Skip to main content

Organization Manager

Overview

Yggio's organization Manager allows you to create and manage an organizational structure, facilitating the management of different user accounts assigned to handle various types or parts of resources. Within this structure, members (organization-limited user accounts) are assigned permissions at various levels of the organizational hierarchy.

All main account users can create and manage multiple organizations. However, a user created within an organization (a member) cannot create other organizations.

organization-create-org

Principles

The organization Manager is built upon standard hierarchical access rights sharing principles, similar to modern file systems. If you are familiar with managing permissions in a file system, like through Windows Explorer, it works in a similar way—just think of organizational units as folders and resources as files.

  • Root Unit: The top-level folder in the organization structure. All other units and resources branch from this point. Typically, the root is renamed to match the organization name.
  • Sub Units: Units within the root unit or other units, creating a tree-like structure.

The organization manager is managing resources, resources are one of the following types: IoT nodes (IoT devices), connectors, basic credential sets or reports.

Sharing and Inheritance

  • Access Right Inheritance: Access rights set at the parent unit level will be inherited by subunits and their resources. This means that if a user has access to a parent unit, they will also have access to all contained resources and subunits.
  • Explicit Access Rights: Specific access rights can be assigned directly to subunits, overriding inherited permissions from parent units. resources can also be explicitly shared one by one through Device Details and several at a time through Select Many.

Organization Management

This menu can be accessed from anywhere within an organization by clicking the "Manage organization" button in the top left corner.

Summary

organization-manager-members

This section provides a summary of the organization details, including name, description, logo, and AD-group mapping. An organization admin can map an organization to one or several AD groups. AD-group mapping will only work if a SAML IDP (Identity Provider) is used. For SAML IDP configuration, please contact your Sensative AB representative.

Organization Member Management

organization-manager-members

This section contains a list of organization members, including their full names, email addresses, and, if you are an organization admin, their user IDs as well. If you are an organization admin at any unit level, the following options will be available:

  • Create New Member: Use this option to create a new user account in Yggio and add the user to the organization. The following information must be provided:
    • First Name: The first name of the new user.
    • Last Name: The last name of the new user.
    • Email: A valid email address is required for first-time login and password recovery.
    • Username: This is the login username; using the email as the username is common.
    • Password: A one-time password is strongly recommended for security reasons. Since only the email owner can log in initially, a simple first-time login password can simplify onboarding.

organization-manager-members

  • Add Existing Members: Use the "Add Member" button to add existing members to the organization, allowing a user to be part of multiple organizations. The user's user ID must be known and provided by the user to be invited.
  • Remove Existing Members: Use the "Remove" button next to a specific member to remove them from the organization. This will not delete the account from the system, just remove it from the organization.
  • Self-Addition for organization Owners: The owner of the organization can add themselves as a member of their own organization.

Two-factor authentication is supported by the system but is not enabled by default in the UI. To enforce 2FA, please contact your Sensative representative.

Resources

organization-manager-members

This section lists the resources a user has access to. The unit from which the access is inherited is displayed, and the user's own devices will be noted as "Owner Access."

Access Details

organization-access-details

This menu choice is only available to organization admins. If you are an organization admin, you will see a list of all users in the organization and their access rights at different organizational units. This provides an excellent overview of who has access to what and simplifies the onboarding of new members by allowing cross-checking of access rights against existing members.

Organization Unit Management

This menu appears when you click on an organization unit in the organizational hierarchy. Remember that a unit behaves like a folder in a file system and contains resources placed within it.

Summary

This section provides information about the unit, such as its name and description.

Unit Members

organization-unit-members

This is the most important menu choice, where you can set access rights and sharing of resources within the organization hierarchy.

The following rights are available:

  • Manager: Grants the role of an organization admin. The user can manage the organization and member access rights from this unit level and to all subunits further down the tree. Being an organization admin also allows the user to create new user accounts and add existing user accounts to the organization.

Resource Permissions

  • Admin: Allows management of resources at this unit, inherited to all subunits further down the tree. This includes the right to set access rights for resources and delete them.
  • Write: Permits writing data to resources at this unit, inherited to all subunits further down the tree.
  • Read: Allows reading data and viewing resources at this unit, inherited to all subunits further down the tree.
  • Peek: Grants the system the right to read data from resources at this unit, but the resources will be invisible to the account user. This right is also inherited to all subunits further down the tree and is primarily used to give access to connectors.

Share Resources?:

  • Yes / No: This option allows you to share all resources of a member at a specific unit within the organization. This means that the member's resources become accessible at that unit, and all users with access to the unit, direct or inherited, can interact with the devices according to their access rights. A user can only be emplaced at one unit; if emplaced in a second place, the first will be removed. "Emplace" at a unit is equivalent to placing files in a folder in a file system.

Resources

This section lists the resources available to the user in the unit. The resources are either emplaced at the unit or inherited from subunits.