Contents
|
Organizations
An Organization represents the top-level of a hierarchical structure used by an enterprise to manage its departments and resources. Upon installation, Identity Server dynamically creates a top-level organization (defined during installation) to manage the Identity Server enterprise configurations. Additional organizations can be created after installation to manage separate enterprises. All created organizations fall beneath the top-level organization.
This section contains the following topics:
To Create an Organization
- Choose Organizations from the View menu in the Identity Management module.
- Click New in the Navigation pane.
- Enter the values for the fields. Only Name is required. The fields are:
Name. Enter a value for the name of the Organization.
Domain Name. Enter the full Domain Name System (DNS) name for the organization, if it has one.
Organization Status. Choose a status of active or inactive.
The default is active. This can be changed at any time during the life of the organization by selecting the Properties icon. Choosing inactive disables user access when logging in to the organization.
Organization Aliases. This field defines alias names for the organization, allowing you to use the aliases for authentication with a URL login. For example, if you have an organization named exampleorg, and define 123 and abc as aliases, you can log into the organization using any of the following URLs:
http://machine.example.com/UI/Login?org=exampleorg
http://machine.example.com/UI/Login?org=abc
http://machine.example.com/UI/Login?org=123
Organization alias names must be unique throughout the organization. You can use the Unique Attribute List to enforce uniqueness.
DNS Alias Names. Allows you to add alias names for the DNS name for the organization. This attribute only accepts “real” domain aliases (random strings are not allowed). For example, if you have a DNS named example.com, and define example1.com and example2.com as aliases for an organization named exampleorg, you can log into the organization using any of the following URLs:
http://machine.example.com/UI/Login?org=exampleorg
http://machine.example1.com/UI/Login?=org=exampleorg
http://machine.example2.com/UI/Login?org=exampleorg
Unique Attribute List. Allows you to add a list of unique attribute names for users in the organization. For example, if you add a unique attribute name specifying an email address, you would not be able to create two users with the same email address. This field also accepts a comma-separated list. Any one of the attribute names in the list defines uniqueness. For example, if the field contains the following list of attribute names:
PreferredDomain, AssociatedDomain
and PreferredDomain is defined as http://www.example.com for a particular user, then the entire comma-separated list is defined as unique for that URL.
Uniqueness is enforced for all suborganizations.
- Click OK.
The new organization displays in the Navigation pane. To edit any of the properties that you defined during creation of the organization, click the Properties arrow of the organization you wish to edit, select General from the View menu in the Data pane, edit the properties and click OK. You can use the Display Options and Available Actions views to customize the appearance of the Identity Server console and to specify the behavior for any users that authenticate to this organization.
To Delete an Organization
To Add an Organization to a Policy
Identity Server objects are added to a policy through the policy’s subject definition. When a policy is created or modified, organizations, roles, groups, and users can be defined as the subject in the policy’s Subject page. Once the subject is defined, the policy will be applied to the object.
Contents |