Sub Organisation Issuer

sub-org-issuer

Partitioned Identity Management

You can now create an issuer for a suborganisation from a parent organisation. Doing so will bring up a new admin/profile endpoint for the suborganisation, at the suborganisation’s subdomain. E.g. admin.suborg.myorg.cloud.

You can see the motivation for this in “Merging Local Identity With Online Identity

You can now create an issuer for a suborganisation from a parent organisation. Doing so will bring up a new admin/profile endpoint for the suborganisation, at the suborganisation’s subdomain. E.g. admin.suborg.myorg.cloud.

You do this from the suborganisations screen:

9f003e59 image

By default, the new suborganisation will inherit the authentication policy of its parent, as well as any Managed or Custom identity sources you have configured in the issuer being used for the parent. You will likely want to verify the customer identity sources to ensure that they have added your new issuer to their list of redirects.

As long as you had permission to configure the suborganisation prior to enabling the new issuer on it, you can switch to it via the org choose as always. However, now that there is an issuer on that suborganisation, you will be able to customize it like you would its parent: you can create new sources of identity, customize the theme, set a new policy and so on.

To create a policy distinct from the parent organisation’s, simply choose one of the preset policy options from the Authentication Policy menu.

589f8724 image