In Identity as a Service (IDaaS), you can manage organizations by using a tree structure. The organizations in IDaaS are equivalent to the departments in DingTalk and organizational units (OUs) in Active Directory (AD). An administrator can import organization trees from existing systems, such as DingTalk and AD, into IDaaS.
An organization tree allows you to perform the following operations:
View and manage the actual organizational structure of your enterprise.
Grant a permission to an organization node. After you grant a permission to an organization node, all accounts that belong to the node have the permission.
Specify the scope of synchronization and synchronize the data of organizations or accounts that belong to a specific node to an external node or synchronize the data from external nodes to the destination node.
Manage organizations
Log on to the IDaaS console. On the Employee Identity and Access Management (EIAM) page, click the required instance. In the left-side navigation pane, choose Accounts > Accounts and Orgs. The organization tree is displayed on the left, and the accounts or child organizations that belong to the current organization are displayed on the right.
Click an organization in the organization tree on the left to manage the organization. By default, the root organization is selected, and the accounts and organizations that belong to the root organization are listed on the right.
After you switch to the organization list on the right, you can perform the following operations on the organizations:
Create an organization.
Modify or move an organization.
Delete an organization.
Create, modify, or move an organization
Click Create Organization. In the dialog box that appears, select the parent organization for the organization you want to create, and enter an organization name to create the organization.
You can modify the organization name. To move an organization, select the parent organization to which you want to move the organization.
By default, if an organization has child organizations or accounts, the organization cannot be deleted.
If you want to delete an organization node and all child organizations and accounts that belong to the node, you can select Forcible Delete Subordinate Organizations and Users. After you click Confirm, all information about the current node and the child organizations and accounts that belong to the node are deleted. If you want to delete data that is imported by mistake, or delete test data before you use the production data, you can use this feature. You cannot restore deleted data. Proceed with caution. IDaaS dynamically analyzes a deletion operation based on your environment. If the deletion operation is considered risky, two-factor verification is required to ensure data security. The system sends a verification code to the phone number provided by the user. The user must enter the verification code to complete the verification before the user can delete the organization.
Relationship between accounts and organizations
An account must belong to only one organization node.
When you create an account, you can specify the organization node to which the account belongs. You can change the organization node of the account later.