Skip to main content

Create and manage organizations

An organization is an entity in IDaaS to which users can be associated. An IDaaS user can belong to one or more organizations. When the user authenticates using SAML or OIDC, the authentication response indicates the organizations to which the user belongs. Organizations can then be returned from an OIDC and OAuth as claim values or a SAML application as attribute values, as follows:

  • A full set of organization names a user belongs to.
  • A full set of organizations unique identifiers a user belongs to.
  • A selected organization name.
  • A selected organization unique identifier.

Organization selection

  • The client application can request the selected organization.
  • If a user belongs to more than one organization, the user can select the organization.
  • Organization selection occurs after Identity Provider authentication completes.

Domain-based IDPs

  • Identity Providers can be linked to one or more domains. These are called domain-based IDPs.
  • A domain-based IDP is tied to the domain in a user's IDaaS User ID. For example, in user@domain, domain is the user's domain.
  • If that domain is configured for an IDP, that IDP is treated as domain-based for that user.
  • Authentication flows can use non-domain-based IDPs, domain-based IDPs, or both.
  • When using domain-based IDPs, the user's domain determines which IDP they can use.

See Manage Identity Providers and Create authentication flows.

Business-to-business example

  • Organizations are used in business-to-business scenarios.
  • For example, an organization can represent a third party your company works with, such as My Corporation.
  • Users in My Corporation can sign in to your IDaaS environment using their own My Corporation Identity Provider.
  • Your IDaaS SAML or OIDC client applications can then use the returned user organization.
  • Some users may work on behalf of another organization. For example, a reseller in a Contractor organization may also work on behalf of My Corporation.
  • The reseller signs in with the Contractor Identity Provider, then selects My Corporation as the organization they are representing.

Prerequisites

Before you begin, you need to configure an application to use with organizations. Choose the most suitable application for your organization from the following list:

Create an organization

  1. Click > Members > Organizations. The Organizations page appears.
  2. Click . The My Organization page appears.
  3. Enter an Identifier for the organization. For example, Contractor.
  4. Enter a Display Name. For example: Services Contractor. An organization identifier is a short name for the organization that can be updated.
  5. Enter a Description for the organization.
  6. Optional. Enter a valid URI for an Organization Logo.
  7. Click Save. The My Organization page updates to provide two new tabs: Overview and Users tab. By default, the Overview page appears and displays an Organization ID. An Organization ID is a unique identifier for the organization that never changes.
  8. Once you create the Organization, you need to add members to it. Go to the procedure To add users to your organization.

Add users to your organization

This procedure explains how to add individual users to your organization. To add users automatically, create an IDP that creates users and assigns them to the organization. This happens the first time a user signs in through the Identity Provider and is created in IDaaS. See Manage Identity Providers.

  1. In the My Organization page, click the Users tab. The users in Organization page appears.
  2. In the Add User to <My Organization> field, start typing the name and select it from the drop-down list. Alternatively, use the search option to find the user (see View, filter, and export user list).
  3. Continue these steps to add more users.

Manage organizations

  1. Click > Members > Organizations. The Organizations page appears.
  2. Do the following, as required:
    • Click the Display Name of the organization and make the required changes.
    • Copy the Identifier.
    • Copy the Organization ID.
    • Click Delete on the Delete User prompt.