Organisation accounts exist one per organisation and allow you to access the administration interface, but not resources. There are some tighter controls over where the accounts will work and how they can be changed because they have the ability to not only create, but modify and delete other users' accounts.
As with the other account pages, this is split into sections for the password, account details and permissions, and there is also a tab for organisation details. When you save changes you are asked for your password - if changing your password on this page, you need to enter your old password here one last time.
An expiry date will only appear here if you are editing a sub-organisation's account. You you cannot edit your own expiry date but it is displayed in the Permissions tab.
If you are editing the account of a sub-organisation, you can set the password manually, or send them an activation link via the Actions button in the same way as you can with a personal account. Using activation for this means they can select a password that no-one else knows.
Account details tab
The account details section contains the name and contact information we will use to contact the organisation administrator about the service when necessary. Some details here can be used in email templates.
The organisation section contains information about your organisation rather than the administrator such as the domain or organisation name. If your account represents a domain or an organisation with a unique identifier (status shown on the permissions tab), the organisation name will be visible to users and service providers in various locations:
- The organisation search on our authentication point
Discovery domain hints help your end-users where discovery services (sometimes called WAYFs) allow them to enter their email address to find their home organiastion. Youi should only enter the email domains that are unique to your organisation - e.g.
myuniversity.ac.uk and not a webmail provider such as
gmail.com. Enter the domains one per line.
Geo location is another helper for discovery services that support it and here you should enter the latitude and longitude of your organisation. If you have several locations you can enter them all, one per line. You do not have to list them on sub-organisations if you have listed them on the domain organisation. See also: finding your lattitude and logditude.
This is also where you set and maintain the publicly visible contact details for this organisation.
These are the details that can appear in MyAthens and the authentication point to help your users find the right person to help them; they are also used if your domain is large enough to requirein which case including the name and email address is usually desirable.
- If this account represents a domain or an organisation with a unique identifier, the contact details appear in:
- The organisation list mentioned above
- Search results
- If this account represents any other organisation the contact details are only used in search results.
If your domain administrator has added fields in the schema for organisation, they appear on this tab - this is often used by sites who have set up their own self-registration process using the API for things such as:
- Organisation aliases - for alternative names for your organisation that may be used by your users
- Trusted email domains - e.g. myorg.com (not @myorg.com)
- Trusted IP addresses - e.g. 123.12.34.* or *.mydomain.net
The permissions section lets you change the IP restrictions for your organisation account access. IP restrictions on your account are based on the external addresses the system can see, not what your computer will tell you about its IP configuration. Check yours with an external tool such as typing 'IP address' into Google, or visiting a site such as www.whatismyip.com. This additional protection for your administration access is encouraged but not mandated - it is possible to remove all location blocks for an organisation account (you would enter 0-255.0-255.* as the 'restriction') but we do not recommended it.
This is also where you can specify that a sub-organisation has unique identifiers when you are viewing their account details from your login.
If this account represents an organisation that does not itself own any sub-organisations, a delete button will appear between the impersonate and actions buttons:
This button will delete the organisation and all accounts, permission sets, settings and other items it controls. If you need to keep any accounts, you will need to move them before you delete the organisation as this operation cannot be undone. The confirmation box on this function consequently makes you tick a box before continuing.