Organisation
An organisation (tenant, project in some other systems) is a span of control, of permissions, of users. Each organisation has:
- Identity Issuers (for authentication)
- Administrative users (sysgroups)
- Billing
For sophisticated use cases, an Organisation can have sub-organisations. This allows delegating control or segregating use cases.
Organisations can share users (e.g. the same user id can exist in multiple), but they will have unique permissions.
Unique Identity Issuer
In some cases you will wish a sub-organisation to have a unique set of ‘sign-in’ options (e.g. on-premise Microsoft Active Directory, or e.g. Sign-in with Yahoo, or a custom identity provider). This also allows a unique theme for the sign-in experience of that sub-organisation.
Sub-organisation Authentication Policy
Organisations with a unique issuer allow configuring a unique authentication policy for the sub-organisation. When you first access the Authentication Policy page for the sub-organisation, it will show that the policy is inherited.
To apply your own policy, configure one of the presets:
This will then allow you to further configure details of the policy, such as the allow Multi-factor methods:
