86 lines
3.6 KiB
Text
86 lines
3.6 KiB
Text
[id="managing-organization_{context}"]
|
|
|
|
[[_enabling_organization_]]
|
|
= Enabling Organizations
|
|
|
|
To use organizations, you enable the feature for the current realm.
|
|
|
|
.Procedure
|
|
|
|
. Click *Realm Settings* in the menu.
|
|
|
|
. Toggle *Organizations* to *On*.
|
|
|
|
Once the feature is enabled, you are able to manage organizations through the *Organizations* section available from the
|
|
menu.
|
|
|
|
= Managing an organization
|
|
[role="_abstract"]
|
|
|
|
From the *Organizations* section, you can manage all the organizations in your realm.
|
|
|
|
.Procedure
|
|
|
|
. Click *Create Organization*.
|
|
|
|
If organizations already exist, you see a list of organizations and options to search, edit, or delete an organization.
|
|
|
|
An organization has the following settings:
|
|
|
|
Name::
|
|
A user-friendly name for the organization. The name is unique within a realm.
|
|
|
|
Alias::
|
|
An alias for this organization, used to reference the organization internally. The alias is unique within a realm.
|
|
If not set, the value is the same as the organization name. The alias cannot change afterwards.
|
|
|
|
Domains::
|
|
A set of one or more domains that belongs to this organization. A domain cannot be shared by different organizations
|
|
within a realm.
|
|
|
|
Description::
|
|
A free-text field to describe the organization.
|
|
|
|
Once you create an organization, you can manage the additional settings that are described in the following sections:
|
|
|
|
* <<_managing_attributes_,Manage attributes>>
|
|
* <<_managing_members_,Manage members>>
|
|
* <<_managing_identity_provider_,Manage identity providers>>
|
|
|
|
== Understanding organization domains
|
|
|
|
When managing an organization, the domain associated with an organization plays an important role in how
|
|
organization members authenticate to a realm and how their profiles are validated.
|
|
|
|
One of the key roles of a domain is to help to identify the organizations where a user is a member. By looking at their
|
|
email address, {project_name} will match a corresponding organization using the same domain and eventually change the
|
|
authentication flow based on the organization requirements.
|
|
|
|
The domain also allows organizations to enforce that users are not allowed to use a domain in their emails
|
|
other than those associated with an organization. This restriction is especially useful when users, and their identities, are federated from
|
|
identity providers associated with an organization and you want to force a specific email domain for their email addresses.
|
|
|
|
== Disabling an organization
|
|
|
|
To disable an organization, toggle *Enabled* to *Off*.
|
|
|
|
When an organization is disabled, you can still manage it through the management interfaces, but the organization members
|
|
cannot authenticate to the realm, including authenticating through the identity providers associated with the
|
|
organization as they are also automatically disabled.
|
|
|
|
However, the unmanaged members of an organization are still able to authenticate to the realm as they are also realm users, but
|
|
tokens will not hold metadata about their relationship with an organization that is disabled.
|
|
|
|
For more details about managed and unmanaged users, see <<_managed_unmanaged_members_,Managed and unmanaged members>> section.
|
|
|
|
== Remove an organization
|
|
|
|
To remove an organization, you can click the *Delete* action for the corresponding organization in the listing page or
|
|
when editing an organization.
|
|
|
|
When removing an organization, all data associated with it will be deleted, including any managed member.
|
|
|
|
Unmanaged users and identity providers remain in the realm, but they are no longer linked to the
|
|
organization.
|
|
|
|
For more details about managed and unmanaged users, see <<_managed_unmanaged_members_,Managed and unmanaged members>>.
|