In the administrative web portal, you can use the Organization navigation menu to create and manage organizations and suborganizations. Anchor's unique multitenant environment allows you to manage all of these organizations in one central location.
All of your organizations and suborganizations will be organized in a hierarchy within the Organization navigation menu, allowing for a scalable environment that can grow and change according to your needs.
The master organization—which is system generated—will display at the top-level of the hierarchy, and all other organizations and suborganizations will sit below the master organization. The name of the master organization will be the company name that you used when first registering as a partner. For private cloud partners, the master organization will be titled, All Organizations.
Best Practice: This master organization should remain empty; except for a few trusted administrators, users should not be given access to the master organization, and it should never be configured for internal or customer use. Master organizations should remain unpopulated for the following two reasons:
- Organization administrators have the ability to view content and user account information within the organization to which they have been assigned. Additionally, unless Privacy Mode has been enabled, they also have the ability to view this information in lower-level organizations. To mitigate the chance of exposing sensitive customer data to unauthorized individuals, you should only create organization administrator users within the organization to which they need access.
- The master organization’s Dashboard provides a totaled overview of all organization data usage, activity, and so forth. If the master organization is actively used as an organization, there is no way to view the actual usage for this organization apart from suborganizations’ usage.
Instead of populating the master organization with user accounts and data, you should instead create organizations and suborganizations under the Master Organization.
- Master Organization—each new system is populated with a master organization, which displays at the top-level of the hierarchy. The name of your master organization is based on your registration settings. The master organization should remain empty, and can be used to see an overall view of all of your organizations. Additionally, it is important to only add a minimal number of administrator accounts to this top level, as accounts added to this level will have access rights to every organization in the system.
- An Internal Organization—you can create a separate organization for your company’s own use.
- A Customer’s Organization—you can create organizations for each of your customers. Optionally, you can assign organization administrators to these specific organizations. These organization administrators only have privileges to administer the organization to which they have been assigned.
- A Suborganization—you can optionally create lower-level organizations that sit under the parent organization.
By default, suborganizations inherit many features and settings from parent organizations, but also allow you to configure different settings if needed.
For example, if you want to turn on Privacy Mode for one or two users (for example, a CEO), create a suborganization, add this user, and then turn on Privacy Mode at the suborganization level.
Or, if you want to restrict storage quota for a Team Share, create a suborganization for this Team Share, and configure storage quota policies accordingly.
Organization Policies and Settings
When a new organization is created, you will use the Settings tab to configure settings for the organization, including:
- General information for an organization, including the name, URL, and so forth
- Policies, which control the way in which an organization manages data, users, files and folders, API tokens, bandwidth, and other features
- Email settings, which allow you to specify an email server used for distributing emails
- Authentication source, which allows you to import users from Active Directory or other related systems
- Integration with a PSA system (if your organization uses a PSA system), to help you better manage alerts and notifications for individual organizations
- Custom branding, to allow you to define logos and colors used within the system
- Privacy Mode option, which allows you to limit your view of lower-level organizational data
For more information, please reference the Creating Organizations and Managing Policies Knowledgebase article.