Multi-Organization Access

Understanding Multi-Organization Access

Multi-organization access allows ZPE cloud users to access multiple organizations.
The user is authenticated against the parent organization. After successful authentication, the user can access the managed organizations based on entitlements in those organizations.

Note:

• A parent organization is where the user identity exists and is used to authenticate the user. The user is termed as a Local user or a Remote user.

• A managed organization is where the administrator invites the user as a guest to manage and support the organization. The invited user is termed as a Guest user.

How this Feature could be Useful?
There are many scenarios where the user needs access to multiple organizations without creating multiple accounts in the organization. This feature allows the administrator to authenticate against the Multiple Service Provider (MSP) organization and access multiple organizations. The Administrator of MSP can perform regular system health checks, software updates, and security patches for the client organization's IT infrastructure to ensure it runs smoothly and securely. This provides a convenient way to manage multiple organizations simultaneously.

Feature Benefits and Advantages

• Organizations do not have to create external or temporary users in their directories for security, compliance, and management overhead reasons.

• Avoids the hassle of managing the user lifecycle (Creating, maintaining, and deleting a user).

How to Provide Multi-Organization Access?

There are two ways of providing access to a User:

Add a new user who does not exist in the ZPE Cloud

• This user can directly go to the https://zpecloud.com/login or https://zpecloud.eu/login URL depending upon the region and click Create a new account.

• Fill in the form and click submit. An approval request is sent to the administrator.

• The Administrator approves the request and sends an approval email.

• The user clicks the link in the email and logs in to the ZPE cloud account.

Add a guest user who exists in ZPE Cloud with other organization:

• Step-1 Administrator Invites a User to the Managed Organization

• Step -2 The guest user accepts the invite and logs in to the ZPE Cloud

• Step-3 Accessing multiple managed organization
  If you are an existing user
  
  Step-1 Administrator Invites the User to the Managed Organization
  Perform the following actions to add a user to an organization:

1. Log in as an Administrator to your ZPE Cloud account.

2. Go to the Users tab.

3. Click Add.

4. In the Add New User window, enter the email ID and assign a role from the Groups dropdown list as shown in the following image:
    

Step- 2 The Guest User Accepts the Invite and Logs in to the ZPE Cloud

* An invite is sent to the user at the registered email ID in the Parent Organization.

* The user clicks the link in the email and accepts or declines the invite.

* Once accepted, the user is directed to the sign in page, and enters the details of the parent organization?

Note:  Once the invite is sent to add a user it cannot be revoked by the Administrator, the link either expires after 72 hours or the user needs to decline the invite.

Accessing Managed Organization

When there is more than one organization assigned to the user, the Change Company icon is enabled for the users as shown in the following image:

The user can click the Change Company icon, and the companies assigned to the user are listed as shown in the following image, you can click the desired name, and start managing it.

A user with Administrator role will have full privileges as shown in the following image:

If the user is assigned an Operator role, the user is assigned with limited privileges as shown in the following image:

Audit Logs

The logs capture activities performed by a user. Activities such as successful user authentication, user joining an organization and so on are captured in the logs.
You can view the following details related to the user logs:

• Date: The date and time of the user event

• Event ID: Each activity performed by the user is assigned an Event ID as listed below:

  • 5005: Indicates user has been successfully authenticated.

  • 5008: User has logged out of the account

  • 5019: User has been invited to join the organization

  • 5020: User has joined the organization

  • 5021: User Rejected the invitation

• Event Category: The type of the event

• Message: The description of the activity. For example,

FAQs

1. Can a user have access to multiple organizations?
   Yes, the user can access multiple organizations through a parent account.

2. How does a user get access to multiple organizations?
   You can follow the Step1 and Step 2 sections to access multiple accounts.