In order for a user to have rights to add, edit and delete organizations, he or she needs to have access to the role OrganizationAdmin for the claim type http://schemas.microsoft.com/ws/2008/06/identity/claims/role.
Organizations are similar to folders (from Windows) in that they are used to administer and sort objects of various types. In Safewhere*Identify, these objects are Users, Groups, Claims, Claim Transformations, and Connections. Organizations do not have their own page since they are administered from the lists of these object types. If you add an organization to one list, it will also turn up on the other lists.
By default, there will always be one root organization that cannot be deleted. If you are member of the root organization (meaning that your user account is registered directly under this organization), then you will have access to all organizations in the system as well as objects in them. If you are member of a child organization you will not be able to see the parent organization(s) and objects located in these. You can only see your own “branch” of the organizational hierarchy.
To add an organization you can go to e.g. the ‘User’ list and click the ‘Create Organization’ button.
The organization form has just five fields.
Name: Should be set the organization name will be known in Safewhere*Identify.
Display Name: A display name for the organization. This field supports localization.
Password – Number of days before password must be changed: Should be set to the number of days that users are allowed to log in to Safewhere*Identify without changing password. After this number of days is reached since a user was last registered as changing password, he or she will be forced to change it upon logging in.
Password – Number of days before password expiration: Should always be a higher number than that set for Password – Days before Change Required. When a user has not changed password in this number of days, he will no longer be allowed to log in using the “username and password” authentication connection page.
New user must change password first time they log in: Checking this button simply means, that the first time that the users log in to Identify*Admin, they are forced to change their current Password to a new one. This can be used for situations, where their initial password was auto-generated and you want to make sure they change it to one that does not exist as clear text.
We also offer the add-on product PasswordAlerter for Safewhere*Identify, which can help notify and remind users when their passwords are expiring. This product is explained in a separate user guideline.