The Management Organization is a special Cloud Services Organization that lets you manage resources and policies across Organizations.

Each Cloud Services Organization is managed individually by one or more Organization Owners. To manage multiple Organizations from a single place, you need to set up a Management Organization and add other Organizations as members of the Management Organization. In this way, you can:
  • View statistics for users and services in the Member Organizations.
  • Set up and manage enterprise federation for your corporate domain.
  • Set and edit authentication policies for Member Organizations.

What do I need to know about access to the Management Organization

Access to the Management Organization's resources is determined by the role assigned to each user in the Management Organization.
Organization role Permissions
Organization Owner Has full administrative access to the Management Organizaiton's resources.
Organization Owner (Limited) Has administrative access to a Member Organization's resources in the context of the Management Organization.
Organization Member Has read-only access to the Management Organization's resources.
Enterprise Administrator Sets up and manages enterprise federation. Can access only the Enterprise Federation dashboard in the Management Organization.

How to enroll an Organization as a member of a Management Organization

Organizations can become members of the Management Organization in one of the following ways:
  • Through invitation from the Organization Owner of the Management Organization. An Organization Owner from the invited Organization must accept the invitation.
  • An Organization Owner attaches their Organization to the Management Organization through a simple workflow in Cloud Services Console.

What can I do in the Management Organization

The Management Organization offers a set of features that allow you to manage resources and services across Member Organizations.

Prerequisites

  • You must have Organization Owner role in the Management Organization.
  • Your Management Organization has one or more Member Organizations.
  • Your enterprise domain is federated with VMware Cloud Services.

Procedure

  1. Log in to the Cloud Services Console.
  2. Make sure you are in the Management Organization.
    You can tell that by the shield icon in front of the Organization name displayed in the top right corner of the page.
  3. From the main menu, open the Organization > Overview page.
    The Overview page displays a dashboard of tiles with information about users, attached Organizations, federation and policy status.
  4. On the Overview page of your Management Organization, you can do the following:
    To... Do this...
    View a summary of users in the Management Organization. In the User Summary tile, click View Details. This opens the Insights > Overview page. For more information how to use this page, see .
    View details for Member Organizations. In the Organization Summary tile, click View Details. This opens the Organization Management page where you can:
    • View details for the attached organizations, such as Organization name, ID, and member status.
    • Invite Member Organizations to join the Management Organization.
    Invite a Member Organization to your Management Organization
    1. In the Organization Management , click Invite Organization.
    2. To invite an Organization which is not linked to your corporate identity provider, enter its Organization ID and click Send.
    3. To invite an Organization which is already linked to your corporate identity provider, use the Select from linked organizaitons option, use the drop-down menu to locate the Organization, then click Send.

      The Organization Owner of the Organization receives an invitation. Once the invitation is accepted, the Organization you invited becomes attached to your Management Organization.
    Set MFA in a Member Organization
    1. In the IAM Policy Settings tile, click View Details. This opens the Authentication Policy page.
    2. From the list of Member Organizations, select one or more Organizations for which you want to activate multi factor authentication (MFA).
    3. Click Edit Policies.
    4. In the Multi-Factor authentication tab of the Authentication Policy for Member Organizations page, click Activate.
    5. Click OK to confirm the setting.
      MFA is now enforced and all members of the Member Organizations you selected will be required to register an MFA device and provide an MFA token at login. Once set, the MFA setting cannot be modified by the Member Organization.
      Note: It might take up to 30 minutes for the policy to take effect in your Organization.
    Modify the Enterprise Federation setup To perform this task, you must have Enterprise Federation role in the Management Organization.
    1. In the Federation tile, click View Details. This opens the Enterprise Federation dashboard. For detailed instructions, refer to How do I modify the enterprise federation setup.

How do I create a Management Organization

The Management Organization is automatically created as part of the self-service enterprise federation workflow. The user who initiated the federation setup becomes the Organization Owner of the Management Organization.

The Organization Owner can invite Enterprise Administrators to complete and manage the enterprise federation setup and assign Organization roles to other members of their enterprise.

The Management Organization cannot be used as a regular Organization. Its purpose is to complete and manage the enterprise federation setup, and to manage Member Organizations.

When a Member Organization joins the Management Organization, the Organization Owner users of the Management Organization are automatically assigned Organization Owner access to the attached Organization.

How do I attach my Organization to the Management Organization

As an Organization Owner user with a federated domain, you either receive an invitation from the Organizaiton Owner of the Management Organization to join, or attach your Organization through the Cloud Services Console.

Prerequisites

  • You must be an Organization Owner user in the Organization you want to attach to the Management Organization.
  • Your corporate domain is federated with VMware Cloud Services.

Procedure

  1. Log in to the Cloud Services Console.
  2. From the main menu, open the Organization > Enterprise Management page, then click the Management Organization tab.
  3. Click Attach to Management Organization.
    The page refreshes to display the Management Organization details: name and Organization ID.
  4. Click Attach.

Results

Your Organization is now a Member of the Management Organization for your enterprise.

What is the impact of detaching my Organization from the Management Organization

As an Organization Owner user in a Member Organization, you can detach your Organization from the Management Organization at any time.

Detaching a Member Organization impacts the Management Organization in several ways.
  • The Management Organization cannot access information about the Member Organization's resources and services.
  • The Management Organization cannot set policies or perform any other actions in the Member Organization's.
  • Any Organization and service roles inherited from the attached Organization are removed.
Detaching your Member Organization requires the following steps:
  1. Log in to the Cloud Services Console.
  2. From the main menu, open the Organization > Enterprise Management page, then click the Management Organization tab.
  3. Click Detach Organization.
  4. Acknowledge the consequences of detaching your Member Organization, then click Detach.

Once your Organization is detached, you can attach it to another Management Organization or run it independently of Organization hierarchy.