100644
index 00000000..3f2eabe6
--- /dev/null
+++ b/src/Validator/Constraints/CurrentPasswordValidator.php
@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Validator\Constraints;
+
+use App\Entity\User;
+use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
+use Symfony\Component\Validator\Constraint;
+use Symfony\Component\Validator\ConstraintValidator;
+use Symfony\Component\Validator\Exception\UnexpectedTypeException;
+
+final class CurrentPasswordValidator extends ConstraintValidator
+{
+    private $userPasswordEncoder;
+
+    public function __construct(UserPasswordEncoderInterface $userPasswordEncoder)
+    {
+        $this->userPasswordEncoder = $userPasswordEncoder;
+    }
+
+    /**
+     * @param User                       $user
+     * @param Constraint|CurrentPassword $constraint
+     */
+    public function validate($user, Constraint $constraint): void
+    {
+        if (!$constraint instanceof CurrentPassword) {
+            throw new UnexpectedTypeException($constraint, CurrentPassword::class);
+        }
+
+        if (!empty($user->getPassword()) && !empty($user->plainPassword) && (null === $user->currentPassword || !$this->userPasswordEncoder->isPasswordValid($user, $user->currentPassword))) {
+            $this->context->buildViolation($constraint->getMessage())
+                ->atPath('currentPassword')
+                ->addViolation();
+        }
+    }
+}
diff --git a/templates/_navbar.html.twig b/templates/_navbar.html.twig
index 14d295ab..b1783c17 100644
--- a/templates/_navbar.html.twig
+++ b/templates/_navbar.html.twig
@@ -14,9 +14,22 @@
                     <a class="nav-link" href="{{ path('app_user_home') }}">{{ 'nav.section.volunteer' | trans }}</a>
                 </li>
             </ul>
+            {% if app.user %}
+                {% set organizationsCount = app.user.organizations.count %}
+                {% if 1 == organizationsCount %}
+                    <a class="nav-link active" href="{{ path('app_organization_dashboard', {organization: app.user.organizations.first.id}) }}">Gérer ma structure</a>
+                {% else %}
+                    <ul>{{ 'nav.section.organization' | trans }} :
+                        {% for organization in app.user.organizations %}
+                            <li>
+                                <a class="nav-link active" href="{{ path('app_organization_dashboard', {organization: organization.id}) }}">{{ organization.name }}</a>
+                            </li>
+                        {% endfor %}
+                    </ul>
+                {% endif %}
+            {% endif %}
             <div class="navbar-nav">
                 {% if not app.user %}
-                    <a class="nav-link" href="{{ path('app_organization_login') }}">{{ 'nav.section.organization' | trans }}</a>
                     <a class="btn btn-outline-primary" href="{{ path('app_user_create') }}">{{ 'user.createMyAccount' | trans }}</a>
                 {% else %}
                     <a class="nav-link active" href="{{ path('app_user_edit') }}">{{ 'nav.profile' | trans }}</a>
diff --git a/templates/base.html.twig b/templates/base.html.twig
index 42dd1a39..b20ab964 100644
--- a/templates/base.html.twig
+++ b/templates/base.html.twig
@@ -15,6 +15,14 @@
         {% include '_navbar.html.twig' %}
 
         <div class="container my-5">
+            {% if app.user and 0 < app.user.organizations.count and app.user.password is empty %}
+                <p class="alert alert-warning">
+                    <a href="{{ path('app_user_password') }}">
+                        Vous devez renseigner votre mot de passe afin d'administrer votre structure.
+                    </a>
+                </p>
+            {% endif %}
+
             {% block body '' %}
         </div>
 
diff --git a/templates/organization/assetType/edit.html.twig b/templates/organization/assetType/edit.html.twig
index afb60b25..f5d59202 100644
--- a/templates/organization/assetType/edit.html.twig
+++ b/templates/organization/assetType/edit.html.twig
@@ -11,9 +11,9 @@
     <a href="{{ path('app_organization_assetType_list') }}">{{ 'common.backToList' | trans }}</a>
     <h1>
         {% if app.request.get('_route') == 'app_organization_assetType_new' %}
-            {{ 'organization.asset_type.add_new' | trans }} - {{ app.user }}
+            {{ 'organization.asset_type.add_new' | trans }} - {{ organization }}
         {% else %}
-            {{ 'organization.asset_type.edit_form_title' | trans }} - {{ app.user }}
+            {{ 'organization.asset_type.edit_form_title' | trans }} - {{ organization }}
         {% endif %}
     </h1>
 
diff --git a/templates/organization/assetType/list.html.twig b/templates/organization/assetType/list.html.twig
index a408ab8b..7b015307 100644
--- a/templates/organization/assetType/list.html.twig
+++ b/templates/organization/assetType/list.html.twig
@@ -7,7 +7,7 @@
 {% endblock %}
 
 {% block body %}
-    <h1>{{ 'organization.asset_type.main_title' | trans }} - {{ app.user }}</h1>
+    <h1>{{ 'organization.asset_type.main_title' | trans }} - {{ organization }}</h1>
 
     <div class="row">
         <div class="col-12 text-right mb-2">
@@ -28,7 +28,7 @@
                 <tr>
                     <td>{{ assetType.name }}</td>
                     <td>
-                        <a href="{{ path('app_organization_assetType_edit', { id: assetType.id }) }}" class="btn btn-outline-secondary">{{ 'action.edit' | trans }}</a>
+                        <a href="{{ path('app_organization_assetType_edit', { assetType: assetType.id }) }}" class="btn btn-outline-secondary">{{ 'action.edit' | trans }}</a>
                     </td>
                 </tr>
             {% endfor %}
diff --git a/templates/organization/base.html.twig b/templates/organization/base.html.twig
index 3122b8ba..9d2c43cd 100644
--- a/templates/organization/base.html.twig
+++ b/templates/organization/base.html.twig
@@ -13,7 +13,7 @@
     <body>
         <nav class="navbar navbar-expand-lg navbar-light">
             <div class="container-xl">
-                <a class="navbar-brand" href="{{ path('app_organization_index')}}">{{ 'project.name' | trans }}</a>
+                <a class="navbar-brand" href="{{ path('app_organization_dashboard')}}">{{ 'project.name' | trans }}</a>
 
                 <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarContent" aria-controls="navbarContent" aria-expanded="false" aria-label="Toggle navigation">
                     <span class="navbar-toggler-icon"></span>
@@ -24,36 +24,32 @@
                 <div class="collapse navbar-collapse" id="navbarContent">
                     <ul class="navbar-nav mr-auto">
                         <li class="nav-item">
-                            <a class="nav-link" href="{{ path('app_organization_index')}}">{{ 'nav.section.organization' | trans }}</a>
+                            <a class="nav-link" href="{{ path('app_organization_dashboard')}}">{{ 'nav.section.organization' | trans }}</a>
                         </li>
                     </ul>
                     <div class="navbar-nav">
-                        {% if not app.user %}
-                            <a class="nav-link" href="{{ path('app_login')}}">{{ 'nav.section.volunteer' | trans }}</a>
-                        {% else %}
-                            <form action="{{ path('app_organization_search') }}" method="get" class="mr-3">
-                                <div class="input-group input-group-search">
-                                    <div class="input-group-prepend">
-                                        <span class="input-group-text"><span class="fa fa-search"></span></span>
-                                    </div>
-                                    <input type="search" class="form-control" value="{{ query | default('') }}" required name="query" placeholder="{{ 'organization.search.submit'|trans }}" />
-                                    <div class="input-group-append">
-                                        <button type="submit" class="btn btn-outline-secondary" title="{{ 'organization.search.submit'|trans }}">
-                                            <i class="fa fa-long-arrow-right"></i>
-                                        </button>
-                                    </div>
+                        <form action="{{ path('app_organization_search') }}" method="get" class="mr-3">
+                            <div class="input-group input-group-search">
+                                <div class="input-group-prepend">
+                                    <span class="input-group-text"><span class="fa fa-search"></span></span>
                                 </div>
-                            </form>
+                                <input type="search" class="form-control" value="{{ query | default('') }}" required name="query" placeholder="{{ 'organization.search.submit'|trans }}" />
+                                <div class="input-group-append">
+                                    <button type="submit" class="btn btn-outline-secondary" title="{{ 'organization.search.submit'|trans }}">
+                                        <i class="fa fa-long-arrow-right"></i>
+                                    </button>
+                                </div>
+                            </div>
+                        </form>
 
-                            {% include 'organization/_help.html.twig' %}
+                        {% include 'organization/_help.html.twig' %}
 
-                            <a class="nav-link" href="{{ logout_path() }}">{{ 'action.logout' | trans }}</a>
+                        <a class="nav-link" href="{{ logout_path() }}">{{ 'action.logout' | trans }}</a>
 
-                            <span class="navbar-text navbar-separator mt-1 ml-3 mr-4 d-none d-lg-block"></span>
-                            <span class="navbar-text active text-dark font-weight-bold">
-                                {{  app.user }}
-                            </span>
-                        {% endif %}
+                        <span class="navbar-text navbar-separator mt-1 ml-3 mr-4 d-none d-lg-block"></span>
+                        <span class="navbar-text active text-dark font-weight-bold">
+                            {{ app.request.attributes.get('currentOrganization') }}
+                        </span>
                     </div>
                 </div>
             </div>
diff --git a/templates/organization/commissionable_asset/_list.html.twig b/templates/organization/commissionable_asset/_list.html.twig
index 9d8cee29..a4d36b07 100644
--- a/templates/organization/commissionable_asset/_list.html.twig
+++ b/templates/organization/commissionable_asset/_list.html.twig
@@ -32,7 +32,7 @@
 
                 {% if showLinks is not defined or showLinks %}
                     <td>
-                        <button class="btn btn-outline-primary text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_asset_show_modal', { 'asset': asset.id }) }}" title="{{ 'action.show' | trans }}">
+                        <button class="btn btn-outline-primary text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_asset_show_modal', { asset: asset.id }) }}" title="{{ 'action.show' | trans }}">
                             <span class="fa fa-copy"></span> {{ 'action.show' | trans }}
                         </button>
                     </td>
diff --git a/templates/organization/commissionable_asset/_show.html.twig b/templates/organization/commissionable_asset/_show.html.twig
index 9e228fc4..fbdf6127 100644
--- a/templates/organization/commissionable_asset/_show.html.twig
+++ b/templates/organization/commissionable_asset/_show.html.twig
@@ -1,5 +1,5 @@
-{% if app.user == asset.organization or app.user == asset.organization.parent %}
-    <a class="btn btn-primary float-right" href="{{ path('app_organization_asset_edit', {asset: asset.id, organization: asset.organization.id}) }}">{{ 'action.edit' | trans }}</a>
+{% if is_granted('ROLE_PARENT_ORGANIZATION', asset.organization) %}
+    <a class="btn btn-primary float-right" href="{{ path('app_organization_asset_edit', {asset: asset.id}) }}">{{ 'action.edit' | trans }}</a>
 {% endif %}
 
 <h1 class="mb-4">{{ asset }}</h1>
diff --git a/templates/organization/commissionable_asset/form.html.twig b/templates/organization/commissionable_asset/form.html.twig
index 8f07516d..693df12a 100644
--- a/templates/organization/commissionable_asset/form.html.twig
+++ b/templates/organization/commissionable_asset/form.html.twig
@@ -11,7 +11,7 @@
             class="btn btn-outline-danger trigger-delete float-right"
             data-message="{{ 'message.deleteAssetWarning' | trans }}"
             data-display-name="{{ asset }}"
-            data-href="{{ path('app_organization_asset_delete', { asset: asset.id, organization: asset.organization.id }) }}"
+            data-href="{{ path('app_organization_asset_delete', { asset: asset.id }) }}"
             href="#"
         >{{ 'action.delete' | trans }}</a>
     {% endif %}
diff --git a/templates/organization/commissionable_asset/list.html.twig b/templates/organization/commissionable_asset/list.html.twig
index 0a0c863b..ba9ff830 100644
--- a/templates/organization/commissionable_asset/list.html.twig
+++ b/templates/organization/commissionable_asset/list.html.twig
@@ -14,7 +14,7 @@
 
     <div class="row">
         <div class="col-12 text-right mb-2">
-            <a class="btn btn-success" href="{{ path('app_organization_commissionable_pre_add_asset', {organization: organization.id | default(app.user.id)}) }}" role="button">
+            <a class="btn btn-success" href="{{ path('app_organization_commissionable_pre_add_asset', {organization: organization.id}) }}" role="button">
                 {{ 'organization.asset.add' | trans }}
             </a>
         </div>
diff --git a/templates/organization/commissionable_asset/preAdd.html.twig b/templates/organization/commissionable_asset/preAdd.html.twig
index 4ec23805..5b431a92 100644
--- a/templates/organization/commissionable_asset/preAdd.html.twig
+++ b/templates/organization/commissionable_asset/preAdd.html.twig
@@ -1,7 +1,7 @@
 {% extends 'organization/base.html.twig' %}
 
 {% block body %}
-    {{ form_start(form, { method: 'GET', action: path('app_organization_asset_add', {organization: organization.id | default(app.user.id)})}) }}
+    {{ form_start(form, { method: 'GET', action: path('app_organization_asset_add')}) }}
     {{ form_rest(form) }}
     {{ form_end(form) }}
 {% endblock %}
diff --git a/templates/organization/edit.html.twig b/templates/organization/edit.html.twig
index 5b2f8c10..79b21b85 100644
--- a/templates/organization/edit.html.twig
+++ b/templates/organization/edit.html.twig
@@ -4,7 +4,7 @@
     {% set formAction = path('app_organization_new') %}
     {% set formTitle = 'organization.add' | trans %}
 {% else %}
-    {% set formAction = path('app_organization_edit', { object: organization.id }) %}
+    {% set formAction = path('app_organization_edit', { organizationToEdit: organization.id }) %}
     {% set formTitle = 'organization.edit' | trans %}
 {% endif %}
 
diff --git a/templates/organization/home.html.twig b/templates/organization/home.html.twig
index a934fa53..3edd8896 100644
--- a/templates/organization/home.html.twig
+++ b/templates/organization/home.html.twig
@@ -5,27 +5,27 @@
 {% block body %}
     {{ include('misc/flash-messages.html.twig') }}
 
-    <h1>{{ app.user }}</h1>
+    <h1>{{ organization }}</h1>
 
     <p>{{ 'calendar.week.current' | trans }} : {{ 'calendar.period' | trans ({ '%from%' : 'this week' | date('d/m/Y'), '%to%' : 'sunday this week' | date('d/m/Y') }) }}</p>
     <p>
-        <a class="btn btn-outline-primary" role="button" href="{{ path('app_organization_planning', {'organizations[]': app.user.id, 'from': 'monday this week' | date('Y-m-d\\T00:00:00'), 'to': 'sunday this week' | date('Y-m-d\\T00:00:00')}) }}">
+        <a class="btn btn-outline-primary" role="button" href="{{ path('app_organization_planning', {'organizations[]': organization.id, 'from': 'monday this week' | date('Y-m-d\\T00:00:00'), 'to': 'sunday this week' | date('Y-m-d\\T00:00:00')}) }}">
             {{ 'organization.userAvailabilityCurrentWeek' | trans }}
         </a>
     </p>
 
     <p>{{ 'calendar.week.next' | trans }} : {{ 'calendar.period' | trans ({ '%from%' : 'next week' | date('d/m/Y'), '%to%' : 'sunday next week' | date('d/m/Y') }) }}</p>
     <p>
-        <a class="btn btn-outline-primary" role="button" href="{{ path('app_organization_planning', {'organizations[]': app.user.id, 'from': 'monday next week' | date('Y-m-d\\T00:00:00'), 'to': 'sunday next week' | date('Y-m-d\\T00:00:00')}) }}">
+        <a class="btn btn-outline-primary" role="button" href="{{ path('app_organization_planning', {'organizations[]': organization.id, 'from': 'monday next week' | date('Y-m-d\\T00:00:00'), 'to': 'sunday next week' | date('Y-m-d\\T00:00:00')}) }}">
             {{ 'organization.userAvailabilityNextWeek' | trans }}
         </a>
     </p>
 
     <hr>
-    <p><a class="btn btn-secondary" role="button" href="{{ path('app_organization_user_list', {'organization': app.user.id}) }}">{{ 'organization.showUserList' | trans }}</a></p>
-    <p><a class="btn btn-secondary" href="{{ path('app_organization_assets', {'organization': app.user.id}) }}" role="button">{{ 'organization.showCommissionableAssets' | trans }}</a></p>
+    <p><a class="btn btn-secondary" role="button" href="{{ path('app_organization_user_list') }}">{{ 'organization.showUserList' | trans }}</a></p>
+    <p><a class="btn btn-secondary" href="{{ path('app_organization_assets') }}" role="button">{{ 'organization.showCommissionableAssets' | trans }}</a></p>
 
-    {% if app.user.isParent() %}
+    {% if organization.isParent() %}
         <hr>
         <p><a class="btn btn-danger" href="{{ path('app_organization_planning', {minimumAvailableHours: 1, hideAssets: 1, 'userPropertyFilters[vulnerable]': 0}) }}" role="button">{{ 'organization.showAllUsersAvailability' | trans }}</a></p>
         <p><a class="btn btn-info" href="{{ path('app_organization_forecast') }}" role="button">{{ 'organization.forecast.title' | trans }}</a></p>
diff --git a/templates/organization/list.html.twig b/templates/organization/list.html.twig
index d81c5084..d8a11b4a 100644
--- a/templates/organization/list.html.twig
+++ b/templates/organization/list.html.twig
@@ -3,7 +3,7 @@
 {% block title %}{{ 'organization.list' | trans }}{% endblock %}
 
 {% block body %}
-    <h1>{{ app.user }}</h1>
+    <h1>{{ organization }}</h1>
 
     <div class="row">
         <div class="col-12 text-right mb-2">
@@ -19,14 +19,14 @@
             </tr>
             </thead>
             <tbody>
-            {% for organization in organizations %}
+            {% for child in organization.children %}
                 <tr>
-                    <td>{{ organization.name }}</td>
+                    <td>{{ child.name }}</td>
                     <td>
-                        <a href="{{ path('app_organization_edit', { object: organization.id }) }}" class="btn btn-outline-secondary">{{ 'action.edit' | trans }}</a>
-                        <a class="btn btn-outline-primary" role="button" href="{{ path('app_organization_user_list', {'organization': organization.id}) }}">{{ 'organization.userList' | trans }}</a>
-                        <a class="btn btn-outline-primary" role="button" href="{{ path('app_organization_assets', {'organization': organization.id}) }}">{{ 'organization.assetsList' | trans }}</a>
-                        <a class="btn btn-outline-primary" role="button" href="{{ path('app_organization_planning', {'organizations[]': organization.id, 'from': 'monday this week' | date('Y-m-d\\T00:00:00'), 'to': 'sunday this week' | date('Y-m-d\\T00:00:00')}) }}">{{ 'organization.userAvailabilities' | trans }}</a>
+                        <a href="{{ path('app_organization_edit', { organizationToEdit: child.id }) }}" class="btn btn-outline-secondary">{{ 'action.edit' | trans }}</a>
+                        <a class="btn btn-outline-primary" role="button" href="{{ path('app_organization_user_list', {organization: child.id}) }}">{{ 'organization.userList' | trans }}</a>
+                        <a class="btn btn-outline-primary" role="button" href="{{ path('app_organization_assets', {organization: child.id}) }}">{{ 'organization.assetsList' | trans }}</a>
+                        <a class="btn btn-outline-primary" role="button" href="{{ path('app_organization_planning', {'organizations[]': child.id, 'from': 'monday this week' | date('Y-m-d\\T00:00:00'), 'to': 'sunday this week' | date('Y-m-d\\T00:00:00')}) }}">{{ 'organization.userAvailabilities' | trans }}</a>
                     </td>
                 </tr>
             {% endfor %}
diff --git a/templates/organization/login.html.twig b/templates/organization/login.html.twig
deleted file mode 100644
index d814e45e..00000000
--- a/templates/organization/login.html.twig
+++ /dev/null
@@ -1,55 +0,0 @@
-{% extends 'organization/base.html.twig' %}
-
-{% block title %}{{ 'action.login' | trans }}{% endblock %}
-
-{% block body %}
-    <div class="row">
-        <div class="col-12 col-md-6 offset-md-3">
-            <form method="post">
-                {% if error %}
-                    <div class="alert alert-danger">
-                        {{ error.messageKey|trans(error.messageData, 'security_organization') }}
-                    </div>
-                {% endif %}
-
-                <h1 class="h3 mb-3 font-weight-normal">{{ 'action.login' | trans }}</h1>
-
-                <div class="form-row mb-4">
-                    <label for="inputIdentifier">{{ 'organization.label' | trans }}</label>
-                    <select name="identifier" id="inputIdentifier" class="form-control selectpicker show-tick" required data-live-search="true">
-                        {% for parentName, children in organizations %}
-                            <optgroup label="{{ parentName }}">
-                                {% for organization in children -%}
-                                    <option
-                                        value="{{ organization.id }}" {{ last_username == organization.id ? 'selected' : '' }}
-                                        title="{{ (organization.isParent ? '' : parentName~' - ')~ organization.name}}"
-                                    >
-                                        {{ (organization.isParent ? ' - ' : '') ~organization.name }}
-                                    </option>
-                                {%- endfor %}
-                            </optgroup>
-                        {% endfor %}
-                    </select>
-                </div>
-
-                <div class="form-row mb-4">
-                    <label for="inputPassword">Mot de passe</label>
-                    <input type="password" name="password" id="inputPassword" class="form-control" required>
-                </div>
-
-                <div class="mt-4 mb-2 d-flex">
-                    <label>
-                        <input type="checkbox" name="_remember_me"> {{ 'action.rememberMe' | trans }}
-                    </label>
-                </div>
-
-                <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">
-
-                <button class="btn btn-lg btn-primary w-100" type="submit">
-                    {{ 'action.loginSubmit' | trans }}
-                </button>
-            </form>
-        </div>
-    </div>
-
-{% endblock %}
diff --git a/templates/organization/mission/_list.html.twig b/templates/organization/mission/_list.html.twig
index c8219ca7..785040d3 100644
--- a/templates/organization/mission/_list.html.twig
+++ b/templates/organization/mission/_list.html.twig
@@ -58,7 +58,7 @@
                     {% endif %}
 
                     {% if modalLinks is not defined or modalLinks %}
-                        <button type="button" class="btn btn-outline-primary text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_mission_modal', {id: mission.id}) }}">
+                        <button type="button" class="btn btn-outline-primary text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_mission_modal', {mission: mission.id}) }}">
                             <span class="fa fa-copy"></span> {{ 'action.show' | trans }}
                         </button>
                     {% endif %}
diff --git a/templates/organization/mission/_list_full.html.twig b/templates/organization/mission/_list_full.html.twig
index 0d2cbb83..3cbb0a06 100644
--- a/templates/organization/mission/_list_full.html.twig
+++ b/templates/organization/mission/_list_full.html.twig
@@ -23,7 +23,7 @@
                 <td>
                     <span class="badge badge-secondary">{{ mission.type.name | default('') }}</span>
 
-                    <button type="button" class="btn btn-link p-0 text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_mission_modal', {id: mission.id}) }}">
+                    <button type="button" class="btn btn-link p-0 text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_mission_modal', {mission: mission.id}) }}">
                         <span class="fa fa-copy"></span> {{ mission.name }}
                     </button>
                 </td>
@@ -45,7 +45,7 @@
                     <td colspan="3"></td>
                     <td>{{ user.organization.name }}</td>
                     <td>
-                        <button type="button" class="btn btn-link p-0 text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_user_show_modal', {userToShow: user.id, organization: user.organization.id}) }}">
+                        <button type="button" class="btn btn-link p-0 text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_user_show_modal', {user: user.id}) }}">
                             <span class="fa fa-copy"></span> {{ user.fullName }}
                         </button>
                     </td>
@@ -66,7 +66,7 @@
                     <td colspan="3"></td>
                     <td>{{ asset.organization.name }}</td>
                     <td>
-                        <button type="button" class="btn btn-link p-0 text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_asset_show_modal', {asset: asset.id, organization: asset.organization.id}) }}">
+                        <button type="button" class="btn btn-link p-0 text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_asset_show_modal', {asset: asset.id}) }}">
                             <span class="fa fa-copy"></span> {{ asset }}
                         </button>
                     </td>
diff --git a/templates/organization/mission/_show.html.twig b/templates/organization/mission/_show.html.twig
index d6510371..d99b2cdd 100644
--- a/templates/organization/mission/_show.html.twig
+++ b/templates/organization/mission/_show.html.twig
@@ -1,4 +1,4 @@
-{% if app.user == mission.organization %}
+{% if organization == mission.organization %}
     <a class="btn btn-primary float-right" href="{{ path('app_organization_mission_edit', {'id': mission.id}) }}">{{ 'action.edit' | trans }}</a>
 {% endif %}
 
diff --git a/templates/organization/planning/_availabilities_assets.html.twig b/templates/organization/planning/_availabilities_assets.html.twig
index b233ccd2..8d7e5b85 100644
--- a/templates/organization/planning/_availabilities_assets.html.twig
+++ b/templates/organization/planning/_availabilities_assets.html.twig
@@ -11,7 +11,7 @@
 {% endblock itemDataHeader %}
 
 {% block itemDataRowHeader %}
-    <button type="button" class="btn btn-link p-0" data-toggle="ajax-modal" data-href="{{ path('app_organization_asset_show_modal', {asset: item.entity.id, organization: item.entity.organization.id}) }}">
+    <button type="button" class="btn btn-link p-0" data-toggle="ajax-modal" data-href="{{ path('app_organization_asset_show_modal', {asset: item.entity.id}) }}">
         {{ item.entity }}
     </button>
 {% endblock itemDataRowHeader %}
diff --git a/templates/organization/planning/_availabilities_users.html.twig b/templates/organization/planning/_availabilities_users.html.twig
index 45f75c23..d596da04 100644
--- a/templates/organization/planning/_availabilities_users.html.twig
+++ b/templates/organization/planning/_availabilities_users.html.twig
@@ -14,7 +14,7 @@
 {% endblock itemDataHeader %}
 
 {% block itemDataRowHeader %}
-    <button type="button" class="btn btn-link p-0" data-toggle="ajax-modal" data-href="{{ path('app_organization_user_show_modal', {userToShow: item.entity.id, organization: item.entity.organization.id}) }}">
+    <button type="button" class="btn btn-link p-0" data-toggle="ajax-modal" data-href="{{ path('app_organization_user_show_modal', {user: item.entity.id}) }}">
         {{ item.entity }}
     </button>
 
@@ -41,7 +41,7 @@
                     from: periodCalculator.from | date('Y-m-d\\T00:00:00'),
                     to: periodCalculator.to | date_modify('- 1 minute') | date('Y-m-d\\T00:00:00'),
                     organization: item.entity.organization.id,
-                    userToAdd: item.entity.id
+                    user: item.entity.id
                 }) }}"
                 title="{{ 'organization.asset.engage' | trans }}"
             ><span class="fa fa-plus"></span> {{ 'organization.mission.title' | trans }}</button>
diff --git a/templates/organization/planning/_results.html.twig b/templates/organization/planning/_results.html.twig
index 68dd456d..fff30a5a 100644
--- a/templates/organization/planning/_results.html.twig
+++ b/templates/organization/planning/_results.html.twig
@@ -1,4 +1,4 @@
-{% set displayActions = app.user.parent is empty %}
+{% set displayActions = organization.parent is empty %}
 <div class="container planning-actions-container">
     <div class="row">
         <div class="col-md">
diff --git a/templates/organization/search.html.twig b/templates/organization/search.html.twig
index 87cd27aa..e7c9e885 100644
--- a/templates/organization/search.html.twig
+++ b/templates/organization/search.html.twig
@@ -15,11 +15,11 @@
     <hr/>
     <h3>Bénévoles</h3>
     {% if users|length %}
-        {% include 'organization/user/_list.html.twig' with {organization: app.user} %}
+        {% include 'organization/user/_list.html.twig' %}
     {% else %}
         <p>{{ 'organization.search.noUsers' | trans }}</p>
     {% endif %}
-    <p><a class="btn btn-secondary" role="button" href="{{ path('app_organization_user_list', {'organization': app.user.id}) }}">Afficher la liste de mes bénévoles inscrits</a></p>
+    <p><a class="btn btn-secondary" role="button" href="{{ path('app_organization_user_list') }}">Afficher la liste de mes bénévoles inscrits</a></p>
 
     <hr/>
     <h3>Véhicules</h3>
@@ -28,5 +28,5 @@
     {% else %}
         <p>{{ 'organization.search.noAssets' | trans }}</p>
     {% endif %}
-    <p><a class="btn btn-secondary" href="{{ path('app_organization_assets', {'organization': app.user.id}) }}" role="button">Afficher la liste de mes véhicules</a></p>
+    <p><a class="btn btn-secondary" href="{{ path('app_organization_assets') }}" role="button">Afficher la liste de mes véhicules</a></p>
 {% endblock %}
diff --git a/templates/organization/user/_list.html.twig b/templates/organization/user/_list.html.twig
index 385439b0..358867d1 100644
--- a/templates/organization/user/_list.html.twig
+++ b/templates/organization/user/_list.html.twig
@@ -38,7 +38,7 @@
                 </td>
                 {% if showLinks is not defined or showLinks %}
                     <td>
-                        <button class="btn btn-outline-primary text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_user_show_modal', { 'userToShow': user.id }) }}">
+                        <button class="btn btn-outline-primary text-nowrap" data-toggle="ajax-modal" data-href="{{ path('app_organization_user_show_modal', { user: user.id }) }}">
                             <span class="fa fa-copy"></span> {{ 'action.show' | trans }}
                         </button>
                     </td>
diff --git a/templates/organization/user/_show.html.twig b/templates/organization/user/_show.html.twig
index 9f14a4e1..48ab9870 100644
--- a/templates/organization/user/_show.html.twig
+++ b/templates/organization/user/_show.html.twig
@@ -1,5 +1,5 @@
-{% if app.user == user.organization or app.user == user.organization.parent %}
-    <a class="btn btn-primary float-right" href="{{ path('app_organization_user_edit', {userToEdit: user.id}) }}">{{ 'action.edit' | trans }}</a>
+{% if is_granted('ROLE_PARENT_ORGANIZATION', user.organization) %}
+    <a class="btn btn-primary float-right" href="{{ path('app_organization_user_edit', {user: user.id}) }}">{{ 'action.edit' | trans }}</a>
 {% endif %}
 
 <h1 class="mb-4">{{ user }}</h1>
diff --git a/templates/organization/user/edit.html.twig b/templates/organization/user/edit.html.twig
index d9212767..d1dad217 100644
--- a/templates/organization/user/edit.html.twig
+++ b/templates/organization/user/edit.html.twig
@@ -12,7 +12,7 @@
         class="btn btn-outline-danger trigger-delete float-right"
         data-message="{{ 'message.deleteUserWarning' | trans }}"
         data-display-name="{{ user.firstName }} {{ user.lastName }} ( {{ user.identificationNumber }} )"
-        data-href="{{ path('app_organization_user_delete', { 'userToDelete': user.id }) }}"
+        data-href="{{ path('app_organization_user_delete', { user: user.id }) }}"
         href="#"
     >{{ 'action.delete' | trans }}</a>
 
diff --git a/templates/user/account-form.html.twig b/templates/user/account-form.html.twig
index aa03b3dd..c2232583 100644
--- a/templates/user/account-form.html.twig
+++ b/templates/user/account-form.html.twig
@@ -1,6 +1,6 @@
 {% extends 'base.html.twig' %}
 
-{%  set actionName = (user is defined and user.id is not null) ? 'Modification' : 'Création' %}
+{% set actionName = (user is defined and user.id is not null) ? 'Modification' : 'Création' %}
 {% block title %}{{ 'user.accountAction' | trans({ '%action%' : actionName }) }}{% endblock %}
 
 {% block javascripts %}
diff --git a/templates/user/index.html.twig b/templates/user/index.html.twig
index 97befd46..9b882fee 100644
--- a/templates/user/index.html.twig
+++ b/templates/user/index.html.twig
@@ -6,7 +6,10 @@
     {{ include('misc/flash-messages.html.twig') }}
     <h1>{{ 'user.welcome' | trans({'%name%': app.user.fullName}) }}</h1>
     <p>{{ 'user.identificationNumber' | trans }} : {{ app.user.identificationNumber }}</p>
-    <p><a class="btn btn-outline-primary" href="{{ path('app_user_edit') }}" role="button">{{ 'user.editMyInfo' | trans }}</a></p>
+    <p>
+        <a class="btn btn-outline-primary" href="{{ path('app_user_edit') }}" role="button">{{ 'user.editMyInfo' | trans }}</a>
+        <a class="btn btn-outline-primary" href="{{ path('app_user_password') }}" role="button">{{ (app.user.password is empty ? 'user.createMyPassword' : 'user.editMyPassword') | trans }}</a>
+    </p>
 
     <hr class="mt-5">
 
diff --git a/templates/user/login.html.twig b/templates/user/login.html.twig
index e35247ce..d15719b0 100644
--- a/templates/user/login.html.twig
+++ b/templates/user/login.html.twig
@@ -23,6 +23,7 @@
                             {{ form_start(loginForm) }}
                             {{ form_row(loginForm.identifier) }}
                             {{ form_row(loginForm.birthday) }}
+                            {{ form_row(loginForm.password) }}
 
                             <div class="custom-control custom-checkbox mt-4 mb-5">
                                 <input type="checkbox" class="custom-control-input" name="_remember_me" id="_remember_me">
diff --git a/templates/user/password-form.html.twig b/templates/user/password-form.html.twig
new file mode 100644
index 00000000..446419ec
--- /dev/null
+++ b/templates/user/password-form.html.twig
@@ -0,0 +1,29 @@
+{% extends 'base.html.twig' %}
+
+{% block title %}{{ 'user.passwordAction' | trans }}{% endblock %}
+
+{% block body %}
+    <h1>{{ 'user.passwordAction' | trans }}</h1>
+
+    {{ form_start(form) }}
+    {{ form_errors(form) }}
+
+    <div class="row">
+        {% if form.currentPassword is defined %}
+            <div class="col-12 col-md-6">
+                {{ form_row(form.currentPassword) }}
+            </div>
+        {% endif %}
+        <div class="col-12 col-md-6">
+            {{ form_row(form.plainPassword) }}
+        </div>
+    </div>
+
+    <div class="float-right">
+        <div class="form-group">
+            <button type="submit" id="user_submit" class="btn-primary btn">{{ 'action.submit'|trans }}</button>
+        </div>
+    </div>
+    <div class="clearfix"></div>
+    {{ form_end(form) }}
+{% endblock %}
diff --git a/tests/Behat/SecurityContext.php b/tests/Behat/SecurityContext.php
index bc7cf07e..2798ce3b 100644
--- a/tests/Behat/SecurityContext.php
+++ b/tests/Behat/SecurityContext.php
@@ -4,9 +4,6 @@
 
 namespace App\Tests\Behat;
 
-use App\Entity\Organization;
-use App\Entity\User;
-use App\Repository\OrganizationRepository;
 use App\Repository\UserRepository;
 use Behat\Behat\Context\Environment\InitializedContextEnvironment;
 use Behat\Behat\Hook\Scope\BeforeScenarioScope;
@@ -15,7 +12,6 @@
 use Behat\MinkExtension\Context\MinkContext;
 use Behat\MinkExtension\Context\RawMinkContext;
 use PantherExtension\Driver\PantherDriver;
-use Symfony\Bridge\Doctrine\Security\User\UserLoaderInterface;
 use Symfony\Component\BrowserKit\Cookie;
 use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
@@ -25,14 +21,12 @@
 final class SecurityContext extends RawMinkContext
 {
     private UserRepository $userRepository;
-    private OrganizationRepository $organizationRepository;
     private SessionInterface $session;
     private MinkContext $minkContext;
 
-    public function __construct(UserRepository $userRepository, OrganizationRepository $organizationRepository, SessionInterface $session)
+    public function __construct(UserRepository $userRepository, SessionInterface $session)
     {
         $this->userRepository = $userRepository;
-        $this->organizationRepository = $organizationRepository;
         $this->session = $session;
     }
 
@@ -51,16 +45,11 @@ public function gatherContext(BeforeScenarioScope $scope): void
     /**
      * @Given I am authenticated as :username
      */
-    public function login(string $username, UserLoaderInterface $repository = null): void
+    public function login(string $username): void
     {
-        if ($repository) {
-            $user = $repository->loadUserByUsername($username);
-        } elseif (!$user = $this->userRepository->loadUserByUsername($username)) {
-            $user = $this->organizationRepository->loadUserByUsername($username);
-        }
-
+        $user = $this->userRepository->loadUserByUsername($username);
         if (!$user) {
-            throw new UsernameNotFoundException(\sprintf('%s is not a valid User or Organization.', $username));
+            throw new UsernameNotFoundException(\sprintf('%s is not a valid User.', $username));
         }
 
         /** @var BrowserKitDriver|PantherDriver $driver */
@@ -72,10 +61,9 @@ public function login(string $username, UserLoaderInterface $repository = null):
             return;
         }
 
-        $firewall = $user instanceof Organization ? 'organizations' : 'main';
         $this->session->set(
-            "_security_$firewall",
-            serialize(new UsernamePasswordToken($user, null, $firewall, $user->getRoles()))
+            '_security_main',
+            serialize(new UsernamePasswordToken($user, null, 'main', $user->getRoles()))
         );
         $this->session->save();
 
@@ -88,32 +76,13 @@ public function login(string $username, UserLoaderInterface $repository = null):
     private function loginForPanther(UserInterface $user): void
     {
         try {
-            if ($user instanceof User) {
-                $this->loginUserForPantherDriver($user);
-            }
-
-            if ($user instanceof Organization) {
-                $this->loginOrganizationForPantherDriver($user);
-            }
+            $this->minkContext->visit('/login');
+            $this->minkContext->fillField('user_login[identifier]', $user->getUsername());
+            $this->minkContext->fillField('user_login[password]', 'covid19');
+            $this->minkContext->pressButton('Je me connecte');
+            $this->minkContext->assertPageAddress('/');
         } catch (\Exception $exception) {
             throw new ExpectationException(sprintf('Impossible to connect user: %s', $exception->getMessage()), $this->getSession(), $exception);
         }
     }
-
-    private function loginUserForPantherDriver(User $user): void
-    {
-        $this->minkContext->visit('/login');
-        $this->minkContext->fillField('user_login[identifier]', $user->getIdentificationNumber());
-        $this->minkContext->pressButton('Je me connecte');
-        $this->minkContext->assertPageAddress('/');
-    }
-
-    private function loginOrganizationForPantherDriver(Organization $user): void
-    {
-        $this->minkContext->visit('/organizations/login');
-        $this->minkContext->selectOption('identifier', $user->getUsername());
-        $this->minkContext->fillField('password', 'covid19');
-        $this->minkContext->pressButton('Je me connecte');
-        $this->minkContext->assertPageAddress('/organizations/'.$user->getId());
-    }
 }
diff --git a/tests/Behat/UserPlanningContext.php b/tests/Behat/UserPlanningContext.php
index 4681d008..094f4413 100644
--- a/tests/Behat/UserPlanningContext.php
+++ b/tests/Behat/UserPlanningContext.php
@@ -4,12 +4,20 @@
 
 namespace App\Tests\Behat;
 
+use App\Domain\DatePeriodCalculator;
 use Behat\Mink\Exception\ElementNotFoundException;
 use Behat\Mink\Exception\ExpectationException;
 use Behat\MinkExtension\Context\RawMinkContext;
 
 final class UserPlanningContext extends RawMinkContext
 {
+    private string $slotInterval;
+
+    public function __construct(string $slotInterval)
+    {
+        $this->slotInterval = $slotInterval;
+    }
+
     /**
      * @When /^I (?P<action>(?:check|uncheck)) "(?P<time>[^"]+)" availability checkbox$/
      */
@@ -20,12 +28,7 @@ public function checkColumn(string $action, string $time): void
             throw new \InvalidArgumentException("Time \"$time\" is not valid.");
         }
 
-        $dateTime = new \DateTime($time);
-        $dateTime->setTime((int) $dateTime->format('H'), 0, 0, 0);
-        if (1 === (int) $dateTime->format('H') % 2) {
-            $dateTime->setTime((int) $dateTime->format('H') - 1, 0, 0, 0);
-        }
-
+        $dateTime = DatePeriodCalculator::roundToDailyInterval(new \DateTimeImmutable($time), \DateInterval::createFromDateString($this->slotInterval));
         $elements = $page->findAll('css', sprintf('table.availability-form-table tbody td[data-from="%d"] input[type="checkbox"]:not(:disabled)', $dateTime->format('U')));
         if (0 === \count($elements)) {
             throw new ElementNotFoundException($this->getSession()->getDriver(), 'form field', 'css', sprintf('%s (%s) (%s)', $time, $dateTime->format('Y-m-d H:i:s'), $dateTime->format('U')));
@@ -82,8 +85,15 @@ public function verifyColumn(string $time, string $state): void
         // Reverse the state to ensure no element is checked/unchecked
         $locator .= 'checked' === $state ? ':not(:checked)' : ':checked';
         $count = \count($page->findAll('css', $locator));
-        if (0 < $count) {
-            throw new ExpectationException(sprintf('%d checkboxes of column "%s" are not %s.', (int) $count, $time, (string) $state), $this->getSession()->getDriver());
+        if (0 === $count) {
+            return;
         }
+
+        $message = sprintf('%d checkboxes of column "%s" are not %s.', (int) $count, $time, (string) $state);
+        if (1 === $count) {
+            $message = sprintf('the checkbox of column "%s" is not %s.', $time, (string) $state);
+        }
+
+        throw new ExpectationException($message, $this->getSession()->getDriver());
     }
 }
diff --git a/tests/Security/Voter/CommissionableAssetVoterTest.php b/tests/Security/Voter/CommissionableAssetVoterTest.php
deleted file mode 100644
index e20f81e3..00000000
--- a/tests/Security/Voter/CommissionableAssetVoterTest.php
+++ /dev/null
@@ -1,80 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Tests\Security\Voter;
-
-use App\Entity\CommissionableAsset;
-use App\Entity\Organization;
-use App\Entity\User;
-use App\Security\Voter\CommissionableAssetVoter;
-use PHPUnit\Framework\TestCase;
-use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
-use Symfony\Component\Security\Core\User\UserInterface;
-
-class CommissionableAssetVoterTest extends TestCase
-{
-    /** @dataProvider voteProvider */
-    public function testVote(string $attribute, CommissionableAsset $subject, int $expectedResult, ?UserInterface $user): void
-    {
-        $voter = new CommissionableAssetVoter();
-        $token = $this->createMock(TokenInterface::class);
-
-        $token->expects($this->exactly($expectedResult ? 1 : 0))->method('getUser')->willReturn($user);
-
-        $this->assertSame($expectedResult, $voter->vote($token, $subject, [$attribute]));
-    }
-
-    public function voteProvider(): array
-    {
-        $parentOrganization = new Organization();
-        $childOrganization = new Organization();
-        $childOrganization->parent = $parentOrganization;
-
-        $parentAsset = new CommissionableAsset();
-        $parentAsset->organization = $parentOrganization;
-
-        $childAsset = new CommissionableAsset();
-        $childAsset->organization = $childOrganization;
-
-        return [
-            'wrong attribute abstains' => [
-                'attribute' => 'foo',
-                'subject' => $parentAsset,
-                'expectedResult' => VoterInterface::ACCESS_ABSTAIN,
-                'loggedOrganization' => null,
-            ],
-            'denies access for plain user' => [
-                'attribute' => CommissionableAssetVoter::CAN_EDIT,
-                'subject' => $parentAsset,
-                'expectedResult' => VoterInterface::ACCESS_DENIED,
-                'loggedOrganization' => new User(),
-            ],
-            'denies access for different organization' => [
-                'attribute' => CommissionableAssetVoter::CAN_EDIT,
-                'subject' => $parentAsset,
-                'expectedResult' => VoterInterface::ACCESS_DENIED,
-                'loggedOrganization' => new Organization(),
-            ],
-            'grants access for same organization' => [
-                'attribute' => CommissionableAssetVoter::CAN_EDIT,
-                'subject' => $parentAsset,
-                'expectedResult' => VoterInterface::ACCESS_GRANTED,
-                'loggedOrganization' => $parentOrganization,
-            ],
-            'denies access for child organization' => [
-                'attribute' => CommissionableAssetVoter::CAN_EDIT,
-                'subject' => $parentAsset,
-                'expectedResult' => VoterInterface::ACCESS_DENIED,
-                'loggedOrganization' => $childOrganization,
-            ],
-            'grants access for parent organization' => [
-                'attribute' => CommissionableAssetVoter::CAN_EDIT,
-                'subject' => $childAsset,
-                'expectedResult' => VoterInterface::ACCESS_GRANTED,
-                'loggedOrganization' => $parentOrganization,
-            ],
-        ];
-    }
-}
diff --git a/tests/Security/Voter/OrganizationVoterTest.php b/tests/Security/Voter/OrganizationVoterTest.php
deleted file mode 100644
index 4c069967..00000000
--- a/tests/Security/Voter/OrganizationVoterTest.php
+++ /dev/null
@@ -1,73 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Tests\Security\Voter;
-
-use App\Entity\Organization;
-use App\Entity\User;
-use App\Security\Voter\OrganizationVoter;
-use PHPUnit\Framework\TestCase;
-use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
-use Symfony\Component\Security\Core\User\UserInterface;
-
-class OrganizationVoterTest extends TestCase
-{
-    /** @dataProvider voteProvider */
-    public function testVote(string $attribute, Organization $subject, int $expectedResult, ?UserInterface $user): void
-    {
-        $voter = new OrganizationVoter();
-        $token = $this->createMock(TokenInterface::class);
-
-        $token->expects($this->exactly($expectedResult ? 1 : 0))->method('getUser')->willReturn($user);
-
-        $this->assertSame($expectedResult, $voter->vote($token, $subject, [$attribute]));
-    }
-
-    public function voteProvider(): array
-    {
-        $organization = new Organization();
-        $child = new Organization();
-        $child->parent = $organization;
-
-        return [
-            'wrong attribute abstains' => [
-                'attribute' => 'foo',
-                'subject' => $organization,
-                'expectedResult' => VoterInterface::ACCESS_ABSTAIN,
-                'loggedOrganization' => null,
-            ],
-            'denies access for plain user' => [
-                'attribute' => OrganizationVoter::CAN_MANAGE,
-                'subject' => $organization,
-                'expectedResult' => VoterInterface::ACCESS_DENIED,
-                'loggedOrganization' => new User(),
-            ],
-            'denies access for different organization' => [
-                'attribute' => OrganizationVoter::CAN_MANAGE,
-                'subject' => $organization,
-                'expectedResult' => VoterInterface::ACCESS_DENIED,
-                'loggedOrganization' => new Organization(),
-            ],
-            'grants access for same organization' => [
-                'attribute' => OrganizationVoter::CAN_MANAGE,
-                'subject' => $organization,
-                'expectedResult' => VoterInterface::ACCESS_GRANTED,
-                'loggedOrganization' => $organization,
-            ],
-            'denies access for child organization' => [
-                'attribute' => OrganizationVoter::CAN_MANAGE,
-                'subject' => $organization,
-                'expectedResult' => VoterInterface::ACCESS_DENIED,
-                'loggedOrganization' => $child,
-            ],
-            'grants access for parent organization' => [
-                'attribute' => OrganizationVoter::CAN_MANAGE,
-                'subject' => $child,
-                'expectedResult' => VoterInterface::ACCESS_GRANTED,
-                'loggedOrganization' => $organization,
-            ],
-        ];
-    }
-}
diff --git a/translations/messages.fr.yaml b/translations/messages.fr.yaml
index eb8c943c..a8252eb8 100644
--- a/translations/messages.fr.yaml
+++ b/translations/messages.fr.yaml
@@ -211,6 +211,7 @@ project:
   version: Version %tag%
 user:
   accountAction: "%action% de compte"
+  passwordAction: Mon mot de passe
   availabilities: Vos disponibilités
   availabilityCurrentWeek: Mes disponibilités pour la semaine courante
   availabilityNextWeek: Mes disponibilités pour la semaine prochaine
@@ -224,11 +225,14 @@ user:
   dob: Date de naissance
   info: Informations
   editMyInfo: Modifier mes informations
+  editMyPassword: Modifier mon mot de passe
+  createMyPassword: Renseigner mon mot de passe
   email: E-mail
   firstName: Prénom
   identificationNumber: NIVOL
   lastName: Nom
   login: Numéro NIVOL ou Adresse e-mail
+  password: Mot de passe
   mobile: Numéro de téléphone portable
   occupationTitle: Profession
   occupation: