- Getting started
- Best practices
- Tenant
- About the Tenant Context
- Searching for Resources in a Tenant
- Managing Robots
- Connecting Robots to Orchestrator
- Storing Robot Credentials in CyberArk
- Storing Unattended Robot Passwords in Azure Key Vault (read only)
- Storing Unattended Robot Credentials in HashiCorp Vault (read only)
- Storing Unattended Robot Credentials in AWS Secrets Manager (read only)
- Deleting Disconnected and Unresponsive Unattended Sessions
- Robot Authentication
- Robot Authentication With Client Credentials
- SmartCard Authentication
- Configuring automation capabilities
- Audit
- Settings - Tenant Level
- Resource Catalog Service
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Other Configurations
- Integrations
- Host administration
- Organization administration
- About organizations
- Managing organization administrators
- Managing organization settings
- Session policy
- Restricting access to a set of users
- Managing tags
- Audit logs
- Troubleshooting
Restricting access to a set of users
Tenants and services in an organizations are, by default, available to all directory users and groups who authenticate successfully.
Organization administrators can configure an organization access control policy to either allow access to all users in a directory or to restrict access to a specified list of allowed members. For any access attempt, the system checks if they are on the list of allowed entities. If they are not on the list, they are denied access and an error is raised.
Upon enabling the organization access policy, it may take up to one hour for the policy to take effect. Once in effect, users who are restricted by the policy will be denied access to all user-facing services, and services that are accessible using user tokens.
The users and groups included in the allowlist are only considered when the Only allowed members policy is enabled.
To configure the list of members that are allowed access to the organization, follow these steps: