What is Organization Admin app & what can you do with OAA?

1. General overview

Q: What is the Organization Admin App (OAA)?

A: OAA is a centralized platform for organization administrators to manage accounts, roles, security policies, organizational units, data privacy, and audit logs for their company on the Oten Identity platform.

Q: Who can access the OAA?

A: Only users with the appropriate admin roles (such as Super Admin or Org Admin) can access and manage settings in the OAA.

2. Account management

Q: What types of accounts can I manage in OAA?

A: You can manage both Internal Accounts (employees) and Guest Accounts (external collaborators).

Q: What actions can I perform on user accounts?

A: You can view, search, filter, edit, lock/unlock, delete, assign roles, reset passwords, invite new members, and export account lists.

  • Internal accounts: Full details, unmasked emails for admins, masked phone numbers.

  • Guest accounts: Masked emails, external organization info, inviter, and status.

Q: How do I invite a new member or guest?

A: Use the “Add account” or “Invite Access” buttons in the Account management section to invite internal members or external guests, respectively.

Q: What happens if I lock an account?

A: The user will not be able to log in until the account is unlocked by an admin.

Q: Can I export account data?

A: Yes, you can export filtered or selected account lists in CSV or XLSX format, with sensitive data masked as required.

3. Role management

Q: What is a role in OAA?

A: A role is a set of permissions that define what actions a user can perform within the organization. Roles can be pre-built or custom.

Q: How do I assign or remove roles for users?

A: Use the “Assign role” feature in Account management or the dedicated Role management module to assign or remove roles for users or groups.

Q: Can I create custom roles?

A: Yes, admins can create, edit, and delete custom roles, specifying permissions and scope (organizational units).

Q: What are impact tags for permissions?

A: Permissions are categorized as High, Medium, or Low impact to help admins understand the criticality of each role.

4. Security management

Q: What security policies can I manage in OAA?

A: You can configure Two-factor authentication (2FA/MFA), Password policy, Session policy, Location policy, and VPN integration for your organization.

Q: How do I enforce MFA for all users?

A: Navigate to Security Settings and enable/enforce MFA under Two-factor authentication.

Q: Can I restrict logins by location or IP?

A: Yes, use the Location policy and VPN integration settings to restrict access based on country, region, or VPN requirements.

5. Data & Privacy

Q: How does OAA help with data privacy and compliance? A: OAA provides a centralized Data & Privacy settings page for admins to define and enforce organization-wide policies, ensuring compliance with regulations like GDPR.

Q: Who can change data privacy settings? A: Only Org Admins can access and modify these settings. All changes are logged for audit purposes.

Q: What happens if two admins edit privacy settings at the same time? A: The “last write wins” rule applies; the most recent save will take effect.

6. Audit Log & Activity monitoring

Q: What is the Audit log service? A: The Audit log service records all critical actions performed by admins and members across the Org Admin app, Profile, and Workspace. It supports compliance with GDPR, PCI DSS, and ISO 27001.

Q: What information is logged? A: Actions such as account changes, role assignments, policy updates, and security events are logged with metadata (actor, target, time, result, etc.), with sensitive data masked.

Q: How long are logs retained? A: Logs are retained in three tiers:

  • Hot (90 days, fast query)

  • Warm (12 months, batch query)

  • Cold archive (3–7 years, for compliance)

Q: Can I export audit logs? A: Yes, logs can be exported as CSV files according to applied filters.

7. Organizational Units (OUs)

Q: What are Organizational Units? A: OUs allow you to structure your organization into logical units (departments, teams) for more granular management of permissions and policies.

Q: What actions can I perform on OUs? A: You can create, edit, move, and delete OUs, as well as manage membership and assign policies at the OU level.

8. Permissions & Access control

Q: How are permissions managed in OAA? A: Permissions are grouped by module (Accounts, Groups, Roles, Security, etc.) and can be assigned to roles for granular access control.

Q: What is the difference between “Show” and “Enable” in the UI? A: “Show” means the UI element is only visible if the user has permission. “Enable” means the element is visible to all but only interactive if permitted.

Q: What are the default roles? A:

  • Super Admin: Full access to all features

  • Group Manager: Full group management

  • Workspace Manager: Full workspace management

  • Help desk: Limited support actions (view, reset password, lock/unlock accounts)

9. Organization profile

Q: What information is in the Organization profile? A: Organization Name, Description, Owner, Domain, Organization ID, and Registration date.

Q: Can I edit all fields in the Organization profile? A: You can edit descriptive fields (name, description), but core identifiers (owner, domain, ID, registration date) are read-only for security reasons.

10. Error handling & support

Q: What happens if I try to access a feature without permission? A: The system will block access and display an “Access denied” error.

Q: How are errors and edge cases handled? A: The system provides clear messages for invalid actions, unauthorized access, and network errors. All admin actions are logged for traceability.

11. Compliance & Security

Q: How does OAA support compliance? A: OAA’s audit logs, privacy controls, and security policies help organizations meet GDPR, PCI DSS, and ISO 27001 requirements.

Q: How is sensitive data protected? A: Sensitive fields (emails, phone numbers, IPs) are masked in logs and exports. No secrets or tokens are logged.

PreviousWhat is WorkSpace & what can you do with WS?NextPrivacy Policy

Last updated