Organizations
An Organization represents the top-level of a hierarchical structure used by an enterprise to manage its departments and resources. Upon installation, OpenSSO Enterprise dynamically creates a top-level organization (defined during installation) to manage the OpenSSO Enterprise configurations. Additional organizations can be created after installation to manage separate enterprises. All created organizations fall beneath the top-level organization.
To Create an Organization
-
Click the Directory Management tab.
-
In the Organizations list, click New.
-
Enter the values for the fields. Only Name is required. The fields are:
- Name
-
Enter a value for the name of the Organization.
- Domain Name
-
Enter the full Domain Name System (DNS) name for the organization, if it has one.
- Organization Status
-
Choose a status of active or inactive . The default is active. This can be changed at any time during the life of the organization by selecting the Properties icon. Choosing inactive disables user access when logging in to the organization.
- Organization Aliases
-
This field defines alias names for the organization, allowing you to use the aliases for authentication with a URL login. For example, if you have an organization named exampleorg, and define 123 and abc as aliases, you can log into the organization using any of the following URLs:
http://machine.example.com/opensso/UI/Login?org=exampleorg
http://machine.example.com/opensso/UI/Login?org=abc
http://machine.example.com/opensso/UI/Login?org=123
Organization alias names must be unique throughout the organization. You can use the Unique Attribute List to enforce uniqueness.
- DNS Alias Names
-
Allows you to add alias names for the DNS name for the organization. This attribute only accepts “real” domain aliases (random strings are not allowed). For example, if you have a DNS named example.com, and define example1.com and example2.com as aliases for an organization named exampleorg, you can log into the organization using any of the following URLs:
http://machine.example.com/opensso/UI/
Login?org=exampleorg
http://machine.example1.com/opensso/
UI/Login?org=exampleorg
http://machine.example2.com/opensso/
UI/Login?org=exampleorg
- Unique Attribute List
-
Allows you to add a list of unique attribute names for users in the organization. For example, if you add a unique attribute name specifying an email address, you would not be able to create two users with the same email address. This field also accepts a comma-separated list. Any one of the attribute names in the list defines uniqueness. For example, if the field contains PreferredDomain, AssociatedDomain and PreferredDomain is defined as http://www.example.com for a particular user, then the entire comma-separated list is defined as unique for http://www.example.com. Adding the naming attribute 'ou' to the Unique Attribute List will not enforce uniqueness for the default groups, people containers. (ou=Groups,ou=People). Uniqueness is enforced for all sub organizations.
Note –Unique attributes can not be set in Realm mode.
-
Click OK.
The new organization displays in the Organization list. To edit any of the properties that you defined during creation of the organization, click the name of the organization you wish to edit, change the properties and click Save.
To Delete an Organization
-
Select the checkbox next to the name of the organization to be deleted.
-
Click Delete.
Note –There is no warning message when performing a delete. All entries within the organization will be deleted and you can not perform an undo.
To Add an Organization to a Policy
OpenSSO Enterprise objects are added to a policy through the policy’s subject definition. When a policy is created or modified, organizations, roles, groups, and users can be defined as the subject. Once the subject is defined, the policy will be applied to the object. For more information, see Modifying Policies and Referrals.
- © 2010, Oracle Corporation and/or its affiliates