Identity Director Administration Guide

Home 

Configure organization service attributes

In the Management Portal at Entitlement Catalog, on the Attributes tab of the service page, configure organization attributes to store a list of organizational context items. This allows actors in a service transaction to select organizational context from the list when requested.

Configuration

Field Explanation and Tips
Start in Specify the main organizational context item from which the actor can choose.
  • Use attributes and functions to dynamically determine the organizational context of the actor. In the service transaction, this resolves into a user-specific value. This is useful in organizations that serve multi-tenant sites, because it allows you to configure services that can handle multiple users located at different sites.
    • Global attributes, service attributes and people attributes are supported.
    • Specify attributes and functions manually or click the browse button to select them from a list.
    • The resolved value needs to correspond with an existing value in your organizational structure, otherwise the service fails.
  • You can include subitems of items in the list. This also applies to organizational context that is resolved as the result of a placeholder.
Initial value Specify the default value of the service attribute. This value is overwritten if a different value is provided during the service transaction.
  • Select Organization to select the initial value from the organizational context tree in the Start in field. This is a fixed value.
  • Select Use organizational context of subscriber to base the initial value on the classifications of the subscriber. The initial value is the first classification found in the organizational context tree in the Start in field. This is a dynamic value and allows you to show a personalized initial value to the actor.
    • Clear the option Include subitems in the Start in area to disregard classifications of the subscriber at a deeper level.
  • Select Choose “start in” value to set the initial value to match its Start In place, even if that Start In value is a placeholder.
  • The value is limited to 2000 characters.

You can force mandatory input by enabling Attribute may not be empty after workflow input from actor.

Example dynamic Start in field

Consider the following scenario:

Your multi-tenant site has the following organizational containers:

  • Customer A
    • Departments from customer A
  • Customer B
    • Departments from customer B
  • Customer C
    • Departments from customer C

All customers have identical services that have a qualification set based on the organizational container that applies to the customer. This allows each customer to have services that apply for his environment only. By dynamically determining the organizational context of a user, you can secure the context for users across a multi-tenant environment. In this way, users from customer A do not see the organizational structure of customer B, although they share the same environment.

Example initial value based on organizational context of subscriber

Consider the following scenario:

The classifications of a subscriber are:

Initial value

  • If you set the Start in field to Organization\Departments\Corporate IT, the initial value is Organization\Departments\Corporate IT\Helpdesk.
  • If you set the Start in field set to Organization\Departments, the initial value is Organization\Departments\Development.

Placeholders

When you insert an organization service attribute as a placeholder in actions, you can use the following options to retrieve its values:

Placeholder Explanation
#Service[{attributename}.Key] Resolve the GUID of the selected organizational context item.
#Service[{attributename}.Name] Resolve the name of the selected organizational context item.
#Service[{attributename}.ContextKey] Resolve the context key of the selected organizational context item, if this item has been created by synchronizing external data. You can use it as a reference to items in the external data.
#Service[{attributename}.Path] Resolve the path of the organizational context item to which the organization service attribute is related (e.g. "Departments\ICT\Functional Management"). This is useful to retrieve the organizational path that was selected by a user.
#Service[{attributename}.Description] Resolve the description of the attribute, e.g. "This is the organizational context of the actor".
#Service[<organization service attribute>.<organizational attribute> In a service that asks the user to select organizational context when a certain workflow action is executed, use this placeholder to resolve the values of Organizational Attributes that are related to the selected organizational context.

Example

For example, if you configure an organization service attribute Departments and an associated Organizational Attribute Department Manager, you can resolve the value of the Organizational Attribute by configuring the placeholder #Service[Departments.Department Manager]. If the user selects the department Administration in the Web Portal, this resolves the manager of the Administration department.

Suppose the following structure exists in your environment:

Scenario User selection Placeholder Value
1 Organizations\Departments\Administration #Service[Departments.Department Manager Amanda Cavendish
2 Organizations\Departments #Service[Departments.Department Manager <blank>
3 Organizations\Locations\Boston #Service[Departments.Department Manager Boston Manager
4 Organizations\Locations\Boston #Service[Locations.Phone 12345678

This leads to the following:

Org.context layer 1 Org.context layer 2 Org.context layer 3 Organizational attribute Value
Organizations (root)        
  Departments   Department Manager Not set
      Department Phone Not set
    Administration Department Manager Amanda Cavendish
  Locations   Department Phone 98412579
      Phone Not set
    Boston Phone 12345678

Was this article useful?