diff --git a/components/org.wso2.carbon.identity.auth.service/src/main/java/org/wso2/carbon/identity/auth/service/handler/AuthenticationHandler.java b/components/org.wso2.carbon.identity.auth.service/src/main/java/org/wso2/carbon/identity/auth/service/handler/AuthenticationHandler.java
index 1b1b2eb3..2e9f66da 100644
--- a/components/org.wso2.carbon.identity.auth.service/src/main/java/org/wso2/carbon/identity/auth/service/handler/AuthenticationHandler.java
+++ b/components/org.wso2.carbon.identity.auth.service/src/main/java/org/wso2/carbon/identity/auth/service/handler/AuthenticationHandler.java
@@ -103,14 +103,19 @@ protected void postAuthenticate(MessageContext messageContext, AuthenticationRes
                 // organization is authorized to access. Skip this for cross tenant scenarios.
 
                 String authorizedOrganization = null;
+                String userResidentOrganization = null;
                 if (user instanceof AuthenticatedUser) {
                     authorizedOrganization = ((AuthenticatedUser) user).getAccessingOrganization();
+                    userResidentOrganization = ((AuthenticatedUser) user).getUserResidentOrganization();
                 }
+
                 if (user.getTenantDomain() != null && (user.getTenantDomain()
                         .equalsIgnoreCase(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain()) ||
                         StringUtils.isNotEmpty(authorizedOrganization))) {
                     PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(IdentityUtil.addDomainToName
                             (user.getUserName(), user.getUserStoreDomain()));
+                    // Set the user's resident organization if user not belongs to the accessing organization
+                    IdentityUtil.threadLocalProperties.get().put("USER_RESIDENT_ORG", userResidentOrganization);
                 }
                 // Set the user id to the Carbon context if the user authentication is succeeded.
                 try {
diff --git a/components/org.wso2.carbon.identity.auth.valve/src/main/java/org/wso2/carbon/identity/auth/valve/AuthenticationValve.java b/components/org.wso2.carbon.identity.auth.valve/src/main/java/org/wso2/carbon/identity/auth/valve/AuthenticationValve.java
index b3a49f9f..46bf2948 100644
--- a/components/org.wso2.carbon.identity.auth.valve/src/main/java/org/wso2/carbon/identity/auth/valve/AuthenticationValve.java
+++ b/components/org.wso2.carbon.identity.auth.valve/src/main/java/org/wso2/carbon/identity/auth/valve/AuthenticationValve.java
@@ -193,6 +193,9 @@ public void invoke(Request request, Response response) throws IOException, Servl
             unsetMDCThreadLocals();
             // Clear thread local authenticated with basic auth flag.
             unsetAuthenticatedWithBasicAuth();
+
+            // Clear user resident organization thread local.
+            IdentityUtil.threadLocalProperties.get().remove("USER_RESIDENT_ORG");
         }