diff --git a/endpoints/api.py b/endpoints/api.py
index f49cbba0b..de89b4b7c 100644
--- a/endpoints/api.py
+++ b/endpoints/api.py
@@ -202,26 +202,26 @@ def get_matching_entities(prefix):
   organization_name = request.args.get('organization', None)
   organization = None
   if organization_name:
-    try:
-      organization = model.get_organization(organization_name)
-    except:
-      pass
+    permission = OrganizationMemberPermission(organization_name)
+    if permission.can():
+      try:
+        organization = model.get_organization(organization_name)
+      except:
+        pass
 
-    if organization:
-      # TODO: ensure that the user has access to the organization
-      teams = model.get_matching_teams(prefix, organization)
+      if organization:
+        teams = model.get_matching_teams(prefix, organization)
 
   users = model.get_matching_users(prefix, organization)
 
   def team_view(team):
     return {
       'name': team.name,
-      'kind': 'team'
+      'kind': 'team',
+      'is_org_member': True,
     }
 
   def user_view(user):
-    # TODO: Return whether the user is outside the organization (if one is
-    # specified)
     return {
       'name': user.username,
       'kind': 'user',