Organizational Units
  • 08 Jan 2025
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Organizational Units

  • Dark
    Light
  • PDF

Article summary

This article will walk you through the different configuration options on the Settings > Organizational Units page in Clarity.


Role modification options

A common example of the Role Based Access Control structure is using Department and Job Title (shown above).  This will result in the creation of roles for every department (intermediary role) found within your organization, and every Job Title found under each department (terminal role).

Organizational Unit order

Here you can pick the Attributes defined on the Identity Attributes page to determine your Role Based Access Control structure.

Department, Job Title RBAC Structure

Rebuilding and Purge

Discard

Discard any changes you have already made to the page.

Save

Save the changes made to the the Disable Provisioning toggle or changes to the Organizational Units.

Build Roles & Role-Entitlements

This option will not remove entitlements already part of existing roles, but it may add new entitlements based on 100% matching (all members of the role already have the entitlement).

Purge Roles & Role-Entitlements

This will delete all Roles and Role-Entitlement relationships. It is recommended to perform this action, followed by the Build Roles & Role-Entitlements if you plan to reset your roles, or have made changes to your Organizational Units.

Provisioning

This option lets you globally block provisioning in your Clarity platform.  This overwrites any individual app based configurations.

Special Roles

Global (Everyone) - This role is always present, and cannot be removed.  Every identity in Clarity is a member of this role and can be used to provide all Active Identities with an entitlement you specify.
Default or Intermediary/Default - For any identities that exist in Clarity, but are missing a valid attribute (for the corresponding Organizational Units), a role (intermediary or terminal) will be generated using Default.  Check out the examples below for more details on roles generated with the name Default.

Examples of Default roles

  1. If an Identity is missing the Department attribute, but has the Job Title Senior Developer, they would receive the role Default/Senior Developer.

  2. If an Identity is missing the Job Title attribute, but has the Department Accounting, they would be assigned the Accounting/Default role.

  3. If an Identity is missing both Department and Job Title attributes, they would be added to the Default/Default role.


Need Help?

If you have any problems, contact your customer success team. You can also get in touch with our general support via email, open a support ticket. Our general support team is available Monday - Friday from 8:00 AM - 6:30 PM CST.


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.