zitadel/site/docs/administrate/02-organisations.en.md
Florian Forster 9e2b3d10fe
docs: screenshots and text improvements (#912)
* additional content

* even more content
2020-10-28 10:15:05 +01:00

8.0 KiB

title
Organisations

What are organisations

Organisations are comparable to tenants of a system or OU's (organisational units) if we speak of a directory based system. ZITADEL is organised around the idea that multiple organisations share the same System and that they can grant each other rights so self manage certain things.

Global organisation

ZITADEL provides a global organisation for users who manage their accounts on their own. Think of this like the difference between a "Microsoft Live Login" vs. "AzureAD User" or if you think of Google "Gmail" vs "Gsuite".

Create an organisation without existing login

ZITADEL allows you to create a new organisation without a pre-existing user. For ZITADEL.ch you can create a org by visiting the Register organisation

Screenshot here

For dedicated ZITADEL instances this URL might be different, but in most cases should be something like https://accounts.YOURDOMAIN.TLD/register/org

Create an organisation with existing login

You can simply create a new organisation by visiting the ZITADEL Console and clicking "new organisation" in the upper left corner.

Screenshot here

For dedicated ZITADEL instances this URL might be different, but in most cases should be something like https://console.YOURDOMAIN.TLD

Verify a domain name

Once you created your organisation you will receive a generated domain name from ZITADEL for your organisation. For example if you call your organisation ACME you will receive acme.zitadel.ch as name. Furthermore the users you create will be suffixed with this domain name. To improve the user experience you can verify a domain name which you control. If you control acme.ch you can verify the ownership by DNS or HTTP challenge. After the domain is verified your users can use both domain names to log-in. The user "coyote" can now use "coyote@acme.zitadel.ch" and "coyote@acme.ch". An organisation can have multiple domain names, but only one of it can be primary. The primary domain defines which login name ZITADEL displays to the user, and also what information gets asserted in access_tokens (preferred_username).

Browse to your organisation by visiting https://console.zitadel.ch/org.

Add the domain to your organisation by clicking the button Add Domain.

Organisation Overview
Organisation Overview

Input the domain in the input field and click Add

Organisation Add Domain
Organisation Add Domain
Organisation Domain Added
Organisation Domain Added
To start the domain verification click the domain name and a dialog will appear, where you can choose between DNS or HTTP challenge methods.
Organisation Domain Verify
Organisation Domain Verify
For example, create a TXT record with your DNS provider for the used domain and click verify. **ZITADEL** will then proceed an check your DNS.
Organisation Domain Verify DNS
Organisation Domain Verify DNS

Do not delete the verification code ZITADEL will recheck the ownership from time to time

When the verification is successful you have the option to activate the domain by clicking Set as primary

Organization Domain Verified
Organisation verified

This changes the preferred loginnames of your users as indicated here.

Congratulations your are done! You can check this by visiting https://console.zitadel.ch/users/me

User Personal Information
User Personal Information

This only works when the user is member of this organisation

Manage Organisation ZITADEL Roles

Manage ZITADEL Roles 1
Manage ZITADEL Roles 1
Manage ZITADEL Roles 2
Manage ZITADEL Roles 2

Audit organisation changes

All changes to the organisation are displayed on the organisation menu within ZITADEL Console organisation menu. Located on the right hand side under "activity".

Screenshot here