Skip to end of metadata
Go to start of metadata

Introduction

The Management Console Organizations page provides administrators of a Jitterbit Harmony organization with the ability to define and manage who can participate in integration projects.

Organization administrators should be familiar with these Jitterbit Harmony organization management terms:

  • Organization: A unique Jitterbit Harmony organization in which administrators have full control over membership and security. Settings made at the organization level (on the Organizations page) are subject to and can be further restricted at the environment level (on the Environments page).
  • Member: A user who has been invited to a Jitterbit Harmony organization by an administrator (described under Members below).
  • Administrator: A member who is assigned to a role with Admin permission at the organization level, allowing access to all features and functions available in the Management Console as well as access to all assets belonging to the organization.
  • Role: A group of members that is assigned one or more permissions at the organization level. Initially, when a Jitterbit Harmony organization is created, an Administrator role (with Admin permission) and a User role (with Read permission) are created by default. Administrators can create additional roles and add members to multiple roles (shown under Roles below).
  • Permissions: Permissions are assigned to a role at the organization level and limit an organization member's access to defined areas of an organization. Permissions include Read, AdminAgent Install, and ApiConsumer (defined under Permissions below).
CAUTION: After assigning a role at the organization level (on the Organizations page), roles must also be assigned at the environment level (on the Environments page), where you can further restrict role access to an environment to View Logs, Read, Execute, or Write. For more information, see Managing Role Access to Environments in Environments.

To access the Organizations page, log in to the Jitterbit Harmony Portal, then click the orange hamburger menu in the top left:

From the menu, hover over Management Console and select Organizations:

NOTE: Make sure you are accessing the desired organization, which can be changed in the top navigation bar (see Changing the Selected Organization in Jitterbit Harmony Portal).

Managing Organizations

Jitterbit Harmony organization administrators manage the information, preferences, and policies that apply across an entire organization.

Viewing Organizations

The top section of the Organizations page contains a table that shows all the organizations that you have access to:

Initially, you have access to two organizations ("orgs"):

  • Company Org: Identified in the table by the name of your company, this is the organization where you create and manage your company's integration projects.
  • Data Loader Org: Identified in the table by your email address, this organization is used to load data into Salesforce via the Salesforce Bulk API. This organization may also be referred to as a personal organization, as you cannot invite other members to it.

Additional organizations will be available to select only if you have been given access by an administrator for that organization.

  • Example 1: You are consulting as an integration specialist for multiple companies. Each of the organizations could give you access to assist in their integrations.
  • Example 2: The corporate structure of your company includes divisions that are separate legal entities. In that case you could be an employee of one entity and working on integrations within multiple divisions. An administrator of a division could give you access to their specific organization to assist with those division's integration projects.

Only the organization that is currently selected in the top navigation bar of the Harmony Portal will appear enabled for editing. This is to prevent administrators of multiple orgs from unintentionally editing or adding members to the wrong org.

If you are an administrator for other orgs, use the dropdown that appears between your name and Help to switch between organizations and enable that organization for editing. The table will be refreshed to switch to the selected org.

Any other organizations of which you are a member but are not an administrator will always show as disabled, as there is nothing you have permission to change.

To sort the organizations table, click any of the column headers.

Editing an Organization

On the far right of each row of the organizations table are the available Actions for administrators, accessed by clicking the Action dropdown menu:

Choose Edit Organization to update basic information about your organization (name, address, time zone, etc.). Only the Name is used in Jitterbit Harmony.

Choose Edit Organization Policies to enable/disable or specify the following settings. Each configurable field or action is explained below.

NOTE: Settings that do not apply to organizations using Jitterbit Harmony single sign-on (SSO) are noted.
  • Password Require special character(s): Requires at least one special character per Harmony password for each registered user within the organization. This setting does not apply to SSO orgs.
  • User password expires in: Requires the organization's active registered users to change passwords every X number of days (Default: 90). This setting does not apply to SSO orgs.
  • Inactivate user accounts in: Deactivates any account registering no activity within X number of days (Default: 90). This setting applies to both Harmony and SSO orgs.
  • Password history: Requires users with a forgotten password not to re-use the last X number of used passwords (Default: 5). This setting does not apply to SSO orgs.
  • Two-Factor Authentication (TFA): Requires two-factor authentication (TFA). All of the organization's members will be required to enter a verification code emailed by Jitterbit (in addition to their username and password) when they sign in. They will be required to re-verify their devices every X number of days (Default: 30). This setting does not apply to SSO orgs.
  • TFA on each login: Requires two-factor authentication on every login as opposed to every X number of days. This setting does not apply to SSO orgs.
  • Enable remote Agent configuration: Enables remote agent configuration (through the Management Console from the Agents > Agent Groups page).
  • Member's domains: Restricts access to the specified domains. Separate multiple domains using commas or semicolons.
  • Enable SSO: Enables SSO for all members of the Harmony organization, except for those included in the Bypass SSO list. For configuration details, see Enable SSO in Configuring SSO in the Management Console.

  • Bypass SSO: Bypasses the SSO settings for any users specified in the Bypass SSO User Info dialog. For configuration details, see Bypass SSO in Configuring SSO in the Management Console.

  • Enable Whitelist IP Range: Requires that the IP address, when logging in to the Jitterbit Harmony Portal or Design Studio, or when providing credentials during configuration of a Private Agent or Private API Gateway, be only from the specified IP range.
  • Save: Saves any changes to the Edit Organization Policies dialog. The Save button will be disabled unless changes have been made, with the exception of the Bypass SSO list (see note in the Bypass SSO bullet above).

  • Cancel: Closes the Edit Organization Policies dialog without saving.

Managing Permissions, Roles, and Members

Members of an organization must belong to at least one role, whose access within an organization is defined by permissions assigned to those roles.

The possible permissions are described below, followed by an explanation of the actions that administrators can take within the Roles and Members tabs of the Organizations page.

Permissions

Administrators must assign at least one permission to each role, as described under Roles below. There are four independent permissions available:

  • Read: This permission is the default, which provides the least amount of privileges and allows access to the organization. This permission is implied if any other permission (Admin, Agent-Install, or ApiConsumer) has been set.
  • Admin: This permission grants privileges that provide access to all features and functions available in the Management Console and all assets belonging to the organization. Those with Admin permission can also install agents, create customized roles, manage the membership of those roles, and set up the access control privileges for each role within each environment. This permission implies ReadAgent-Install, and ApiConsumer permissions without those permissions needing to be explicitly selected.
  • Agent-Install: This permission grants privileges for agent installation purposes only. Roles with the Agent-Install permission must also be assigned Write access within the environment where the agent is to be installed (see Grant Role Access to the Environment under Environments). This type of permission may be useful if you want certain members to install the agent, but do not want those individuals to have administrative privileges or be able to view, modify, or run operations outside of the specific environment to which they have been granted Write access. After an agent has been successfully installed, it will continue to function and be able to be upgraded going forward even if the role or particular user with Agent-Install permissions is removed or disabled. 
  • ApiConsumer: This permission grants privileges that provide access to the public-facing developer Portal in API Manager , access to API documentation, and access to execute APIs. We suggest creating separate roles for external and internal API developers to accommodate the different levels of security and access:

CAUTION: After assigning a role at the organization level (on the Organizations page), roles must also be assigned at the environment level (on the Environments page), where you can further restrict role access to an environment to View Logs, Read, Execute, or Write. For more information, see Managing Role Access to Environments in Environments.

Roles

On the bottom section of the Organizations page, select the Roles tab to display a table of existing roles. Each role contains a set of permissions that specify what actions are available to any user that is a member of the role:

Jitterbit provides an organization with two roles by default: Administrator and User. The Administrator role cannot be deleted and requires at least one person to be a member.

TIP: It is recommended to have more than one member assigned to the Administrator role or to a role with Admin permission. If you are unable to access an account with Admin permission, contact Jitterbit Support.

Each role can be expanded to show its members. Click the disclosure triangle  to the left of a role to view the members of the role: 

Adding a Role

To add a role, c lick the Add Role button , enter a Name for the role into the Add Role dialog, and click Save :

The new role automatically appears as an additional row under roles. The new role has Read permissions by default.

CAUTION: After you have created a new role, you need to provide the role with access to the specific environments where it will be used. Instructions for this are provided on the Environments page.

Editing a Role's Permissions

The Permissions column lists the permissions assigned to each role. See Permissions above for an explanation of each permission.

To edit a role's permissions, in the Permission column, use the dropdown to select the permissions:

Adding a Member and Renaming, Removing, Activating, and Deactivating a Role

For additional actions available on each role, in the Action column, use the dropdown to open a menu of actions:

  • Add Member: Opens an Add Member dialog for adding a member. Enter a Username in the form of an email address and click Save:

    For more information, see Members below.

  • Edit Role: Opens an Edit Role dialog for renaming the role. Enter a Name and click Save:

  • Remove Role: Deletes the role. When a role is deleted, if the role has been granted access to any environments, the role's access is also deleted from those environments.
  • Deactivate Role: Available only when a role's Status is Active, deactivates the role without deleting it. Deactivating a role results in the role's Status changing to Inactive. When a role is deactivated, if the role has been granted access to any environments, the role's access is also deleted from those environments.
  • Activate Role: Available only when a role's Status is Inactive, restores the role to an Active StatusWhen a role is reactivated, if — at the time it was deactivated — the role had previously been granted access to any environments, then that role's environment access is also restored.

TIP: Roles are granted access to an environment from the Environments page. For more information, see Managing Role Access to Environments in Environments.

Removing, Activating, and Deactivating a Member

For additional actions available on each member, in the Action column, use the dropdown to open a menu of actions:

  • Remove Member : Removes the member from the role.

    WARNING: If the member is assigned to only one role, the member will be removed from the role and removed from the organization. If the member is assigned to more than one role, the member will be removed from the selected role, but will remain a member in any other roles they are assigned to.
  • Deactivate Member: Available only when a member's Status is Active, deactivates the member from the role without removing them from the role. Deactivating a member from a role results in the member's Status changing to Inactive, for that role only. Deactivating a member from one role does not deactivate them from any other roles of which they are a member.

  • Activate Member: Available only when a member's Status is Inactive, restores the member to an Active status, for that role only. Activating a member for one role does not reactivate them for any other roles of which they are a member.

Members

Select the Members tab to display a table of existing members. You can expand each member to view the roles associated with each member:

Members of an organization must be assigned to one or more roles. That is, when a new member is created, they must be assigned to a role; it is not possible to have a member without a role. To remove a member from the organization, remove them from all roles. See Managing Roles and Permissions for more information about roles.

Adding a New Member

To add a new member to the organization, click the Add Member button  to open the Add Member dialog:

  • Username: Enter an email address to use as the Jitterbit Harmony username.
  • Assign Role: Use the dropdown to assign the user to an existing role. Only active roles are shown. After adding the member, they can be assigned additional roles.

On clicking Save, new Harmony users will receive an email link to complete registration, unless the organization is configured to use Jitterbit Harmony single sign-on (SSO). For organizations using SSO, see Adding New Members in Registering and Logging In Using Jitterbit Harmony SSO.

TIP: The Invitation Status of new members with Harmony credentials is set to Pending until Jitterbit registration is completed. Members using SSO are already activated users.

Adding a Member Role

For additional actions available on each member, in the Action column, use the dropdown to open a menu of actions:

  • Add Member Role: Opens an Add Member Role dialog for assigning another role. Use the dropdown to select an existing role and click Save:

Removing, Activating, and Deactivating a Member Role

For additional actions available on each role, in the Action column, use the dropdown to open a menu of actions:

  • Remove Member Role : Removes the member from the role.

    WARNING: If the member is assigned to only one role, the member will be removed from the role and removed from the organization. If the member is assigned to more than one role, the member will be removed from the selected role, but will remain a member in any other roles they are assigned to.
  • Deactivate Member Role: Available only when a member's Status is Active, deactivates the member from the role without removing them from the role. Deactivating a member from a role results in the member's Status changing to Inactive, for that role only. Deactivating a member from one role does not deactivate them from any other roles of which they are a member.

  • Activate Member Role: Available only when a member's Status is Inactive, restores the member to an Active status, for that role only. Activating a member for one role does not reactivate them for any other roles of which they are a member.

On This Page

Last updated:  Sep 17, 2020