> Members > Organizations. The Organizations
page appears.
An organization is an entity in IDaaS to which users can be associated. An IDaaS user can belong to one or more organizations. When the user authenticates using SAML or OIDC, the authentication response indicates the organizations to which the user belongs. Organizations can then be returned from an OIDC and OAuth as claim values or a SAML application as attribute values, as follows:
● A full set of organization names a user belongs to
● A full set of organizations unique identifiers a user belongs to
● A selected organization name
● A selected organization unique identifier
The selected organization can be requested by the client application or selected by the user, if the user is associated with more than one organization. The selection occurs after Identity Provider authentication completes.
Identity Providers can now be linked with one or more domain. These are called domain-based IDPs. The use of a domain-based IDP is strictly tied to a user's User ID in IDaaS (for example, for a User ID of user@domain, domain is the user’s domain). If the domain portion of the User ID is configured for an IDP, that IDP is considered a domain-based IDP for the user. An authentication flow can now be configured to use one or more non-domain based IDPs (as in the past), or to use domain-based IDP. In the domain-based IDP case, the specific IDP the user can use is based on their domain in the User ID. See Manage Identity Providers and Create authentication flows.
Organizations are used in a business-to-business scenario. For example, an organization can represent a third-party your company is doing business with, for example, My Corporation. Users in My Corporation can log in to your IDaaS environment using their own My Corporation Identity Provider. Your IDaaS SAML or OIDC client applications can use the returned the user organization.
Some users in an organization might work on behalf of other Organizations. For example, a Contractor organization, which may be a reseller of business services, also works on behalf of My Corporation. The reseller is a member of the Contractor organization. The reseller logs in using the Contractor Identity Provider, but can select My Corporation as the organization they are working on behalf of to sell services.
Before you begin, you need to configure an application to use with organizations. Choose the most suitable application for your organization from the following list:
● Integrate a generic SAML application
● Integrate a generic OIDC and OAuth Web application
● Integrate a generic OIDC and OAuth SPA application
● Integrate a generic OIDC and OAuth Device application
● Integrate a generic OIDC and OAuth Native application
Create an organization
1. Click
> Members > Organizations. The Organizations
page appears.
2. Click
. The My
Organization page appears.
3. Enter an Identifier for the organization. For example, Contractor.
4. Enter a Display Name. For example: Services Contractor. An organization identifier is a short name for the organization that can be updated.
5. Enter a Description for the organization.
6. Optional. Enter a valid URI for an Organization Logo.
7. Click Save. The My Organization page updates to provide two new tabs: Overview and Users tab. By default, the Overview page appears and displays an Organization ID. An Organization ID is a unique identifier for the organization that never changes.
8. Once you create the Organization, you need to add members to it. Go to the procedure To add users to your organization..
This procedure describes how to add individual users to your organization. To automatically add users to the organization, you can create an IDP that creates users automatically and assigns the user to the organization. This occurs the first time the user logs into the identity provider and is created in IDaaS. See Manage Identity Providers.
To add users to your Organization
1. In the My Organization page, click the Users tab. The users in Organization page appears.
2. In the Add User to <My Organization> field, start typing the name and select it from the drop-down list. Alternatively, use the search option to find the user (see View, filter, and export user list).
3. Continue these steps to add more users.
After you create an Organization, it appears in the Organizations pages.
To manage organizations
1. Click > Members > Organizations.
The Organizations page appears.
2. Do the following, as required:
● Click the Display Name of the organization and make the required changes.
● Copy the Identifier.
● Copy the Organization ID.
● Click Delete on the Delete User prompt.