Sun Java System Access Manager 7 2005Q4 Administration Guide


An Organization represents the top-level of a hierarchical structure used by an enterprise to manage its departments and resources. Upon installation, Access Manager dynamically creates a top-level organization (defined during installation) to manage the Access Manager enterprise configurations. Additional organizations can be created after installation to manage separate enterprises. All created organizations fall beneath the top-level organization.

ProcedureTo Create an Organization

  1. Click the Directory Management tab.

  2. In the Organizations list, click New.

  3. Enter the values for the fields. Only Name is required. The fields are:


    Enter a value for the name of the Organization.

    Domain Name

    Enter the full Domain Name System (DNS) name for the organization, if it has one.

    Organization Status

    Choose a status of active or inactive . The default is active. This can be changed at any time during the life of the organization by selecting the Properties icon. Choosing inactive disables user access when logging in to the organization.

    Organization Aliases

    This field defines alias names for the organization, allowing you to use the aliases for authentication with a URL login. For example, if you have an organization named exampleorg, and define 123 and abc as aliases, you can log into the organization using any of the following URLs:

    Organization alias names must be unique throughout the organization. You can use the Unique Attribute List to enforce uniqueness.

    DNS Alias Names

    Allows you to add alias names for the DNS name for the organization. This attribute only accepts “real” domain aliases (random strings are not allowed). For example, if you have a DNS named, and define and as aliases for an organization named exampleorg, you can log into the organization using any of the following URLs:




    Unique Attribute List

    Allows you to add a list of unique attribute names for users in the organization. For example, if you add a unique attribute name specifying an email address, you would not be able to create two users with the same email address. This field also accepts a comma-separated list. Any one of the attribute names in the list defines uniqueness. For example, if the field contains the following list of attribute names:

    PreferredDomain, AssociatedDomain

    and PreferredDomain is defined as for a particular user, then the entire comma-separated list is defined as unique for that URL. Adding the naming attribute 'ou' to the Unique Attribute List will not enforce uniqueness for the default groups, people containers. (ou=Groups,ou=People).

    Uniqueness is enforced for all sub organizations.

  4. Click OK.

    The new organization displays in the Organization list. To edit any of the properties that you defined during creation of the organization, click the name of the organization you wish to edit, change the properties and click Save.

ProcedureTo Delete an Organization

  1. Select the checkbox next to the name of the organization to be deleted.

  2. Click Delete.

    Note –

    There is no warning message when performing a delete. All entries within the organization will be deleted and you can not perform an undo.

To Add an Organization to a Policy

Access Manager objects are added to a policy through the policy’s subject definition. When a policy is created or modified, organizations, roles, groups, and users can be defined as the subject. Once the subject is defined, the policy will be applied to the object. For more information, see Managing Policies.