Managing Organizations
In the Administration Console, an organization can either map to a complete enterprise (or a company) or a specific division, department, or other entities within the enterprise. The organization structure provided by Administration Console is flat. In other words, organizational hierarchy (in the form of parent and child organizations) is not supported, and all organizations are created at the same level as the Default Organization. For more information about Default Organization, see "Setting the Default Organization".
cara
Most of the tasks in this article can be performed by a Global Administrator (GA) or an Organization Administrator (OA) if they have the required scope to the organization.
In the Administration Console, an
organization
can either map to a complete enterprise (or a company) or a specific division, department, or other entities within the enterprise. The organization structure provided by Administration Console is flat. In other words, organizational hierarchy (in the form of parent and child organizations) is not
supported, and all organizations are created at the same level as the Default Organization. For more information about Default Organization, see "Setting the Default Organization".The larger the enterprise, the more complex its organization structure. As a result, management of organizations is a critical part of administration. The organization management operations supported by RA include:
2
In addition to the preceding list of tasks related to organization management, OAs can also manage organization-specific configurations.
How to Create and Activate an Organization
You can create an organization either in the RA repository or in your existing LDAP-based directory server implementations, such as Microsoft Active Directory, SunOne Directory Server, or CA Directory Server.
In case of a small deployment, you can rename the Default Organization, instead of creating a new organization.
Based on your implementation, this topic guides you through the procedure used for:
Privileges Required
To create and activate an organization, you must ensure that you have the appropriate privileges to do so. Only MA and GAs with scope can create and activate all organizations.
How to Create an Organization in Arcot Repository
To create an organization in the Arcot repository:
- Ensure that you are logged in with the required privileges to create the organization.
- Activate theOrganizationstab.
- Under theManage Organizationssection, click theCreate Organizationlink to display the Create Organization page.
- Enter the details of the organization, as discussed in the following table.
Field
| Description
|
Organization Information
| |
Organization Name | Enter the unique ID for the organization that you want to create. NOTE: You have to specify this value to log in to this organization, not the Display Name of the organization. |
Display Name | Enter a unique descriptive name for the organization. NOTE: This name appears on all other Administration Console pages and reports. |
Description | Provide a description for the administrators who will manage this organization. NOTE: You can provide additional details for later reference for the organization by using this field. |
Administrator Authentication Mechanism | Select the mechanism that will be used to authenticate administrators who belong to this organization. Administration Console supports the following types of authentication mechanisms: Basic User Password
This is the in-built authentication mechanism provided by Administration Console. If you select this option, then administrators can log in to the console by specifying their user ID and password. LDAP User Password
This mechanism is applicable only for LDAP organizations. The authentication policy is defined in the LDAP directory service. If you select this option, then administrators must use the credentials stored in LDAP to log in to the console. WebFort User Password
This is the WebFort user name-password authentication method. If you select this option, then the administrator credentials are issued and authenticated by the WebFort Server. To use this mechanism, you must have CA Arcot WebFort 7.0 installed and configured. Refer to the CA Arcot WebFort 7.0 Installation and Deployment Guide for detailed information about how to deploy WebFort. |
Key Label Configuration RA enables you to use hardware- or software-based encryption of your sensitive data. You can choose the encryption mode by using the arcotcommon.ini configuration file. For more information, see "HSM Encryption Settings" in "Configuration Files and Options" in the CA Risk Analytics Installation and Deployment Guide .Irrespective of hardware or software encryption, all CA Arcot products use Global Key Label for encrypting user and organization data. If you are using hardware encryption, then this label serves only as a reference (or pointer) to the actual 3DES key stored in the HSM device. In this case, the key label that you specify must match the HSM key label. However, in the case of software-based encryption, this label acts as the key. | |
Use Global Key | This option is selected by default. Deselect this option if you want to override the Global Key Label you specified in the bootstrap process and specify a new key label that will be used for encrypting organization-specific data. |
Key Label | If you deselected the Use Global Key option, then specify the new key label that you want to use for the organization. |
Storage Type | This option indicates whether the encryption key is stored in the database ( Software ) or the HSM (Hardware ). |
Localization Configuration | |
Use Global Configuration | Select this option to use the localization parameters that are configured at the global level. |
Date Time Format | If you deselected the Use Global Configuration option, then specify the Date Time format that you want to use for this organization. |
Preferred Locale | If you deselected the Use Global Configuration option, then select a preferred locale for this organization. |
User Data Location
| |
Repository Type | Select Arcot Database . By specifying this option, the user and administrator details for the new organization will be stored in the RDBMS repository supported by RA. |
Custom Attributes Use this section to provide additional information specific to the organization you are creating. | |
Name | Name of the custom attribute. |
Value | Value of the custom attribute. |
From this release, risk evaluation on an incoming transaction is performed based on multiple perspectives, such as Issuer, Acquirer, and Beneficiary. To achieve this, an organization-level flag is used to determine whether the organization is an Issuer, Acquirer, or Beneficiary. To identify an organization as an Issuer, Acquirer, or Beneficiary, specify the following custom attributes:
Attribute Name | Attribute Value | Perspective |
SUPPORTED_PERSPECTIVES | 1 | Issuer |
SUPPORTED_PERSPECTIVES | 2 | Acquirer |
An organization is identified as a Beneficiary organization if it has the IMPS channel associated with it.
If no attribute value is specified, the organization is considered an Issuer Organization. All existing organizations are assumed to be Issuer organizations.
5. Click
Next.
The Select Attribute(s) for Encryption page appears.
6. In the
Attribute(s) for Encryption
section, do one of the following:- SelectUse Global Configurationif you want to use the global settings for your attribute encryption set configuration.
- Select the attributes that you want to encrypt from theAvailable Attributes for Encryptionlist and move them to theAttributes Selected for Encryptionlist.Click the > or < buttons to move selected attributes to the desired list. You can also click the >> or << buttons to move all attributes to the desired lists.
7. Click
Next
.The Add Administrators page appears.
This page is
not
displayed, if all the administrators currently present in the system have the scope to manage all organizations.8. From the
Available Administrators
list, select the administrators who will manage the organization and click the >
button to add the administrator to the Managing Administrators
list.The
Available Administrators
list displays all the administrators who can manage the new organization.If some administrators have scope to manage all organizations in the system, then you will not see the corresponding entries for those administrators in this list.
The
Managing Administrators
list displays the administrators that you have selected to manage this organization.9. Click
Next
to proceed.The Configure Account Type page appears.
- This page is not displayed if you have not created any account types.
- Global account types will be selected by default.
10. In the
Assign Account Types
section, select account types from the Available
list and click the > button to move them to the Selected
list.11. Click
Next
to proceed.The Configure Account Custom Attributes page appears.
This page is not displayed if you did not select any account types on the previous page.
12. Provide
Custom Attributes
for your Account Type
, and click Next
.The Configure Email/Telephone Type page appears.
13. Specify the mandatory and optional email address and telephone numbers the user must provide.
14. Click
Skip
to use the email and telephone types configured at the system level and move to the next page, or click Save
to save your changes.The Activate Organization page appears.
15. Click
Enable
to activate the new organization.A message box appears.
16. Click
OK
to complete the process.If you do not choose to activate the organization, the organization is created in Initial state. You can activate the organization later. For instructions to do so, see "How to Activate an Organization That is in Initial State ".
17. Refresh
all
deployed Transaction Server instances.See Refreshing the Cache for instructions on how to do this.
If you have configured the attribute encryption set, account types, and email and telephone types while creating the organization, ensure that you refresh
both
the system configuration and the organization cache. If you do not refresh the organization-level cache, the system gets into an unrecoverable state.How to Create an Organization in LDAP Repository
To support LDAP user directories, you must create an organization in Lightweight Directory Access Protocol (LDAP) repository and then map the Arcot attributes with the LDAP attributes. To do so:
- Ensure that you are logged in with the required privileges and scope to create the organization.
- Activate theOrganizationstab.
- Under theManage Organizationssection, click theCreate Organizationlink to display the Create Organization page.
- Enter the details of the organization, as discussed in the following table.
Field
| Description
|
Organization Information
| |
Organization Name | Enter the unique ID for the organization that you want to create. NOTE: You can use Administration Console to log in to this organization, by specifying this value, not the Display Name of the organization. |
Display Name | Enter a unique descriptive name for the organization. NOTE: This name appears on all other Administration Console pages and reports. |
Description | Provide a description for the administrators who will manage this organization. NOTE: You can provide additional details for later reference for the organization by using this field. |
Administrator Authentication Mechanism | Select the mechanism that will be used to authenticate administrators who belong to this organization. Administration Console supports the following two types of authentication mechanisms: Basic User Password
This is the in-built authentication mechanism provided by Administration Console. If you select this option, then administrators can log in to the console by specifying their ID and plain text password. LDAP User Password
This mechanism is applicable only for LDAP organizations. The authentication policy is defined in the LDAP directory service. If you select this option, then administrators must use the credentials stored in LDAP to log in to the console. WebFort User Password
This is the WebFort user name-password authentication method. If you select this option, then the administrator credentials are issued and authenticated by WebFort Server. To use this mechanism, you must have Arcot WebFort 7.0 installed and configured. Refer to the CA Arcot WebFort 7.0 Installation and Deployment Guide for detailed information about how to deploy WebFort. |
Key Label Configuration
| |
Use Global Key | This option is selected by default. Deselect this option if you want to override the Global Key Label you specified in the bootstrap process and specify a new key label to encrypt organization-specific data. |
Key Label | If you deselected the Use Global Key option, then specify the new key label that you want to use for the organization. |
Storage Type | This option indicates whether the encryption key is stored in the database ( Software ) or the HSM (Hardware ). |
Localization Configuration
| |
Use Global Configuration | Select this option to use the localization parameters that are configured at the global level. |
Date Time Format | If you deselected the Use Global Configuration option, then specify the Date Time format that you want to use for this organization. |
Preferred Locale | If you deselected the Use Global Configuration option, then select a preferred locale for this organization. |
User Data Location
| |
Repository Type | Select Enterprise LDAP . By specifying this option, the user details for the new organization will be stored in the LDAP repository that you will specify on the next page. |
Custom Attributes
| |
Name | Name of the custom attribute. |
Value | Value of the custom attribute. |
From this release, risk evaluation on an incoming transaction is performed based on multiple perspectives, such as Issuer, Acquirer, and Beneficiary. To achieve this, an organization-level flag is used to determine whether the organization is an Issuer, Acquirer, or Beneficiary. To identify an organization as an Issuer, Acquirer, or Beneficiary, specify the following custom attributes:
Attribute Name | Attribute Value | Perspective |
SUPPORTED_PERSPECTIVES | 1 | Issuer |
SUPPORTED_PERSPECTIVES | 2 | Acquirer |
An organization is identified as a Beneficiary organization if it has the IMPS channel associated with it.
If no attribute value is specified, the organization is considered an Issuer Organization. All existing organizations are assumed to be Issuer organizations.
5. Click
Next.
The Create Organization page to collect the LDAP repository details appears.
6. Enter the details, described in the following table, to connect to the LDAP repository.
Field
| Description
|
Host Name | Enter the host name of the system where the LDAP repository is available. |
Port Number | Enter the port number on which the LDAP repository service is listening. |
Schema Name | Specify the LDAP schema used by the LDAP repository. This schema specifies the types of objects that an LDAP repository can contain, and specifies the mandatory and optional attributes of each object type. Typically, the schema name for Active Directory is user and for SunOne Directory and CA Directory Server, it is inetorgperson. |
Base Distinguished Name | Enter the base Distinguished Name of the LDAP repository. This value indicates the starting node in the LDAP hierarchy to search in the LDAP repository. For example, to search or retrieve a user with a DN of cn=rob laurie, ou=sunnyvale, o=arcot, c=us, you must specify the base DN as the following: ou=sunnyvale, o=arcot, c=us Note: Typically, this field is case sensitive and searches all subnodes under the provided base DN. |
Redirect Schema Name | Specify the name of the schema that provides the definition of the " member " attribute.You can search for users in the LDAP repository by using the Base DN defined for an organization. But this search returns only the users who belong to a specific Organization Unit (OU). An LDAP administrator might want to create a group of users who belong to different Organization Units for controlling access to an entire group, and might want to search for users from different groups. When the administrator creates groups, user node DNs are stored in a "member" attribute within the group node. By default, UDS does not allow search and DN resolution based on attribute values. Redirection enables you to search for users who belong to different groups within LDAP, based on specific attribute values for a particular node. Typically, the redirect schema names are as follows: Active Directory: group SunOne Directory: groupofuniquenames CA Directory Server: groupOfUniqueNames |
Connection Type | Select the type of connection that you want to use between Administration Console and the LDAP repository. Supported types are: TCP One-way SSL Two-way SSL |
Login Name | Enter the complete distinguished name of the LDAP repository user who has the privilege to log in to repository sever and manage the Base Distinguished Name. For example, uid=gt,dc=arcot,dc=com |
Login Password | Enter the password of the user provided in the Login Name. |
Server Trusted Root Certificate | Enter the path for the trusted root certificate who issued the SSL certificate to the LDAP server by using the Browse button, if One-way SSL or Two-way SSL : option is selected. |
Client Key Store Path | Enter the path for the key store that contains the client certificate and the corresponding key by using the Browse button, if the Two-way SSL option is selected.Note: You must upload either PKCS#12 or JKS key store type. |
Client Key Store Password | Enter the password for the client key store, if the Two-way SSL option is selected. |
7. Click
Next
to proceed.The page to map the repository attributes appears.
8. On this page:
Select an attribute from the
Arcot Database Attributes
list, then select the appropriate attribute from the Enterprise LDAP Attributes
list that needs to be mapped with the Arcot attribute, and click Map
.Mapping of the UserName attribute is compulsory. Ensure that you map the UserName attribute to an LDAP attribute that uniquely identifies the user. If you are using Active Directory, then map
UserName
to sAMAccountName. If you are using SunOne Directory Server, then map UserName
to uid. If you are using CA Directory Server, then map UserName
to cn.For Active Directory, you must map STATUS to userAccountControl.
- Repeat the process to map multiple attributes, until you finish mapping all the required attributes.You do not need to map all the attributes in theArcot Database Attributeslist. You only need to map the attributes that you will use.The attributes that you have mapped will be moved to theMapped Attributeslist.If required, you can unmap the attributes. If you want to unmap a single attribute at a time, then select the attribute and clickUnmap. However, if you want to clear theMapped Attributelist, then clickResetto unmap all the mapped attributes. You cannot unmap the UserName attribute after you have activated the organization.
- If you specified theRedirect Schema Namein the previous page, you must select the search attribute from theRedirect Search Attributelist.Typically, the attributes are as follows:
- Active Directory: member
- SunOne Directory: uniquemember
- CA Directory Server: uniqueMember
9. Click
Next
to proceed.The Select Attribute(s) for Encryption page appears.
10. In the
Attribute(s) for Encryption
section, do one of the following:- SelectUse Global Configurationif you want to use the global settings for your attribute encryption set configuration.
- Select the attributes that you want to encrypt from theAttributes Available for encryptionlist and move them to theAttributes Selected for encryptionlist.Click the > or < buttons to move selected attributes to the desired list. You can also click the >> or << buttons to move all attributes to the desired lists.
11. Click
Next
.The Add Administrators page appears.
This page is
not
displayed, if all the administrators currently present in the system have the scope to manage all organizations.12. From the
Available Administrators
list, select the administrators who will manage the organization and click the >
button to add the administrator to the Managing Administrators
list.Assigning organization to administrators can be done at any time by updating the scope of existing administrators or by creating new administrators to manage the organization.
13. Click
Next
to proceed.The Configure Account Type page appears.
This page is not displayed if you have not created any account types.
14. In the
Assign Account Types
section, select account types from the Available
list and click the > button to move them to the Selected
list.15. Click
Next
to proceed.The Configure Account Custom Attributes page appears.
This page is not displayed if you did not select any account types on the previous page.
16. Provide
Custom Attributes
for your Account Type
, and click Next
.The Activate Organization page appears.
The UserName mapping
cannot
be changed or updated after the organization is activated.17. Click
Enable
to activate the new organization.The warning message appears.
18. Click
OK
to complete the process.19. Refresh
all
deployed Transaction Server instances.See Refreshing the Cache for instructions on how to do this.
If you have configured the attribute encryption set, account types, and email and telephone types while creating the organization, ensure that you refresh
both
the system configuration and the organization cache. If you do not refresh the organization-level cache, the system gets into an unrecoverable state.How to Create an Org Family
From this release, you can group organizations under a portfolio referred to as an Org Family. This enables organizations to share list data and rules run across the family of organizations.
To create an Org Family, run the following statement:
INSERT INTO ARRFORGFAMILY (ORGNAME,ORGFAMILYNAME) VALUES(<ORGNAME>, <FAMILYNAME>);
Example:
INSERT INTO ARRFORGFAMILY (ORGNAME,ORGFAMILYNAME) VALUES('FAMILYORG1', 'FAMILY1'); INSERT INTO ARRFORGFAMILY (ORGNAME,ORGFAMILYNAME) VALUES('FAMILYORG2', 'FAMILY1'); COMMIT;
How to Search for an Organization
You can search for organizations by their display name and status. To search for the organization:
- Ensure that you are logged in with the required privileges and scope to create the organization.
- Activate theOrganizationstab.
- Enter the partial or complete information of the required organization. You can select the following options to broaden your search:In theOrganizationfield, you must enter the partial or complete display name of the organization andnotthe actual organization name.
- ClickSearchto display the page with all the matches for the specified criteria.
Privileges Required
As long as you do not need to update, activate, or deactivate an organization, you do not need privileges to search. However, you
must
have the scope over the organizations that you are searching. For example, an OA can search for a target organization if
that organization is in their purview.How to Update an Organization
By using Administration Console, you can update the following information for an organization:
- Organization informationthat includes organization display name, description, and status, the administrators that manage the organization, account types assigned to the organization, email/telephone types configured, and attribute encryption set ("For Basic Organization Configurations")
- RA-specific configurationsfor the organization that include credential profiles, authentication policies, extensible configurations, and the assigned default configurations.
Privileges Required
To update an organization, you must ensure that you have the appropriate privileges and scope. The MA can update all organizations. GAs and OAs can update the information for all organizations in their scope.
For Basic Organization Configurations
To update the basic organization information:
- Ensure that you are logged in with the required privileges and scope to update the organization.
- Activate theOrganizationstab.
- Enter the complete or partial information of the organization you want to search and click theSearchbutton.A list of organizations matching the search criteria appears.
- Under theOrganizationcolumn, click the <ORGANIZATION_NAME> link for the required organization.The Organization Information page appears.
- In theOrganization Detailssection, edit the required fields (Display NameandDescription).
- Edit theAdministrator Authentication Mechanism, if required.You can edit the authentication mechanism only if there no administrators exist for this organization.
- In theLocalization Configurationsection, you can do one of the following:
- Choose toUse Global Configuration.
Date Time FormatandPreferred Locale. - In theCustom Attributessection, edit theNameandValuefields, if required.
- ClickNextto proceed with additional configurations:
- If the organization was created in theArcot Repository, then do the following:
- On the Select Attribute(s) for Encryption page,Use Global Configurationif you want to use the global settings for your attribute encryption set configuration, or select the attributes that you want to encrypt from theAvailable Attributes for Encryptionlist to theAttributes Selected for Encryptionlist, and clickNext.You cannot update attributes if users have already been created in the organization.
- On the Update Administrators page, update the administrators who will manage the organization, and clickNext.
- On the Configure Account Type page, configure the account types by moving them from theAvailablelist to theSelectedlist and clickNext.You cannot deselect global account types.
- On the Configure Account Custom Attributes page, add custom attributes for the accounts and clickNext.
- On the Configure Email/Telephone Type page, configure the mandatory and optional Email address and Telephone Type for the users, and clickSaveto complete the process.
- If the organization was createdin the LDAP repository, then Edit Organization page appears. To update the organization details:a.Update the fields, as required, and clickNextto display the page to edit the Repository Attribute Mappings.b. Except for the UserName mapping, you can edit the other mappings. ClickNextto display the Select Attribute(s) for Encryption page.c. On the Select Attribute(s) for Encryption page,Use Global Configurationif you want to use the global settings for your attribute encryption set configuration, or select the attributes that you want to encrypt from theAvailable Attributes for Encryptionlist to theAttributes Selected for encryptionlist, and clickNext.d. You cannot update the attributes if users have already been created in the organization. In the case of LDAP, even a simple search operation for users in the LDAP repository registers the users in the database. So, you cannot update the attributes if you have searched for users in the LDAP repository.e. On the Update Administrators page, update the administrators who will manage the organization and clickNext.f. On the Configure Account Type page, configure the account types by moving them from theAvailablelist to theSelectedlist and clickUpdateto save your changes and complete the process.You cannot deselect global account types.
- Refreshalldeployed Transaction Server instances.See Refreshing the Cache for instructions on how to do this.
For Risk Analytics-Specific Configurations
To update the RA configurations of an organization:
- Ensure that you are logged in with the required privileges and scope to update the organization.
- Activate theOrganizationstab.
- Enter the complete or partial information of the organization you want to search and click theSearchbutton to display a list of organizations matching the search criteria.
- Under theOrganizationcolumn, click the <ORGANIZATION_NAME> link for the required organization to display the Organization Information page appears.
- Activate theRisk Enginetab to display the links for RA configurations in the task panel.
How to Upload Users and User Accounts in Bulk to an Organization
RA allows you to upload users and user accounts in bulk using the Administration Console. For this purpose, you need a comma-separated value (CSV) input file that contains the information for the multiple users and accounts that you want to upload.
Information Required for Uploading Users in Bulk
The first line in the CSV input file to upload users
must
be as follows:#UserID,fName,mName,lName,status,pam,pamURL,EmailAddr,telephoneNumber,INFOLIST#
The preceding first (template) line is
always
required. If you do not specify this line, then the bulk user upload operation will fail.Note the following when you create the csv input file to upload users:
- The csv file should have one header starting and ending with #. All the other field names should be provided between these # symbols.
- Only the UserID entry is mandatory. The other entries are optional.
- If the user you are trying to upload already exists, the user details are updated.
- You can provide up to five email addresses and five telephone numbers. In this case, you must specify the header, as follows:#UserID,fName,mName,lName,status,pam,pamURL,EmailAddr,EMAIL.2,EMAIL.3,EMAIL.4,EMAIL.5,telephoneNumber,PHONE.2,PHONE.3,PHONE.4,PHONE.5,INFOLIST#
The entries in the file are described in the following table
Entry
| Description
|
UserID | The unique ID of the user. |
fName | The first name of the user. |
mName | The middle name of the user. |
lName | The last name of the user. |
status | The status of the user. Possible values are: INITIAL ACTIVE |
pam | The personal authentication message |
pamURL | The URL where the user’s personal authentication message image is available |
EmailAddr | The contact email ID of the user. |
telephoneNumber | The complete phone number of the user with the international code. For example, US phone numbers should start with 1. |
INFOLIST | Additional information about the user. Values must be separated by semi-colons. For example: age=25;favsport=cricket |
A sample file, for example, can contain:
#UserID,fName,lName,status,EmailAddr,telephoneNumber,PHONE.2,INFOLIST# mparker,martin,parker,ACTIVE,[email protected],12345,9999,age=29;favsport=cricket jhume,john,hume,ACTIVE,[email protected],3939292,203939393,age=32;favbook=fiction fantony,francis,antony,ACTIVE,[email protected],130203,29888,age=25;favfood=pizza#
Information Required for Uploading User Accounts in Bulk
The first line in the CSV input file to upload user accounts must be as follows:
#UserID,accountType,accountID,status,accountIDAttribute1,accountIDAttribute2,accountIDAttribute3,customAttr1,customAttr2,customAttr3,customAttr4,customAttr5,customAttr6,customAttr7,customAttr8,customAttr9,customAttr10#
The preceding first (template) line is
always
required. If you do not specify this line, then the bulk user account upload operation will fail.Note the following when you create the csv input file to upload user accounts:
- Only the UserID, accountType, and accountID entries are mandatory. The other entries are optional.
- You must have created the user in the system.
- You must have created the account type and assigned it to the organization.
- You must have created custom attributes for the account type.
- You can provide up to 10 custom attributes for an account type.
The entries in the file are described in the following table.
Entry
| Description
|
UserID | The unique ID of the user. |
accountType | The account type associated with the accountID. |
accountID | The alternate ID of the user. |
status | The status of the account ID. Possible values are: [0-9]: INITIAL [10-19]: ACTIVE [20-29]: INACTIVE |
accountIDAttribute1 | Attribute of the accountID. You can provide up to a maximum of three account ID attributes. |
customAttr1 | Custom attribute for the user account. |
Sample File Entry
A sample file, for example, can contain:
#UserID,accountType,accountID,status,accountIDAttribute1,accountIDAttribute2,accountIDAttribute3,customAttr1,customAttr2# prush,ONLINE_BANKING,OB_ID1,10,login,password,image,chicago,music jhume,SAVINGS,SA_ID1,10,interest,deposit,check,florida,soccer
How to Upload Users and Accounts in Bulk
To upload multiple users and user accounts in the RA database:
- Ensure that you are logged in with the required privileges and scope to update the organization.
- Activate theOrganizationstab.
- Enter the complete or partial information of the organization you want to search and clickSearch.A list of organizations matching the search criteria appears.
- Select the organization to which you want to upload users and user accounts in bulk.
- Under theBasic Organization Informationsection, click theBulk Uploadlink to display the Bulk Data Upload page.
- In theBulk Uploadsection:
- SelectUpload User AccountsorUpload Usersfrom theBulk Upload Operationdrop-down list.
- ClickBrowseto navigate to the required csv file that contains the user account or user entries.
- Provide aDescriptionfor the operation.
- ClickUploadto upload user accounts or users in bulk.
- After the operation completes, you will see a Request ID in the message.
- (IMPORTANT) Carefully note the Request ID.You will need it to view the status of the bulk data upload operation.
Privileges Required
To upload multiple users and user accounts to an organization, you must ensure that you have the appropriate privileges and scope. The MA can do this for all organizations. GAs and OAs can perform this task for all organizations in their scope.
How to View the Status of the Bulk Data Upload Request
To view the status of the bulk data upload request:
- Ensure that you are logged in with the required privileges and scope to perform this operation.
- Activate theOrganizationstab.
- Enter the complete or partial information of the organization you want to search and clickSearch.A list of organizations matching the search criteria appears.
- Select the organization for which you want to view the status of the bulk upload request.
- Under theBasic Organization Informationsection, click theView Bulk Requestslink to display the Search Bulk Requests page.
- In the Search Bulk Requests page:
- Enter the Request ID that you noted down earlier in Step 10 in "How to Upload Users and User Accounts in Bulk to an Organization".or
- Select aStatusbased on which you want to view the bulk request.or
- Select anOperation, depending on whether you want to viewUpload UsersorUpload User Accountsrequests.
- ClickSearchto display the table.
- In case of failure, click theRequest IDlink to get more information about the bulk request.
- Click theNo. of failed operationslink to view the reason why the operation failed.
In the case of failed operations for a request, the
Export Failures
button is enabled. Click Export Failures
to export all the failed operations to a csv file. You can then correct the errors in the exported file, and resubmit the file for bulk upload.Privileges Required
To view the status of the bulk data upload request for an organization, you must ensure that you have the appropriate privileges and scope. The MA can do this for all organizations. GAs and OAs can perform this task for all organizations in their scope.
How to Refresh the Organization Cache
Organization configurations that do not refer to the global configuration, such as attribute encryption set, localization configuration, and email and telephone types are cached at the organization level. When you make changes to these configurations at the organization level, you must refresh the organization cache for the changes to take effect.
To refresh the organization cache:
- Ensure that you are logged in with the required privileges and scope to refresh the organization cache.
- Activate theOrganizationstab.
- Enter the complete or partial information of the organization you want to search and clickSearch.A list of organizations matching the search criteria appears.
- Select the organizations whose cache you want to refresh.
- ClickRefresh Cache.
- ClickOKin the dialog box to confirm your cache refresh request.A message with a Request ID for the current cache refresh request is displayed. You can check the status of your cache refresh request by clicking theCheck Cache Refresh Statuslink and selecting thisRequest ID.
Refreshing the cache of one organization does not affect the response time of transactions going on at that time for other organizations.
Privileges Required
The MA can refresh the cache of all organizations. The GA and OA can refresh the cache of all organizations within their scope.
How to Deactivate an Organization
When you want to prevent all administrators of an organization from logging in to Administration Console and end users of the organization from authenticating to your application by using RA mechanisms, you deactivate the organization.
To deactivate an organization:
- Ensure that you are logged in with the required privileges and scope to deactivate the organization.
- Activate theOrganizationstab.
- Enter the complete or partial information of the organization you want to search and clickSearch.A list of organizations matching the search criteria appears.
- Select one or more organizations that you want to deactivate.
- ClickDeactivateto disable the selected organizations.A message box appears.
- ClickOKto confirm the deactivation.
- Refreshalldeployed Transaction Server instances.See Refreshing the Cache for instructions on how to do this.
Privileges Required
To deactivate an organization, you must ensure that you have the appropriate privileges and scope. The MA can deactivate all organizations. GAs and OAs can deactivate all organizations in their scope.
How to Activate an Organization
You might need to activate a deactivated organization. In this case, you must select the
Inactive
option while specifying the search criteria on the Search Organization page.To activate a deactivated organization:
- Ensure that you are logged in with the required privileges and scope to activate the organization.
- Activate theOrganizationstab.
- Enter the complete or partial information of the organization you want to search and clickSearch.A list of organizations matching the search criteria appears.
- Select one or more organizations that you want to activate again.
- ClickActivateto activate the selected organizations.A message box appears.
- ClickOKto confirm the activation.
- Refreshalldeployed Transaction Server instances.See Refreshing the Cache for instructions on how to do this.
Privileges Required
To activate an organization, you must ensure that you have the appropriate privileges and scope. The MA can activate all organizations. GAs and OAs can activate all organizations in their scope.
How to Activate an Organization that is in Initial State
Sometimes you might start creating an organization, but not activate it. For example, you might specify the
Organization Information
and User Data Location
on the Create Organization page, but not specify the details of the LDAP repository or the administrators who will manage the organization. In such cases, the organization is created, but is not active and is not typically visible in searches (unless you search by selecting the Initial
option).Such organizations remain in the Initial state in the system, unless you activate them. Later, if you try to create a new organization with the same details as an organization in Initial state, the system does not allow you to, because the organization exists.
To activate an organization in Initial state:
- Ensure that you are logged in with the required privileges and scope to create the organization.
- Activate theOrganizationstab.
- Enter the partial or complete information of the required organization and select theInitialoption.
- ClickSearchto display the page with all the matches for the specified criteria.
- Select the organizations that you want to activate.
- ClickActivateto enable the selected organizations. A message box appears.
- ClickOKto confirm the activation.
- Refreshalldeployed Transaction Server instances.See Refreshing the Cache for instructions on how to do this.
Privileges Required
To activate an organization in Initial state, you must ensure that you have the appropriate privileges and scope. MA can activate all organizations. GAs and OAs can activate all organizations in their scope.
How to Delete an Organization
After an organization is deleted, the administrators associated with the organization can no longer log in to it by using Administration Console and the end users who belong to this organization cannot authenticate. However, the information related to the organization is still maintained in the system. The administrator who has scope on the deleted organization can read the organization details.
To delete an organization:
- Ensure that you are logged in with the required privileges and scope to delete the organization.
- Activate theOrganizationstab.
- Enter the complete or partial information of the organization you want to search and clickSearch.A list of organizations matching the search criteria appears.
- Select one or more organizations that you want to delete, and clickDelete.A message box appears.
- ClickOKto confirm the deletion.
Privileges Required
To delete an organization, you must ensure that you have the appropriate privileges and scope. The MA can delete all organizations. GAs and OAs can delete all organizations in their scope.