The Management Organization is a special cloud services Organization that lets you manage resources and policies across Organizations.
Each cloud services Organization is managed individually by one or more Organization Owners. To manage multiple Organizations from a single place, you need to set up a Management Organization and add other Organizations as members of the Management Organization. In this way, you can:
Access to the Management Organization’s resources is determined by the role assigned to each user in the Management Organization.
Organization role | Permissions |
---|---|
Organization Owner | Has full administrative access to the Management Organizaiton’s resources. |
Organization Owner (Limited) | Has administrative access to a Member Organization’s resources in the context of the Management Organization. |
Organization Member | Has read-only access to the Management Organization’s resources. |
Enterprise Administrator | Sets up and manages enterprise federation. Can access only the Enterprise Federation dashboard in the Management Organization. |
Organizations can become members of the Management Organization in one of the following ways:
Parent topic:Identity & Access Management
The Management Organization offers a set of features that allow you to manage resources and services across Member Organizations.
Your enterprise domain is federated with Tanzu Platform cloud services.
Log in to the Tanzu Platform cloud services console.
Make sure you are in the Management Organization.
You can tell that by the shield icon in front of the Organization name displayed in the top right corner of the page.
From the main menu, open the Organization > Overview page.
The Overview page displays a dashboard of tiles with information about users, attached Organizations, federation and policy status.
On the Overview page of your Management Organization, you can do the following:
- Invite Member Organizations to join the Management Organization. | |Invite a Member Organization to your Management Organization| 1. In the Organization Management, click Invite Organization. 2. To invite an Organization which is not linked to your corporate identity provider, enter its Organization ID and click Send. 3. To invite an Organization which is already linked to your corporate identity provider, use the Select from linked organizaitons option, use the drop-down menu to locate the Organization, then click Send.
The Organization Owner of the Organization receives an invitation. Once the invitation is accepted, the Organization you invited becomes attached to your Management Organization.
| |Set MFA in a Member Organization| 1. In the IAM Policy Settings tile, click View Details. This opens the Authentication Policy page. 2. From the list of Member Organizations, select one or more Organizations for which you want to activate multi factor authentication (MFA). 3. Click Edit Policies. 4. In the Multi-Factor authentication tab of the Authentication Policy for Member Organizations page, click Activate. 5. Click OK to confirm the setting.
MFA is now enforced and all members of the Member Organizations you selected will be required to register an MFA device and provide an MFA token at login. Once set, the MFA setting cannot be modified by the Member Organization.
NoteIt might take up to 30 minutes for the policy to take effect in your Organization.
| |Modify the Enterprise Federation setup|To perform this task, you must have Enterprise Federation role in the Management Organization. 1. In the Federation tile, click View Details. This opens the Enterprise Federation dashboard. |
The Management Organization is automatically created as part of the self-service enterprise federation workflow. The user who initiated the federation setup becomes the Organization Owner of the Management Organization.
The Organization Owner can invite Enterprise Administrators to complete and manage the enterprise federation setup and assign Organization roles to other members of their enterprise.
The Management Organization cannot be used as a regular Organization. Its purpose is to complete and manage the enterprise federation setup, and to manage Member Organizations.
When a Member Organization joins the Management Organization, the Organization Owner users of the Management Organization are automatically assigned Organization Owner access to the attached Organization.
As an Organization Owner user with a federated domain, you either receive an invitation from the Organizaiton Owner of the Management Organization to join, or attach your Organization through the Tanzu Platform cloud services console.
Your corporate domain is federated with Tanzu Platform cloud services.
Log in to the Tanzu Platform cloud services console.
From the main menu, open the Organization > Enterprise Management page, then click the Management Organization tab.
Click Attach to Management Organization.
The page refreshes to display the Management Organization details: name and Organization ID.
Click Attach.
Your Organization is now a Member of the Management Organization for your enterprise.
As an Organization Owner user in a Member Organization, you can detach your Organization from the Management Organization at any time.
Detaching a Member Organization impacts the Management Organization in several ways.
Detaching your Member Organization requires the following steps:
Once your Organization is detached, you can attach it to another Management Organization or run it independently of Organization hierarchy.