Managing Organizations

In the Administration Console, an organization can either map to a complete enterprise (or a company) or a specific division, department, or other entities within the enterprise. The organization structure provided by Administration Console is flat. In other words, organizational hierarchy (in the form of parent and child organizations) is not supported, and all organizations are created at the same level as the Default Organization. For more information about Default Organization, see "Setting the Default Organization".
cara
Most of the tasks in this article can be performed by a Global Administrator (GA) or an Organization Administrator (OA) if they have the required scope to the organization.
In the Administration Console, an
organization
can either map to a complete enterprise (or a company) or a specific division, department, or other entities within the enterprise. The organization structure provided by Administration Console is flat. In other words, organizational hierarchy (in the form of parent and child organizations) is
not
supported, and all organizations are created at the same level as the Default Organization. For more information about Default Organization, see "Setting the Default Organization".
The larger the enterprise, the more complex its organization structure. As a result, management of organizations is a critical part of administration. The organization management operations supported by RA include:
2
In addition to the preceding list of tasks related to organization management, OAs can also manage organization-specific configurations.
How to Create and Activate an Organization
You can create an organization either in the RA repository or in your existing LDAP-based directory server implementations, such as Microsoft Active Directory, SunOne Directory Server, or CA Directory Server.
In case of a small deployment, you can rename the Default Organization, instead of creating a new organization.
Based on your implementation, this topic guides you through the procedure used for:
Privileges Required
To create and activate an organization, you must ensure that you have the appropriate privileges to do so. Only MA and GAs with scope can create and activate all organizations.
How to Create an Organization in Arcot Repository
To create an organization in the Arcot repository:
  1. Ensure that you are logged in with the required privileges to create the organization.
  2. Activate the
    Organizations
    tab.
  3. Under the
    Manage Organizations
    section, click the
    Create Organization
    link to display the Create Organization page.
  4. Enter the details of the organization, as discussed in the following table.
Field
Description
Organization Information
Organization Name
Enter the unique ID for the organization that you want to create.
NOTE:
You have to specify this value to log in to this organization,
not
the Display Name of the organization.
Display Name
Enter a unique descriptive name for the organization.
NOTE:
This name appears on all other Administration Console pages and reports.
Description
Provide a description for the administrators who will manage this organization.
NOTE:
You can provide additional details for later reference for the organization by using this field.
Administrator Authentication Mechanism
Select the mechanism that will be used to authenticate administrators who belong to this organization.
Administration Console supports the following types of authentication mechanisms:
Basic User Password
This is the in-built authentication mechanism provided by Administration Console. If you select this option, then administrators can log in to the console by specifying their user ID and password.
LDAP User Password
This mechanism is applicable only for LDAP organizations. The authentication policy is defined in the LDAP directory service. If you select this option, then administrators must use the credentials stored in LDAP to log in to the console.
WebFort User Password
This is the WebFort user name-password authentication method. If you select this option, then the administrator credentials are issued and authenticated by the WebFort Server.
To use this mechanism, you must have CA Arcot WebFort 7.0 installed and configured. Refer to the
CA Arcot WebFort 7.0 Installation and Deployment Guide
for detailed information about how to deploy WebFort.
Key Label Configuration
RA enables you to use hardware- or software-based encryption of your sensitive data. You can choose the encryption mode by using the arcotcommon.ini configuration file. For more information, see "HSM Encryption Settings" in "Configuration Files and Options" in the
CA Risk Analytics Installation and Deployment Guide
.
Irrespective of hardware or software encryption, all CA Arcot products use Global Key Label for encrypting user and organization data.
If you are using hardware encryption, then this label serves only as a reference (or pointer) to the actual 3DES key stored in the HSM device. In this case, the key label that you specify must match the HSM key label. However, in the case of software-based encryption, this label acts as the key.
Use Global Key
This option is selected by default. Deselect this option if you want to override the Global Key Label you specified in the bootstrap process and specify a new key label that will be used for encrypting organization-specific data.
Key Label
If you deselected the
Use Global Key
option, then specify the new key label that you want to use for the organization.
Storage Type
This option indicates whether the encryption key is stored in the database (
Software
) or the HSM (
Hardware
).
Localization Configuration
 
Use Global Configuration
Select this option to use the localization parameters that are configured at the global level.
Date Time Format
If you deselected the
Use Global Configuration
option, then specify the Date Time format that you want to use for this organization.
Preferred Locale
If you deselected the
Use Global Configuration
option, then select a preferred locale for this organization.
User Data Location
Repository Type
Select
Arcot Database
. By specifying this option, the user and administrator details for the new organization will be stored in the RDBMS repository supported by RA.
Custom Attributes
Use this section to provide additional information specific to the organization you are creating.
Name
Name of the custom attribute.
Value
Value of the custom attribute.
From this release, risk evaluation on an incoming transaction is performed based on multiple perspectives, such as Issuer, Acquirer, and Beneficiary. To achieve this, an organization-level flag is used to determine whether the organization is an Issuer, Acquirer, or Beneficiary. To identify an organization as an Issuer, Acquirer, or Beneficiary, specify the following custom attributes:
Attribute Name
Attribute Value
Perspective
SUPPORTED_PERSPECTIVES
1
Issuer
SUPPORTED_PERSPECTIVES
2
Acquirer
An organization is identified as a Beneficiary organization if it has the IMPS channel associated with it.
If no attribute value is specified, the organization is considered an Issuer Organization. All existing organizations are assumed to be Issuer organizations.
5. Click
Next.
The Select Attribute(s) for Encryption page appears.
6. In the
Attribute(s) for Encryption
section, do one of the following:
  • Select
    Use Global Configuration
    if you want to use the global settings for your attribute encryption set configuration.
  • Select the attributes that you want to encrypt from the
    Available Attributes for Encryption
    list and move them to the
    Attributes Selected for Encryption
    list.
    Click the > or < buttons to move selected attributes to the desired list. You can also click the >> or << buttons to move all attributes to the desired lists.
7. Click
Next
.
The Add Administrators page appears.
This page is
not
displayed, if all the administrators currently present in the system have the scope to manage all organizations.
8. From the
Available Administrators
list, select the administrators who will manage the organization and click the
>
button to add the administrator to the
Managing Administrators
list.
The
Available Administrators
list displays all the administrators who can manage the new organization.
If some administrators have scope to manage all organizations in the system, then you will not see the corresponding entries for those administrators in this list.
The
Managing Administrators
list displays the administrators that you have selected to manage this organization.
9. Click
Next
to proceed.
The Configure Account Type page appears.
- This page is not displayed if you have not created any account types.
- Global account types will be selected by default.
10. In the
Assign Account Types
section, select account types from the
Available
list and click the > button to move them to the
Selected
list.
11. Click
Next
to proceed.
The Configure Account Custom Attributes page appears.
This page is not displayed if you did not select any account types on the previous page.
12. Provide
Custom Attributes
for your
Account Type
, and click
Next
.
The Configure Email/Telephone Type page appears.
13. Specify the mandatory and optional email address and telephone numbers the user must provide.
14. Click
Skip
to use the email and telephone types configured at the system level and move to the next page, or click
Save
to save your changes.
The Activate Organization page appears.
15. Click
Enable
to activate the new organization.
A message box appears.
16. Click
OK
to complete the process.
If you do not choose to activate the organization, the organization is created in Initial state. You can activate the organization later. For instructions to do so, see "How to Activate an Organization That is in Initial State ".
17. Refresh
all
deployed Transaction Server instances.
See Refreshing the Cache for instructions on how to do this.
If you have configured the attribute encryption set, account types, and email and telephone types while creating the organization, ensure that you refresh
both
the system configuration and the organization cache. If you do not refresh the organization-level cache, the system gets into an unrecoverable state.
How to Create an Organization in LDAP Repository
To support LDAP user directories, you must create an organization in Lightweight Directory Access Protocol (LDAP) repository and then map the Arcot attributes with the LDAP attributes. To do so:
  1. Ensure that you are logged in with the required privileges and scope to create the organization.
  2. Activate the
    Organizations
    tab.
  3. Under the
    Manage Organizations
    section, click the
    Create Organization
    link to display the Create Organization page.
  4. Enter the details of the organization, as discussed in the following table.
Field
Description
Organization Information
Organization Name
Enter the unique ID for the organization that you want to create.
NOTE:
You can use Administration Console to log in to this organization, by specifying this value,
not
the Display Name of the organization.
Display Name
Enter a unique descriptive name for the organization.
NOTE:
This name appears on all other Administration Console pages and reports.
Description
Provide a description for the administrators who will manage this organization.
NOTE:
You can provide additional details for later reference for the organization by using this field.
Administrator Authentication Mechanism
Select the mechanism that will be used to authenticate administrators who belong to this organization.
Administration Console supports the following two types of authentication mechanisms:
Basic User Password
This is the in-built authentication mechanism provided by Administration Console. If you select this option, then administrators can log in to the console by specifying their ID and plain text password.
LDAP User Password
This mechanism is applicable only for LDAP organizations. The authentication policy is defined in the LDAP directory service. If you select this option, then administrators must use the credentials stored in LDAP to log in to the console.
WebFort User Password
This is the WebFort user name-password authentication method. If you select this option, then the administrator credentials are issued and authenticated by WebFort Server.
To use this mechanism, you must have Arcot WebFort 7.0 installed and configured. Refer to the
CA Arcot WebFort 7.0 Installation and Deployment Guide
for detailed information about how to deploy WebFort.
Key Label Configuration
Use Global Key
This option is selected by default. Deselect this option if you want to override the Global Key Label you specified in the bootstrap process and specify a new key label to encrypt organization-specific data.
Key Label
If you deselected the
Use Global Key
option, then specify the new key label that you want to use for the organization.
Storage Type
This option indicates whether the encryption key is stored in the database (
Software
) or the HSM (
Hardware
).
Localization Configuration
Use Global Configuration
Select this option to use the localization parameters that are configured at the global level.
Date Time Format
If you deselected the
Use Global Configuration
option, then specify the Date Time format that you want to use for this organization.
Preferred Locale
If you deselected the
Use Global Configuration
option, then select a preferred locale for this organization.
User Data Location
Repository Type
Select
Enterprise LDAP
. By specifying this option, the user details for the new organization will be stored in the LDAP repository that you will specify on the next page.
Custom Attributes
Name
Name of the custom attribute.
Value
Value of the custom attribute.
From this release, risk evaluation on an incoming transaction is performed based on multiple perspectives, such as Issuer, Acquirer, and Beneficiary. To achieve this, an organization-level flag is used to determine whether the organization is an Issuer, Acquirer, or Beneficiary. To identify an organization as an Issuer, Acquirer, or Beneficiary, specify the following custom attributes:
Attribute Name
Attribute Value
Perspective
SUPPORTED_PERSPECTIVES
1
Issuer
SUPPORTED_PERSPECTIVES
2
Acquirer
An organization is identified as a Beneficiary organization if it has the IMPS channel associated with it.
If no attribute value is specified, the organization is considered an Issuer Organization. All existing organizations are assumed to be Issuer organizations.
5. Click
Next.
The Create Organization page to collect the LDAP repository details appears.
6. Enter the details, described in the following table, to connect to the LDAP repository.
Field
Description
Host Name
Enter the host name of the system where the LDAP repository is available.
Port Number
Enter the port number on which the LDAP repository service is listening.
Schema Name
Specify the LDAP schema used by the LDAP repository. This schema specifies the types of objects that an LDAP repository can contain, and specifies the mandatory and optional attributes of each object type.
Typically, the schema name for Active Directory is user and for SunOne Directory and CA Directory Server, it is inetorgperson.
Base Distinguished Name
Enter the base Distinguished Name of the LDAP repository. This value indicates the starting node in the LDAP hierarchy to search in the LDAP repository.
For example, to search or retrieve a user with a DN of cn=rob laurie, ou=sunnyvale, o=arcot, c=us, you must specify the base DN as the following:
ou=sunnyvale, o=arcot, c=us
Note:
Typically, this field is case sensitive and searches all subnodes under the provided base DN.
Redirect Schema Name
Specify the name of the schema that provides the definition of the "
member
" attribute.
You can search for users in the LDAP repository by using the Base DN defined for an organization. But this search returns only the users who belong to a specific Organization Unit (OU). An LDAP administrator might want to create a group of users who belong to different Organization Units for controlling access to an entire group, and might want to search for users from different groups. When the administrator creates groups, user node DNs are stored in a "member" attribute within the group node. By default, UDS does not allow search and DN resolution based on attribute values. Redirection enables you to search for users who belong to different groups within LDAP, based on specific attribute values for a particular node.
Typically, the redirect schema names are as follows:
Active Directory: group
SunOne Directory: groupofuniquenames
CA Directory Server: groupOfUniqueNames
Connection Type
Select the type of connection that you want to use between Administration Console and the LDAP repository. Supported types are:
TCP
One-way SSL
Two-way SSL
Login Name
Enter the complete distinguished name of the LDAP repository user who has the privilege to log in to repository sever and manage the Base Distinguished Name.
For example,
uid=gt,dc=arcot,dc=com
Login Password
Enter the password of the user provided in the Login Name.
Server Trusted Root Certificate
Enter the path for the trusted root certificate who issued the SSL certificate to the
LDAP
server by using the
Browse
button, if
One-way SSL
or
Two-way SSL
: option is selected.
Client Key Store Path
Enter the path for the key store that contains the client certificate and the corresponding key by using the
Browse
button, if the
Two-way SSL
option is selected.
Note:
You must upload either PKCS#12 or JKS key store type.
Client Key Store Password
Enter the password for the client key store, if the
Two-way SSL
option is selected.
7. Click
Next
to proceed.
The page to map the repository attributes appears.
8. On this page:
Select an attribute from the
Arcot Database Attributes
list, then select the appropriate attribute from the
Enterprise LDAP Attributes
list that needs to be mapped with the Arcot attribute, and click
Map
.
Mapping of the UserName attribute is compulsory. Ensure that you map the UserName attribute to an LDAP attribute that uniquely identifies the user. If you are using Active Directory, then map
UserName
to sAMAccountName. If you are using SunOne Directory Server, then map
UserName
to uid. If you are using CA Directory Server, then map
UserName
to cn.
For Active Directory, you must map STATUS to userAccountControl.
  • Repeat the process to map multiple attributes, until you finish mapping all the required attributes.
    You do not need to map all the attributes in the
    Arcot Database Attributes
    list. You only need to map the attributes that you will use.
    The attributes that you have mapped will be moved to the
    Mapped Attributes
    list.
    If required, you can unmap the attributes. If you want to unmap a single attribute at a time, then select the attribute and click
    Unmap
    . However, if you want to clear the
    Mapped Attribute
    list, then click
    Reset
    to unmap all the mapped attributes. You cannot unmap the UserName attribute after you have activated the organization.
  • If you specified the
    Redirect Schema Name
    in the previous page, you must select the search attribute from the
    Redirect Search Attribute
    list.
    Typically, the attributes are as follows:
    • Active Directory: member
    • SunOne Directory: uniquemember
    • CA Directory Server: uniqueMember
9. Click
Next
to proceed.
The Select Attribute(s) for Encryption page appears.
10. In the
Attribute(s) for Encryption
section, do one of the following:
  • Select
    Use Global Configuration
    if you want to use the global settings for your attribute encryption set configuration.
  • Select the attributes that you want to encrypt from the
    Attributes Available for encryption
    list and move them to the
    Attributes Selected for encryption
    list.
    Click the > or < buttons to move selected attributes to the desired list. You can also click the >> or << buttons to move all attributes to the desired lists.
11. Click
Next
.
The Add Administrators page appears.
This page is
not
displayed, if all the administrators currently present in the system have the scope to manage all organizations.
12. From the
Available Administrators
list, select the administrators who will manage the organization and click the
>
button to add the administrator to the
Managing Administrators
list.
Assigning organization to administrators can be done at any time by updating the scope of existing administrators or by creating new administrators to manage the organization.
13. Click
Next
to proceed.
The Configure Account Type page appears.
This page is not displayed if you have not created any account types.
14. In the
Assign Account Types
section, select account types from the
Available
list and click the > button to move them to the
Selected
list.
15. Click
Next
to proceed.
The Configure Account Custom Attributes page appears.
This page is not displayed if you did not select any account types on the previous page.
16. Provide
Custom Attributes
for your
Account Type
, and click
Next
.
The Activate Organization page appears.
The UserName mapping
cannot
be changed or updated after the organization is activated.
17. Click
Enable
to activate the new organization.
The warning message appears.
18. Click
OK
to complete the process.
19. Refresh
all
deployed Transaction Server instances.
See Refreshing the Cache for instructions on how to do this.
If you have configured the attribute encryption set, account types, and email and telephone types while creating the organization, ensure that you refresh
both
the system configuration and the organization cache. If you do not refresh the organization-level cache, the system gets into an unrecoverable state.
How to Create an Org Family
From this release, you can group organizations under a portfolio referred to as an Org Family. This enables organizations to share list data and rules run across the family of organizations.
To create an Org Family, run the following statement:
INSERT INTO ARRFORGFAMILY (ORGNAME,ORGFAMILYNAME) VALUES(<ORGNAME>, <FAMILYNAME>);
Example:
INSERT INTO ARRFORGFAMILY (ORGNAME,ORGFAMILYNAME) VALUES('FAMILYORG1', 'FAMILY1'); INSERT INTO ARRFORGFAMILY (ORGNAME,ORGFAMILYNAME) VALUES('FAMILYORG2', 'FAMILY1'); COMMIT;
How to Search for an Organization
You can search for organizations by their display name and status. To search for the organization:
  1. Ensure that you are logged in with the required privileges and scope to create the organization.
  2. Activate the
    Organizations
    tab.
  3. Enter the partial or complete information of the required organization. You can select the following options to broaden your search:
    In the
    Organization
    field, you must enter the partial or complete display name of the organization and
    not
    the actual organization name.
  4. Click
    Search
    to display the page with all the matches for the specified criteria.
 
Privileges Required
As long as you do not need to update, activate, or deactivate an organization, you do not need privileges to search. However, you
must
have the scope over the organizations that you are searching. For example, an OA can search for a target organization
if
that organization is in their purview.
How to Update an Organization
By using Administration Console, you can update the following information for an organization:
  • Organization information
    that includes organization display name, description, and status, the administrators that manage the organization, account types assigned to the organization, email/telephone types configured, and attribute encryption set ("For Basic Organization Configurations")
  • RA-specific configurations
    for the organization that include credential profiles, authentication policies, extensible configurations, and the assigned default configurations.
 
Privileges Required
To update an organization, you must ensure that you have the appropriate privileges and scope. The MA can update all organizations. GAs and OAs can update the information for all organizations in their scope.
For Basic Organization Configurations
To update the basic organization information:
  1. Ensure that you are logged in with the required privileges and scope to update the organization.
  2. Activate the
    Organizations
    tab.
  3. Enter the complete or partial information of the organization you want to search and click the
    Search
    button.
    A list of organizations matching the search criteria appears.
  4. Under the
    Organization
    column, click the <
    ORGANIZATION_NAME
    > link for the required organization.
    The Organization Information page appears.
  5. In the
    Organization Details
    section, edit the required fields (
    Display Name
    and
    Description
    ).
  6. Edit the
    Administrator Authentication Mechanism
    , if required.
    You can edit the authentication mechanism only if there no administrators exist for this organization.
  7. In the
    Localization Configuration
    section, you can do one of the following:
    1. Choose to
      Use Global Configuration
      .
    b. Edit the
    Date Time Format
    and
    Preferred Locale
    .
  8. In the
    Custom Attributes
    section, edit the
    Name
    and
    Value
    fields, if required.
  9. Click
    Next
    to proceed with additional configurations:
    • If the organization was created in the
      Arcot Repository
      , then do the following:
      1. On the Select Attribute(s) for Encryption page,
        Use Global Configuration
        if you want to use the global settings for your attribute encryption set configuration, or select the attributes that you want to encrypt from the
        Available Attributes for Encryption
        list to the
        Attributes Selected for Encryption
        list, and click
        Next
        .
        You cannot update attributes if users have already been created in the organization.
      2. On the Update Administrators page, update the administrators who will manage the organization, and click
        Next
        .
      3. On the Configure Account Type page, configure the account types by moving them from the
        Available
        list to the
        Selected
        list and click
        Next
        .
        You cannot deselect global account types.
      4. On the Configure Account Custom Attributes page, add custom attributes for the accounts and click
        Next
        .
      5. On the Configure Email/Telephone Type page, configure the mandatory and optional Email address and Telephone Type for the users, and click
        Save
        to complete the process.
    • If the organization was created
      in the LDAP repository
      , then Edit Organization page appears. To update the organization details:
      a.Update the fields, as required, and click
      Next
      to display the page to edit the Repository Attribute Mappings.
      b. Except for the UserName mapping, you can edit the other mappings. Click
      Next
      to display the Select Attribute(s) for Encryption page.
      c. On the Select Attribute(s) for Encryption page,
      Use Global Configuration
      if you want to use the global settings for your attribute encryption set configuration, or select the attributes that you want to encrypt from the
      Available Attributes for Encryption
      list to the
      Attributes Selected for encryption
      list, and click
      Next
      .
      d. You cannot update the attributes if users have already been created in the organization. In the case of LDAP, even a simple search operation for users in the LDAP repository registers the users in the database. So, you cannot update the attributes if you have searched for users in the LDAP repository.
      e. On the Update Administrators page, update the administrators who will manage the organization and click
      Next.
      f. On the Configure Account Type page, configure the account types by moving them from the
      Available
      list to the
      Selected
      list and click
      Update
      to save your changes and complete the process.
      You cannot deselect global account types.
  10. Refresh
    all
    deployed Transaction Server instances.
    See Refreshing the Cache for instructions on how to do this.
For Risk Analytics-Specific Configurations
To update the RA configurations of an organization:
  1. Ensure that you are logged in with the required privileges and scope to update the organization.
  2. Activate the
    Organizations
    tab.
  3. Enter the complete or partial information of the organization you want to search and click the
    Search
    button to display a list of organizations matching the search criteria.
  4. Under the
    Organization
    column, click the <
    ORGANIZATION_NAME
    > link for the required organization to display the Organization Information page appears.
  5. Activate the
    Risk Engine
    tab to display the links for RA configurations in the task panel.
How to Upload Users and User Accounts in Bulk to an Organization
RA allows you to upload users and user accounts in bulk using the Administration Console. For this purpose, you need a comma-separated value (CSV) input file that contains the information for the multiple users and accounts that you want to upload.
Information Required for Uploading Users in Bulk
The first line in the CSV input file to upload users
must
be as follows:
#UserID,fName,mName,lName,status,pam,pamURL,EmailAddr,telephoneNumber,INFOLIST#
The preceding first (template) line is
always
required. If you do not specify this line, then the bulk user upload operation will fail.
Note the following when you create the csv input file to upload users:
  • The csv file should have one header starting and ending with #. All the other field names should be provided between these # symbols.
  • Only the UserID entry is mandatory. The other entries are optional.
  • If the user you are trying to upload already exists, the user details are updated.
  • You can provide up to five email addresses and five telephone numbers. In this case, you must specify the header, as follows:
    #UserID,fName,mName,lName,status,pam,pamURL,EmailAddr,EMAIL.2,EMAIL.3,EMAIL.4,EMAIL.5,telephoneNumber,PHONE.2,PHONE.3,PHONE.4,PHONE.5,INFOLIST#
The entries in the file are described in the following table
Entry
Description
UserID
The unique ID of the user.
fName
The first name of the user.
mName
The middle name of the user.
lName
The last name of the user.
status
The status of the user. Possible values are:
INITIAL
ACTIVE
pam
The personal authentication message
pamURL
The URL where the user’s personal authentication message image is available
EmailAddr
The contact email ID of the user.
telephoneNumber
The complete phone number of the user with the international code. For example, US phone numbers should start with 1.
INFOLIST
Additional information about the user. Values must be separated by semi-colons. For example:
age=25;favsport=cricket
A sample file, for example, can contain:
#UserID,fName,lName,status,EmailAddr,telephoneNumber,PHONE.2,INFOLIST# mparker,martin,parker,ACTIVE,[email protected],12345,9999,age=29;favsport=cricket jhume,john,hume,ACTIVE,[email protected],3939292,203939393,age=32;favbook=fiction fantony,francis,antony,ACTIVE,[email protected],130203,29888,age=25;favfood=pizza#
 
Information Required for Uploading User Accounts in Bulk
The first line in the CSV input file to upload user accounts must be as follows:
#UserID,accountType,accountID,status,accountIDAttribute1,accountIDAttribute2,accountIDAttribute3,customAttr1,customAttr2,customAttr3,customAttr4,customAttr5,customAttr6,customAttr7,customAttr8,customAttr9,customAttr10#
The preceding first (template) line is
always
required. If you do not specify this line, then the bulk user account upload operation will fail.
Note the following when you create the csv input file to upload user accounts:
  • Only the UserID, accountType, and accountID entries are mandatory. The other entries are optional.
  • You must have created the user in the system.
  • You must have created the account type and assigned it to the organization.
  • You must have created custom attributes for the account type.
  • You can provide up to 10 custom attributes for an account type.
The entries in the file are described in the following table.
Entry
Description
UserID
The unique ID of the user.
accountType
The account type associated with the accountID.
accountID
The alternate ID of the user.
status
The status of the account ID. Possible values are:
[0-9]: INITIAL
[10-19]: ACTIVE
[20-29]: INACTIVE
accountIDAttribute1
Attribute of the accountID.
You can provide up to a maximum of three account ID attributes.
customAttr1
Custom attribute for the user account.
Sample File Entry
A sample file, for example, can contain:
#UserID,accountType,accountID,status,accountIDAttribute1,accountIDAttribute2,accountIDAttribute3,customAttr1,customAttr2# prush,ONLINE_BANKING,OB_ID1,10,login,password,image,chicago,music jhume,SAVINGS,SA_ID1,10,interest,deposit,check,florida,soccer
 
How to Upload Users and Accounts in Bulk
To upload multiple users and user accounts in the RA database:
  1. Ensure that you are logged in with the required privileges and scope to update the organization.
  2. Activate the
    Organizations
    tab.
  3. Enter the complete or partial information of the organization you want to search and click
    Search
    .
    A list of organizations matching the search criteria appears.
  4. Select the organization to which you want to upload users and user accounts in bulk.
  5. Under the
    Basic Organization Information
    section, click the
    Bulk Upload
    link to display the Bulk Data Upload page.
  6. In the
    Bulk Upload
    section:
    1. Select
      Upload User Accounts
      or
      Upload Users
      from the
      Bulk Upload Operation
      drop-down list.
    2. Click
      Browse
      to navigate to the required csv file that contains the user account or user entries.
    3. Provide a
      Description
      for the operation.
  7. Click
    Upload
    to upload user accounts or users in bulk.
  8. After the operation completes, you will see a Request ID in the message.
  9. (
    IMPORTANT
    ) Carefully note the Request ID.
    You will need it to view the status of the bulk data upload operation.
 
Privileges Required
To upload multiple users and user accounts to an organization, you must ensure that you have the appropriate privileges and scope. The MA can do this for all organizations. GAs and OAs can perform this task for all organizations in their scope.
How to View the Status of the Bulk Data Upload Request
To view the status of the bulk data upload request:
  1. Ensure that you are logged in with the required privileges and scope to perform this operation.
  2. Activate the
    Organizations
    tab.
  3. Enter the complete or partial information of the organization you want to search and click
    Search
    .
    A list of organizations matching the search criteria appears.
  4. Select the organization for which you want to view the status of the bulk upload request.
  5. Under the
    Basic Organization Information
    section, click the
    View Bulk Requests
    link to display the Search Bulk Requests page.
  6. In the Search Bulk Requests page:
    1. Enter the Request ID that you noted down earlier in Step 10 in "How to Upload Users and User Accounts in Bulk to an Organization".
      or
    2. Select a
      Status
      based on which you want to view the bulk request.
      or
    3. Select an
      Operation
      , depending on whether you want to view
      Upload Users
      or
      Upload User Accounts
      requests.
  7. Click
    Search
    to display the table.
  8. In case of failure, click the
    Request ID
    link to get more information about the bulk request.
  9. Click the
    No. of failed operations
    link to view the reason why the operation failed.
In the case of failed operations for a request, the
Export Failures
button is enabled. Click
Export Failures
to export all the failed operations to a csv file. You can then correct the errors in the exported file, and resubmit the file for bulk upload.
Privileges Required
To view the status of the bulk data upload request for an organization, you must ensure that you have the appropriate privileges and scope. The MA can do this for all organizations. GAs and OAs can perform this task for all organizations in their scope.
How to Refresh the Organization Cache
Organization configurations that do not refer to the global configuration, such as attribute encryption set, localization configuration, and email and telephone types are cached at the organization level. When you make changes to these configurations at the organization level, you must refresh the organization cache for the changes to take effect.
To refresh the organization cache:
  1. Ensure that you are logged in with the required privileges and scope to refresh the organization cache.
  2. Activate the
    Organizations
    tab.
  3. Enter the complete or partial information of the organization you want to search and click
    Search
    .
    A list of organizations matching the search criteria appears.
  4. Select the organizations whose cache you want to refresh.
  5. Click
    Refresh Cache
    .
  6. Click
    OK
    in the dialog box to confirm your cache refresh request.
    A message with a Request ID for the current cache refresh request is displayed. You can check the status of your cache refresh request by clicking the
    Check Cache Refresh Status
    link and selecting this
    Request ID
    .
Refreshing the cache of one organization does not affect the response time of transactions going on at that time for other organizations.
Privileges Required
The MA can refresh the cache of all organizations. The GA and OA can refresh the cache of all organizations within their scope.
How to Deactivate an Organization
When you want to prevent all administrators of an organization from logging in to Administration Console and end users of the organization from authenticating to your application by using RA mechanisms, you deactivate the organization.
To deactivate an organization:
  1. Ensure that you are logged in with the required privileges and scope to deactivate the organization.
  2. Activate the
    Organizations
    tab.
  3. Enter the complete or partial information of the organization you want to search and click
    Search
    .
    A list of organizations matching the search criteria appears.
  4. Select one or more organizations that you want to deactivate.
  5. Click
    Deactivate
    to disable the selected organizations.
    A message box appears.
  6. Click
    OK
    to confirm the deactivation.
  7. Refresh
    all
    deployed Transaction Server instances.
    See Refreshing the Cache for instructions on how to do this.
Privileges Required
To deactivate an organization, you must ensure that you have the appropriate privileges and scope. The MA can deactivate all organizations. GAs and OAs can deactivate all organizations in their scope.
How to Activate an Organization
You might need to activate a deactivated organization. In this case, you must select the
Inactive
option while specifying the search criteria on the Search Organization page.
To activate a deactivated organization:
  1. Ensure that you are logged in with the required privileges and scope to activate the organization.
  2. Activate the
    Organizations
    tab.
  3. Enter the complete or partial information of the organization you want to search and click
    Search
    .
    A list of organizations matching the search criteria appears.
  4. Select one or more organizations that you want to activate again.
  5. Click
    Activate
    to activate the selected organizations.
    A message box appears.
  6. Click
    OK
    to confirm the activation.
  7. Refresh
    all
    deployed Transaction Server instances.
    See Refreshing the Cache for instructions on how to do this.
Privileges Required
To activate an organization, you must ensure that you have the appropriate privileges and scope. The MA can activate all organizations. GAs and OAs can activate all organizations in their scope.
How to Activate an Organization that is in Initial State
Sometimes you might start creating an organization, but not activate it. For example, you might specify the
Organization Information
and
User Data Location
on the Create Organization page, but not specify the details of the LDAP repository or the administrators who will manage the organization. In such cases, the organization is created, but is not active and is not typically visible in searches (unless you search by selecting the
Initial
option).
Such organizations remain in the Initial state in the system, unless you activate them. Later, if you try to create a new organization with the same details as an organization in Initial state, the system does not allow you to, because the organization exists.
To activate an organization in Initial state:
  1. Ensure that you are logged in with the required privileges and scope to create the organization.
  2. Activate the
    Organizations
    tab.
  3. Enter the partial or complete information of the required organization and select the
    Initial
    option.
  4. Click
    Search
    to display the page with all the matches for the specified criteria.
  5. Select the organizations that you want to activate.
  6. Click
    Activate
    to enable the selected organizations. A message box appears.
  7. Click
    OK
    to confirm the activation.
  8. Refresh
    all
    deployed Transaction Server instances.
    See Refreshing the Cache for instructions on how to do this.
Privileges Required
To activate an organization in Initial state, you must ensure that you have the appropriate privileges and scope. MA can activate all organizations. GAs and OAs can activate all organizations in their scope.
How to Delete an Organization
After an organization is deleted, the administrators associated with the organization can no longer log in to it by using Administration Console and the end users who belong to this organization cannot authenticate. However, the information related to the organization is still maintained in the system. The administrator who has scope on the deleted organization can read the organization details.
To delete an organization:
  1. Ensure that you are logged in with the required privileges and scope to delete the organization.
  2. Activate the
    Organizations
    tab.
  3. Enter the complete or partial information of the organization you want to search and click
    Search
    .
    A list of organizations matching the search criteria appears.
  4. Select one or more organizations that you want to delete, and click
    Delete
    .
    A message box appears.
  5. Click
    OK
    to confirm the deletion.
Privileges Required
To delete an organization, you must ensure that you have the appropriate privileges and scope. The MA can delete all organizations. GAs and OAs can delete all organizations in their scope.