Organizations¶

Introduction¶

The Management Console Organizations page provides Harmony organization administrators (members of a role with the Admin organization permission) with the ability to define and manage who can use Harmony applications. For definitions of Harmony administrative terminology and an explanation of how organization role permissions and environment access levels work, see Harmony Permissions and Access.

Harmony organization administrators manage the information, preferences, and policies that apply across an entire organization.

Accessing the Organizations Page¶

To access the Organizations page, log in to the Harmony Portal, then use the Harmony Portal menu in the top left to go to Management Console > Organizations:

Note

Make sure you are accessing the desired organization, which can be changed in the top navigation bar (see Changing the Selected Organization in Harmony Portal).

Viewing Organizations¶

The top section of the Organizations page contains a table that shows all the organizations that you have access to:

attachment

Initially, you have access to two organizations:

Harmony Organization: Identified in the table by the name of your company, this is the organization where you create and manage your company's integration projects.
Data Loader Organization: Identified in the table by your email address, this organization is used to load data into Salesforce via the Salesforce Bulk API. This organization may also be referred to as a personal organization, as you cannot invite other members to it.

Additional organizations are listed if you have been given access by an administrator of that organization.

Example 1: You are consulting as an integration specialist for multiple companies. Each of the organizations could give you access to assist in their integrations.
Example 2: The corporate structure of your company includes discrete divisions. In that case you could be an employee of one discrete division and working on integrations within separate divisions. An administrator of a division could give you access to their specific organization to assist with those division's integration projects.

Only the organization that is currently selected in the top navigation bar of the Harmony Portal is enabled for editing.

If you are an administrator of other organizations, use the dropdown that appears between your name and Help in the top navigation bar to switch between organizations and enable that organization for editing. The table will be refreshed to switch to the selected organization. Organizations that you can't administer are always disabled in the table.

To sort the organizations table, click any of the column headers.

Editing an Organization¶

On the far right of each row of the organizations table are the available Actions for administrators. Use the disclosure triangle to see options for editing the organization or its policies:

Edit Organization
Edit Organization Policies

Edit Organization¶

Click Edit Organization to update basic information about your organization. Only the Name is used by Harmony.

edit organization

Edit Organization Policies¶

Click Edit Organization Policies to enable/disable or specify settings. Each configurable field or action is explained below.

edit organization policies

Note

Settings that do not apply to organizations using Harmony single sign-on (SSO) (SSO organizations) are noted.

User Management: These are the available user management settings:
- Password Require Special Character(s): Requires at least one of these following special characters in the Harmony password for a registered member in an organization:
  
  ! # $ % _ < = >
  
  Note
  
  This setting does not apply to SSO organizations.
- User Password Expires In: Requires the organization's active registered users to change passwords every X number of days (Default: 90). This setting does not apply to SSO organizations.
- Inactivate User Accounts In: Deactivates any account registering no activity within X number of days (Default: 90). This setting applies to both Harmony and SSO organizations.
- Password History: Requires users with a forgotten password not to re-use the last X number of used passwords (Default: 5). This setting does not apply to SSO organizations.
- Two-Factor Authentication (TFA): Requires two-factor authentication (TFA). All of the organization's members will be required to enter a verification code emailed by Jitterbit (in addition to their username and password) when they sign in. They will be required to re-verify their devices every X number of days (Default: 30). If this setting is selected, then the setting TFA on Each Login, below, cannot be selected. This setting does not apply to SSO organizations.
- TFA on Each Login: Requires two-factor authentication on every login as opposed to every X number of days. If this setting is selected, then the setting Two-Factor Authentication (TFA), above, cannot be selected. This setting does not apply to SSO organizations.
- Member's Domains: Restricts access to the specified domains. Separate multiple domains using commas or semicolons.
- Enable SSO: Enables SSO for all members of the Harmony organization, except for those included in the Bypass SSO list. For configuration details, see Enable SSO in Configure SSO in the Management Console.
- Bypass SSO: Bypasses the SSO settings for any users specified in the Bypass SSO User Info dialog. For configuration details, see Bypass SSO in Configure SSO in the Management Console.
- Enable Whitelist IP Range: Requires that the IP address — when logging in to the Harmony Portal or Design Studio, or when providing credentials during configuration of a Private Agent or Private API Gateway — be only from the specified IP range.
Agent Management: These are the available agent management settings:
- Enable Remote Agent Configuration: Enables remote agent configuration through the Management Console (see View or Edit Jitterbit Conf in Agents > Agent Groups).
- Override Schedule Agent Time Zone: When selected, you can specify the time zone in which all current and future schedules across an organization will run. To select a time zone, backspace on the currently selected time zone and then use the menu to select the time zone to be used. This setting will be implemented only for schedules on agent version 10.40 or later. Any scripts that use date and time functions will not be overridden with your selected time zone.
  
  By default, the time zone in which a scheduled operation will run depends on the agent running the operation (see Operation Time Zones in Operation Schedules).
- Time Zone: Once enabled by Override Schedule Agent Time Zone, the Time Zone field will automatically populate with the time zone as reported by your browser. To select a different time zone, backspace on the populated time zone and select or type the desired time zone from the dropdown.
  
  When using agent version 10.85 / 11.23 or later, and the agent is using a time zone that observes daylight savings, these actions occur during a daylight saving time switch:
  - When a once-daily schedule is set between 2 - 3 AM, the scheduled operation will run at 3 AM on the second Sunday of March.
  - When a once-daily schedule is set between 1 - 2 AM, the scheduled operation will run on the second instance of 1 AM on the first Sunday of November.
  A known issue exists for the above scenarios when using agent version 10.84 / 11.22 and earlier.
  
  Tip
  
  For schedule consistency, it is recommended to use a time zone that does not observe daylight saving time, such as UTC (Cloud Agents use UTC by default). If using a Private Agent, you can use the Override Schedule Agent Time Zone setting and select Etc/UTC.
- Disable Auto Connector Update: Select to suspend updates to Connector SDK-based connectors when using Private Agents. (Whether each Jitterbit-provided connector is based on the Connector SDK is noted in each connector's documentation.)
  
  When automatic connector updates are disabled, using its connection’s Test button no longer downloads the latest version of that connector to Private Agents. However, these connectors will still download the latest version of the connector after installing a new agent or when an agent’s PostgreSQL database is reset.
  
  You can manually force agents to download the latest version of affected connectors on the Agents > Agent Groups page, by selecting the Agent Group and using its Action menu to select Update connectors.
API Management: These are the available Harmony application settings:
- Require APIs Have Security Profile to Publish: Requires that APIs created through API Manager have a security profile assigned. Requiring that APIs have a security profile is enforced on any newly created or edited APIs when saving the API, regardless of the status (Draft, Published, or Published with Draft). Any existing APIs that do not currently have a security profile assigned will be unaffected until they are edited (see Custom API configuration, OData Service configuration, and Proxy API configuration).
- Enable Re-authentication on Change: When enabled, certain Cloud Studio connectors will require users to re-enter connection credentials when editing certain fields in an endpoint's connection. This feature is currently supported for these connectors (see the connector's documentation for information on the affected fields):
  Amazon Redshift
  
  Apache Kakfa
  
  Coupa
  
  Database
  
  Epicor Kinetic
  
  File Share
  
  FTP
  
  HTTP
  
  HTTP v2
  
  Jenkins
  
  Jitterbit MQ
  
  JMS
  
  LDAP
  
  Linio
  
  Magento
  
  Microsoft Dynamics AX
  
  Microsoft Dynamics CRM
  
  MS Azure AD
  
  NetSuite
  
  OData
  
  Oracle Commerce Cloud
  
  RabbitMQ
  
  Salesforce
  
  Salesforce Einstein Analytics
  
  Salesforce Events
  
  Salesforce Service Cloud
  
  SAP SuccessFactors
  
  ServiceMax
  
  ServiceNow
  
  SMB
  
  Snowflake
  
  SugarCRM
  
  WooCommerce
  
  Workday
  
  Workday Prism Analytics
  
  Zendesk
- Enable Audit Logging: Activates audit logging of user activity in select Harmony applications, such as Management Console and Cloud Studio. See Audit Logging for details.
Save: Saves any changes to the Edit Organization Policies dialog. The Save button is disabled unless changes have been made, with the exception of the Bypass SSO list.
Cancel: Closes the Edit Organization Policies dialog without saving. Changes to the Bypass SSO list are saved even if you cancel out of the Edit Organization Policies dialog.

Managing Permissions, Roles, and Members¶

Members of an organization must belong to at least one role, whose access within an organization is defined by permissions assigned to those roles.

The possible permissions are described below, followed by an explanation of the actions that administrators can take in the Roles and Members tabs of the Organizations page.

A member's access to a particular area of Harmony depends on the combination of their organization role's permissions and its environment access:

A role's permissions are defined by organization administrators at the organization level, as described below.
A role is granted access to an environment at the environment level, as described in Managing Role Access to Environments in Environments.
On the Environments page, you can further define role access to an environment to View Logs, Read, Execute, or Write.
When role access is granted to an environment, additional Cloud Studio, Design Studio, API Manager (if included as part of your subscription), Marketplace, Management Console, and Citizen Integrator pages and actions become available, beyond those listed as described for each organization role permission described below.

Tip

Environment access levels grant no additional access to the EDI or Vinyl applications; access to these apps is governed by organization permissions alone.

Permissions¶

Administrators must assign at least one permission to each organization role, as described under Roles below. Any combination of permissions can be assigned.

There are five permissions available, as detailed in the table below. The permissions Read and Admin have cascading privilege levels, while the permissions Agent-Install, ApiConsumer, and App Developer are independent:

Read and Admin have cascading privilege levels, where Read has the lowest level of privileges, and Admin permission has the highest level of privileges. Admin permission implies Read permission without Read permission needing to be explicitly selected.
Agent-Install, ApiConsumer, and App Developer are independent permissions and do not imply Read permission. However, the Admin permission, offering the highest privileges, implies Agent-Install, ApiConsumer, and App Developer permissions without those permissions needing to be explicitly selected.

Permission	Privilege Level	Privileges	Notes
Read	Lowest	Access to: Harmony Portal landing page and links Harmony Portal Downloads page API Manager My APIs, Portal, API Logs, and Analytics pages in environments where roles with this permission have been granted Read access (see Access Levels in Environments) Management Console Dashboard and Message Queues pages Marketplace Access to and the ability to make edits and perform actions to: EDI	Read permission is implied if the Admin permission has been selected.
Admin	Highest	Access to and the ability to make edits and perform actions (where applicable) to: Harmony Portal landing page and links Harmony Portal Downloads page Cloud Studio project-level deployment settings API Manager My APIs, Portal Manager, Portal, API Logs, Analytics, Security Profiles, Trusted IP Groups, and API Groups pages Vinyl Admin page Management Console Dashboard, Access Tokens, User Management, Projects, Runtime Operations, Audit Logging, Notifications, Organizations, Environments, all Agents, all Customizations pages, and the Message Queues page Marketplace Ability to: Install a Private API Gateway	Admin permission implies Read, Agent-Install, ApiConsumer, and App Developer permissions without those permissions needing to be explicitly selected. In organizations whose Harmony subscription has expired, Admin permission provides read-only access to the areas listed to the left.
Agent-Install	—	Access to: Harmony Portal landing page and links (except for changing of account settings) Ability to: Install Private Agents in environments where roles with this permission have been granted Write access (see Access Levels in Environments)	This permission is intended to be used in combination with environment access levels to grant privileges to install agents in an environment. By itself, this permission provides access to the Harmony Portal landing page and its links only. When a role with Agent-Install permission is granted Write access in an environment, its members can install Private Agents.
ApiConsumer	—	Access to: API Manager Portal page in environments where roles with this permission have been granted a minimum of Read access (see Access Levels in Environments)	This permission is intended to be used in combination with environment access levels to grant privileges to access the Portal page in an environment. By itself, this permission provides no Harmony Portal access. When a role with ApiConsumer permission is granted a minimum of Read access in an environment, its members can access the Portal page through a direct link.
App Developer	—	No additional access.	This permission is deprecated and is no longer used.

Roles¶

On the bottom section of the Organizations page, select the Roles tab to display a table of existing roles. Each role contains a set of permissions that specify what actions are available to any user that is a member of the role:

attachment

Jitterbit provides an organization with two roles by default: Administrator and User. The Administrator role cannot be deleted and requires at least one person to be a member.

Tip

We recommend having more than one member assigned to the Administrator role or to a role with Admin permission. If you are unable to access an account with Admin permission, contact Jitterbit Support.

Each role can be expanded to show its members. Click the disclosure triangle to the left of a role to view the members of the role:

attachment

Adding a Role¶

To add a role, click the Add Role button, enter a Name for the role into the Add Role dialog, and click Save:

attachment

The new role automatically appears as an additional row under roles. The new role has Read permissions by default.

Caution

After you have created a new role, you need to provide the role with access to the specific environments where it will be used. Instructions for this are provided on the Environments page.

Editing a Role's Permissions¶

The Permissions column lists the permissions assigned to each role. See Permissions above for an explanation of each permission.

To edit a role's permissions, in the Permission column, use the disclosure triangle to open a menu where you can select the permissions:

Adding a Member and Renaming, Removing, Activating, and Deactivating a Role¶

Additional actions are available for each role from the Action column. Use the disclosure triangle to open the actions menu:

Add Member: Opens an Add Member dialog for adding a member. Enter a Username (an email address) and click Save:

For more information, see Members below.
Edit Role: Opens an Edit Role dialog for renaming the role. Enter a Name and click Save:
Remove Role: Deletes the role. When a role is deleted, the role's access is also deleted from all environments.
Deactivate Role: Available only when a role's Status is Active, deactivates the role but does not delete it. Instead, the role's Status changes to Inactive.

Note

When a role is deactivated, the role's access is also deleted from those environments.
Activate Role: Available only when a role's Status is Inactive, restores the role to an Active Status.

Warning

When a role is reactivated, if — at the time it was deactivated — the role had previously been granted access to any environments, then that role's environment access is also restored.

Roles are granted access to an environment from the Environments page. For more information, see Managing Role Access to Environments in Environments.

Removing, Activating, and Deactivating a Member¶

Additional actions are available for each member from the Action column. Use the disclosure triangle to open the actions menu:

attachment

Remove Member: Removes the member from the role. If the member is assigned to only one role, the member will be removed from the role and removed from the organization. If the member is assigned to more than one role, the member will be removed from the selected role but will remain a member in any other roles they are assigned to.
Deactivate Member: Available only when a member's Status is Active, deactivates the member from the role without removing them from the role. Deactivating a member from a role changes the member's Status to Inactive for that role only. Deactivating a member from one role does not deactivate them from any other roles.
Activate Member: Available only when a member's Status is Inactive, restores the member to an Active status for that role only. Activating a member for one role does not reactivate them for any other roles.

Members¶

Select the Members tab to display a table of existing members. You can expand each member to view the roles associated with each member:

attachment

Members of an organization must be assigned to one or more roles. That is, when a new member is added, they must be assigned to a role; it is not possible to have a member without a role. To remove a member from the organization, remove them from all roles. See Managing Roles and Permissions for more information about roles.

Adding a New Member¶

To add a new member to the organization, click the Add Member button to open the Add Member dialog:

attachment

Username: Enter an email address to use as the Harmony username.
Assign Role: Use the dropdown to assign the user to an existing role. Only active roles are shown. After adding the member, they can be assigned additional roles.

After clicking Save, new Harmony users will receive an email invitation to complete registration, unless the organization is configured to use Harmony single sign-on (SSO). Users who are already members of another Harmony organization will receive an email indicating they have been granted access to the organization. For organizations using SSO, see Adding New Members in Registering and Logging In Using Harmony SSO.

The Invitation Status of new members with Harmony credentials is set to Pending until Jitterbit registration is completed. Members using SSO are already activated users.

Assigning a Member Role¶

Additional actions are available for each member from the Action column. Use the disclosure triangle to open the actions menu:

attachment

Add Member Role: Opens an Add Member Role dialog for assigning another role. Use the dropdown to select an existing role and click Save:

Removing, Activating, and Deactivating a Member Role¶

Additional actions are available for each role from the Action column. Use the disclosure triangle to open the actions menu:

attachment

Remove Member Role: Removes the member from the role. If the member is assigned to only one role, the member will be removed from the role and removed from the organization. If the member is assigned to more than one role, the member will be removed from the selected role but will remain a member in any other roles they are assigned to.
Deactivate Member Role: Available only when a member's Status is Active, deactivates the member from the role without removing them from the role. Deactivating a member from a role changes the member's Status to Inactive for that role only. Deactivating a member from one role does not deactivate them from any other roles.
Activate Member Role: Available only when a member's Status is Inactive, restores the member to an Active status for that role only. Activating a member for one role does not reactivate them for any other roles.