Skip to main content

Organization

From Administration, Organization, admins can manage details such as authentication settings, email domain settings, and role assignments.

tip

To manage organization settings, you must have the Admin role.

Details

Admins can update the basic information about your organization that we use for authentication. For example, you can change your organization's name as it appears in password reset emails.

info

Changing your organization name from the Organization settings page does not change the name of your organization in the SixMap app.

Edit organization profile details

  1. Navigate to Administration, Organization.
  2. Select Edit from the Details section.
    • In the Name field, update your organization’s name. This is the name that appears in authentication email messages, such as password resets.
    • In the Slug field, enter a unique identifier for SixMap to use in your authentication links, if necessary. Since the identifier may appear in URLs, use only lowercase letters, numbers, and hyphens.
  3. Select Save.

Authentication settings

Admins can change which authentication methods users can select from to log into your organization's SixMap account, such as password-based or single sign-on (SSO). You can also change whether to require multi-factor authentication (MFA) for all users. For more information about MFA, see MFA.

info

If you enable MFA, users are required to use a time-based one-time password (TOTP) app to generate one-time passwords.

Edit organization authentication settings

  1. Navigate to Administration, Organization.
  2. Select Edit from the Authentication settings section.
  3. To enable primary authorization methods users can select from to log into your organization's SixMap account, under Primary authentication, enable Allow all primary auth methods and select:
    • Password: Enables password-based authentication, allowing users to log in using a username and password created specifically for SixMap.
    • Single Sign-On (SSO): Enables SSO for authentication, allowing users to log in through a centralized identity provider. For details, see SSO.
  4. Under Secondary authentication, select whether to require multi-factor authentication (MFA) for all users. If you require MFA, also select time-based one-time as the available method. For more information, see MFA.

User onboarding

Admins can change the settings that determine how users are invited to your organization's SixMap account. For example, you can choose to allow only users with specific email domains to be invited or to require users to be invited and join using an SSO connection.

Edit organization onboarding settings

  1. Navigate to Administration, Organization.
  2. Select Edit from the User onboarding section.
  3. To control who admins can invite to join the account, under Invites, enable Allow members to be invited by email, and select whether to allow:
    • Anybody: Allows invitations to any email address.
    • Users from allowed email domains: Restricts invitations to users within the allowed email domains, such as only those that are related to your organization.
  4. To allow users to automatically join based on your access control list, under JIT Provisioning, select:
    • Email domains: Allows JIT provisioning for users with email domains in the access control list.
    • SSO connections: SSO (Single Sign-On) allows users to authenticate through a centralized identity provider, such as Okta or Azure AD. This option enables JIT provisioning for users who are part of the allowed SSO connections defined in the access control list.
  5. Under Access control list, manage which email domains and SSO connections your organization allows.
    • To allow a specific email domain for email invitations or JIT provisioning, under Email domains, select Add domain, enter the domain, such as acme-corp.com, and select Save.
    • To add a SSO connection, under SSO connections, select Select connection, choose an identity provider, and select Save.
  6. Select Save.

Automatic role assignments

Admins can automatically assign roles based on a user's email domain, SCIM group membership, or SSO connection. Roles define the permissions and access levels that users have within your organization. For example, the Admin role has full access to all pages in the account, while the User role only has access to all pages except Change request form and Administration. For details, see Roles

Edit automatic role assignments

  1. Navigate to Administration, Organization.
  2. Select Edit from the Automatic role assignments section.
  3. Select Add role assignment.
    • In the Select Role: field, choose the role to automatically assign.
      • Admin: Grants full access to all pages and sections in the account.
      • Organization manager: Grants access to all the pages in the account, including the Change request form which enables changes to your organization's hierarchy. This role does not have access to Administration.
      • User: Grants access to all the pages in the account except the Change request form and Administration.
    • In the Select Source field, select the source that will trigger the role assignment:
      • Email domain: Assign the role based on the user's email domain. For example, assign all users with the email domain @example.com to the User role.
      • SCIM Group: SCIM (System for Cross-domain Identity Management) allows you to manage users and groups from external identity providers. This option assigns roles based on the user's membership in a specific SCIM group. For details, see SCIM.
      • SSO Connection: SSO (Single Sign-On) allows users to authenticate through a centralized identity provider. This option assigns roles based on the user's SSO connection. For example, assign all users who log in through Okta to the Admin role. For details, see SSO.
    • Select Save.
  4. Select Save.