keycloak-scim/docs/documentation/server_admin/topics/organizations/managing-organization.adoc

[id="managing-organization_{context}"]

[[_enabling_organization_]]
=  Enabling Organizations

To use organizations, you enable the feature for the current realm.

.Procedure

. Click *Realm Settings* in the menu.

. Toggle *Organizations* to *On*.

Once the feature is enabled, you are able to manage organizations through the *Organizations* section available from the
menu.

=  Managing an organization
[role="_abstract"]

From the *Organizations* section, you can manage all the organizations in your realm.

.Procedure

. Click *Create Organization*.

If organizations already exist, you see a list of organizations and options to search, edit, or delete an organization.

An organization has the following settings:

Name::
A user-friendly name for the organization. The name is unique within a realm.

Domains::
A set of one or more domains that belongs to this organization. A domain cannot be shared by different organizations
within a realm.

Description::
A free-text field to describe the organization.

Once you create an organization, you can manage the additional settings that are described in the following sections:

* <<_managing_attributes_,Manage attributes>>
* <<_managing_members_,Manage members>>
* <<_managing_identity_provider_,Manage identity providers>>

== Understanding organization domains

When managing an organization, the domain associated with an organization plays an important role in how
organization members authenticate to a realm and how their profiles are validated.

One of the key roles of a domain is to help to identify the organizations where a user is a member. By looking at their
email address, {project_name} will match a corresponding organization using the same domain and eventually change the
authentication flow based on the organization requirements.

The domain also allows organizations to enforce that users are not allowed to use a domain in their emails
other than those associated with an organization. This restriction is especially useful when users, and their identities, are federated from
identity providers associated with an organization and you want to force a specific email domain for their email addresses.

==  Disabling an organization

To disable an organization, toggle *Enabled* to *Off*.

When an organization is disabled, you can still manage it through the management interfaces, but the organization members
cannot authenticate to the realm, including authenticating through the identity providers associated with the
organization as they are also automatically disabled.

However, the unmanaged members of an organization are still able to authenticate to the realm as they are also realm users, but
tokens will not hold metadata about their relationship with an organization that is disabled.

For more details about managed and unmanaged users, see <<_managed_unmanaged_members_,Managed and unmanaged members>> section.

== Remove an organization

To remove an organization, you can click the *Delete* action for the corresponding organization in the listing page or
when editing an organization.

When removing an organization, all data associated with it will be deleted, including any managed member.

Unmanaged users and identity providers remain in the realm, but they are no longer linked to the
organization.

For more details about managed and unmanaged users, see <<_managed_unmanaged_members_,Managed and unmanaged members>>.
Adding organization section (#29796) Closes #28731 Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com> Co-authored-by: andymunro <48995441+andymunro@users.noreply.github.com> 2024-06-10 07:08:50 +00:00			`[id="managing-organization_{context}"]`

			`[[_enabling_organization_]]`
			`= Enabling Organizations`

			`To use organizations, you enable the feature for the current realm.`

			`.Procedure`

			`. Click Realm Settings in the menu.`

			`. Toggle Organizations to On.`

			`Once the feature is enabled, you are able to manage organizations through the Organizations section available from the`
			`menu.`

			`= Managing an organization`
			`[role="_abstract"]`

			`From the Organizations section, you can manage all the organizations in your realm.`

			`.Procedure`

			`. Click Create Organization.`

			`If organizations already exist, you see a list of organizations and options to search, edit, or delete an organization.`

			`An organization has the following settings:`

			`Name::`
			`A user-friendly name for the organization. The name is unique within a realm.`

			`Domains::`
			`A set of one or more domains that belongs to this organization. A domain cannot be shared by different organizations`
			`within a realm.`

			`Description::`
			`A free-text field to describe the organization.`

			`Once you create an organization, you can manage the additional settings that are described in the following sections:`

			`* <<_managing_attributes_,Manage attributes>>`
			`* <<_managing_members_,Manage members>>`
			`* <<_managing_identity_provider_,Manage identity providers>>`

			`== Understanding organization domains`

			`When managing an organization, the domain associated with an organization plays an important role in how`
			`organization members authenticate to a realm and how their profiles are validated.`

			`One of the key roles of a domain is to help to identify the organizations where a user is a member. By looking at their`
			`email address, {project_name} will match a corresponding organization using the same domain and eventually change the`
			`authentication flow based on the organization requirements.`

			`The domain also allows organizations to enforce that users are not allowed to use a domain in their emails`
			`other than those associated with an organization. This restriction is especially useful when users, and their identities, are federated from`
			`identity providers associated with an organization and you want to force a specific email domain for their email addresses.`

			`== Disabling an organization`

			`To disable an organization, toggle Enabled to Off.`

			`When an organization is disabled, you can still manage it through the management interfaces, but the organization members`
			`cannot authenticate to the realm, including authenticating through the identity providers associated with the`
			`organization as they are also automatically disabled.`

			`However, the unmanaged members of an organization are still able to authenticate to the realm as they are also realm users, but`
			`tokens will not hold metadata about their relationship with an organization that is disabled.`

			`For more details about managed and unmanaged users, see <<_managed_unmanaged_members_,Managed and unmanaged members>> section.`

			`== Remove an organization`

			`To remove an organization, you can click the Delete action for the corresponding organization in the listing page or`
			`when editing an organization.`

			`When removing an organization, all data associated with it will be deleted, including any managed member.`

			`Unmanaged users and identity providers remain in the realm, but they are no longer linked to the`
			`organization.`

			`For more details about managed and unmanaged users, see <<_managed_unmanaged_members_,Managed and unmanaged members>>.`