diff --git a/metriq-api/api-routes.js b/metriq-api/api-routes.js
index 9c9d1bc..18564cb 100644
--- a/metriq-api/api-routes.js
+++ b/metriq-api/api-routes.js
@@ -37,6 +37,7 @@ router.route('/user/password')
   .post(accountController.update_password)
 router.route('/user')
   .get(userController.read)
+  .post(userController.update)
   .delete(userController.delete)
 router.route('/user/submission/:page')
   .get(userController.readSubmissions)
diff --git a/metriq-api/controller/userController.js b/metriq-api/controller/userController.js
index 144ec7b..056ff0c 100644
--- a/metriq-api/controller/userController.js
+++ b/metriq-api/controller/userController.js
@@ -39,6 +39,12 @@ exports.read = async function (req, res) {
     'Successfully retrieved user profile.')
 }
 
+exports.update = async function (req, res) {
+  routeWrapper(res,
+    async () => await userService.update(req.body),
+    'Successfully retrieved user profile.')
+}
+
 // Validate the delete request and delete the user.
 exports.delete = async function (req, res) {
   routeWrapper(res,
diff --git a/metriq-api/service/userService.js b/metriq-api/service/userService.js
index c339211..6f53629 100644
--- a/metriq-api/service/userService.js
+++ b/metriq-api/service/userService.js
@@ -109,6 +109,18 @@ class UserService extends ModelService {
     return { success: true, body: await this.sanitize(user) }
   }
 
+  async update (reqBody) {
+    const user = await this.getByPk(reqBody.id)
+    if (!user) {
+      return { success: false, error: 'User not found.' }
+    }
+
+    user.affiliation = reqBody.affiliation
+    await user.save()
+
+    return { success: true, body: await this.sanitize(user) }
+  }
+
   async login (reqBody) {
     const user = await this.getByUsernameOrEmail(reqBody.username)
     if (!user) {
diff --git a/metriq-app b/metriq-app
index f1715a5..cf613f3 160000
--- a/metriq-app
+++ b/metriq-app
@@ -1 +1 @@
-Subproject commit f1715a54d89779d160c17273615ff7606623db66
+Subproject commit cf613f359fa115712d9faf6e95dd326b594a9f1c