IBM logoEnterprise Cloud Management SupportContact Us
ArticlesArticles Most Popular ArticlesMost Popular Articles Most Helpful ArticlesMost Helpful Articles Submit A QuestionSubmit A Question
RSS Feeds
Skip Navigation
DrillDown Icon Table of Contents
DrillDown Icon Enterprise Cloud
DrillDown Icon Release Notes
DrillDown Icon Known Issues
DrillDown Icon Policies
DrillDown Icon Registration and Login
DrillDown Icon Registration
DrillDown Icon Login
DrillDown Icon Forgot My Password
DrillDown Icon Forgot My PIN
DrillDown Icon Linked Organizations
DrillDown Icon Infinicenter Console
DrillDown Icon Enterprise Cloud API
DrillDown Icon Best Practices
DrillDown Icon FAQs
DrillDown Icon Troubleshooting
DrillDown Icon Enterprise Cloud Managed Edition
DrillDown Icon Sales and Support
DrillDown Icon Proprietary Statement
  Email This ArticlePrint PreviewPrint Current Article and All Sub-Articles
 
Linked Organizations

Linked Organizations

Sometimes a company is so large that they choose to have more than one organization in the Enterprise Cloud. However, they may wish to enable users to work in more than one organization. Companies may request that IBM create links based on trust between the organizations. Using the credentials from their original organization, users may log in to any organization linked to their original organization.

Note: Users may log into only one organization at a time from any instance of Infinicenter Console.

When an organization trusts another organization, users in the trusted organization may log into the trusting organization. Actions of users, regardless of organization, are controlled by the permissions granted in the organization to which they are logged in. For users of the trusted organization to perform any actions in the trusting organization, they must have permissions to that action explicitly granted in the trusting organization. For example, organization B trusts organization A. An administrator in organization B must edit each user from organization A and grant the permissions desired for that user from organization A. Users in organization A may log into organization B and will have access to organization B in accordance with the permissions granted in organization B.

Only users with administrator permissions in the same organization as the target user account may perform user account management functions: unlock, deactivate, activate, reset, and delete. The last administrator may not be removed from a linked organization. Only users with administrator permissions in the organization in which permissions are to be granted may grant permissions to a user account. The role of NoAccess is initially applied to all users from linked organizations. All permissions for a user from a linked organization in a target organization may be removed with a single click, which restores the NoAccess role.

Note: To unlock, deactivate, activate, reset, or delete a user account, a user must have administrator permission to the organization in which the user account was created. To grant permissions for any user account visible in an organization, a user must have administrator permission to the organization to which permissions will be granted. For all other actions, users may perform actions in accordance with permissions granted in that organization.

The home organization is the organization in which the user account is defined. The target organization is the organization in which the user attempts access.

Users from linked organizations may log into either their original organization or any linked organization. With linked organizations, the authentication method used is that required by the organization to which the user is requesting access. A user, whose home organization requires password authentication, attempts to access an organization that requires certificate-based authentication; the user will be prompted for a certificate. Conversely, a user, whose home organization requires certificate-based authentication, attempts to access an organization that requires password authentication; the user will be prompted for a password. Password policy is controlled by the home organization; multi-factor and certificate authentication is controlled by the target organization.

Within Infinicenter Console, the Users tab displays users from its organizations and all linked organizations as selected by the user. Users with access to multiple organizations establish different preferences for each organization; selections for one organization are maintained separately from those of any other organization.

Users have VPN access to all organizations to which they have access.