Jitterbit Success Central will be undergoing system maintenance and may be inaccessible starting at this time: November 30 7:00 am PST; 30 November 15:00 UTC; 1 December 2:00 am AEDT.

Skip to end of metadata
Go to start of metadata

Introduction

The Management Console Organizations page provides administrators of a Jitterbit Harmony organization with the ability to define and manage who can participate in integration projects. For definitions of Jitterbit Harmony administrative terminology and an explanation of how organization role permissions and environment access levels work, see Jitterbit Harmony Permissions and Access.

Accessing the Organizations Page

To access the Organizations page, log in to the Jitterbit Harmony Portal, then use the Harmony Portal menu in the top left to go to Management Console > Organizations:

NOTE: Make sure you are accessing the desired organization, which can be changed in the top navigation bar (see Changing the Selected Organization in Jitterbit Harmony Portal).

Managing Organizations

Jitterbit Harmony organization administrators manage the information, preferences, and policies that apply across an entire organization.

Viewing Organizations

The top section of the Organizations page contains a table that shows all the organizations that you have access to:

Initially, you have access to two organizations:

  • Company Organization: Identified in the table by the name of your company, this is the organization where you create and manage your company's integration projects.
  • Data Loader Organization: Identified in the table by your email address, this organization is used to load data into Salesforce via the Salesforce Bulk API. This organization may also be referred to as a personal organization, as you cannot invite other members to it.

Additional organizations are listed if you have been given access by an administrator of that organization.

  • Example 1: You are consulting as an integration specialist for multiple companies. Each of the organizations could give you access to assist in their integrations.
  • Example 2: The corporate structure of your company includes discrete divisions. In that case you could be an employee of one discrete division and working on integrations within separate divisions. An administrator of a division could give you access to their specific organization to assist with those division's integration projects.

Only the organization that is currently selected in the top navigation bar of the Harmony Portal is enabled for editing.

If you are an administrator of other organizations, use the dropdown that appears between your name and Help in the top navigation bar to switch between organizations and enable that organization for editing. The table will be refreshed to switch to the selected organization. Organizations that you can't administer are always disabled in the table.

To sort the organizations table, click any of the column headers.

Editing an Organization

On the far right of each row of the organizations table are the available Actions for administrators. Use the disclosure triangle to see options for editing the organization or its policies:

Choose Edit Organization to update basic information about your organization. Only the Name is used by Jitterbit Harmony.

Choose Edit Organization Policies to enable/disable or specify the following settings. Each configurable field or action is explained below.

NOTE: Settings that do not apply to organizations using Jitterbit Harmony single sign-on (SSO) (SSO organizations) are noted.
  • Password Require Special Character(s): Requires at least one of the following special characters in the Harmony password for a registered member in an organization. This setting does not apply to SSO organizations.

     ! # $ % _ < = >

  • User Password Expires In: Requires the organization's active registered users to change passwords every X number of days (Default: 90). This setting does not apply to SSO organizations.
  • Inactivate User Accounts In: Deactivates any account registering no activity within X number of days (Default: 90). This setting applies to both Harmony and SSO organizations.
  • Password History: Requires users with a forgotten password not to re-use the last X number of used passwords (Default: 5). This setting does not apply to SSO organizations.
  • Two-Factor Authentication (TFA): Requires two-factor authentication (TFA). All of the organization's members will be required to enter a verification code emailed by Jitterbit (in addition to their username and password) when they sign in. They will be required to re-verify their devices every X number of days (Default: 30). If this setting is selected, then the setting TFA on Each Login, below, cannot be selected. This setting does not apply to SSO organizations.
  • TFA on Each Login: Requires two-factor authentication on every login as opposed to every X number of days. If this setting is selected, then the setting Two-Factor Authentication (TFA), above, cannot be selected. This setting does not apply to SSO organizations.
  • Enable Remote Agent Configuration: Enables remote agent configuration through the Management Console (see View or Edit Jitterbit Conf in Agents > Agent Groups).
  • Member's Domains: Restricts access to the specified domains. Separate multiple domains using commas or semicolons.
  • Enable SSO: Enables SSO for all members of the Harmony organization, except for those included in the Bypass SSO list. For configuration details, see Enable SSO in Configuring SSO in the Management Console.

  • Bypass SSO: Bypasses the SSO settings for any users specified in the Bypass SSO User Info dialog. For configuration details, see Bypass SSO in Configuring SSO in the Management Console.

  • Enable Whitelist IP Range: Requires that the IP address — when logging in to the Harmony Portal or Design Studio, or when providing credentials during configuration of a Private Agent or Private API Gateway — be only from the specified IP range.
  • Save: Saves any changes to the Edit Organization Policies dialog. The Save button is disabled unless changes have been made, with the exception of the Bypass SSO list.

  • Cancel: Closes the Edit Organization Policies dialog without saving. Changes to the Bypass SSO list are saved even if you cancel out of the Edit Organization Policies dialog.

Managing Permissions, Roles, and Members

Members of an organization must belong to at least one role, whose access within an organization is defined by permissions assigned to those roles.

The possible permissions are described below, followed by an explanation of the actions that administrators can take in the Roles and Members tabs of the Organizations page.

A member's access to a particular area of Jitterbit Harmony depends on the combination of their organization role's permissions and its environment access:

  • A role's permissions are defined by organization administrators at the organization level, as described below.
  • A role is granted access to an environment at the environment level, as described in Managing Role Access to Environments in Environments.
  • On the Environments page, you can further define role access to an environment to View Logs, Read, Execute, or Write.
  • When role access is granted to an environment, additional Cloud Studio, Design StudioAPI Manager (if included as part of your subscription), and Citizen Integrator pages and actions become available, beyond those listed as described for each organization role permission described below.

Permissions

Administrators must assign at least one permission to each organization role, as described under Roles below. Any combination of permissions can be assigned.

There are four permissions available, as detailed in the table below. The permissions Read and Admin have cascading privilege levels, while the permissions Agent-Install and ApiConsumer are independent:

  • Read and Admin have cascading privilege levels, where Read has the lowest level of privileges, and Admin permission has the highest level of privileges. Admin permission implies Read permission without Read permission needing to be explicitly selected.
  • Agent-Install and ApiConsumer are independent permissions and do not imply Read permission. However, the Admin permission, offering the greatest privileges, does imply Agent-Install and ApiConsumer permission without those permissions needing to be explicitly selected.

Permission

Privilege Level

Privileges

Notes

Read

Lowest

Access to:

Read permission is implied if the Admin permission has been selected.
Admin

Highest

Access to and the ability to make edits and perform actions (where applicable) to:

Admin permission implies Read , Agent-Install , and ApiConsumer permissions without those permissions needing to be explicitly selected.

In organizations whose Harmony subscription has expired, Admin permission provides read-only access to the areas listed to the left.

Agent-Install

Access to:

  • Harmony Portal landing page and links (except for changing of account settings)

Ability to:

This type of permission is useful if you want certain members to install an agent, but do not want them to have administrative privileges or be able to view, modify, or run operations outside of the specific environment to which they have been granted Write access.

After an agent has been installed, it continues to function and is able to be upgraded even if a role or particular user with Agent-Install permission is removed or deactivated.

ApiConsumer

Access to:

  • Harmony Portal landing page and links (except for changing of account settings)

This permission is intended to be used to grant privileges to external API consumers. However, there is a known issue where this role grants no additional privileges beyond access to the Harmony Portal.

Instead, it is recommended to assign API consumers to a role with Read permission and then grant Read or Write access in an environment for those users to access or edit all API Manager pages, including My APIs, Portal Manager, PortalAPI Logs, Analytics, and Security Profiles.

Roles

On the bottom section of the Organizations page, select the Roles tab to display a table of existing roles. Each role contains a set of permissions that specify what actions are available to any user that is a member of the role:

Jitterbit provides an organization with two roles by default: Administrator and User. The Administrator role cannot be deleted and requires at least one person to be a member.

TIP: We recommend having more than one member assigned to the Administrator role or to a role with Admin permission. If you are unable to access an account with Admin permission, contact Jitterbit Support.

Each role can be expanded to show its members. Click the disclosure triangle  to the left of a role to view the members of the role: 

Adding a Role

T o add a role, c lick the Add Role button, enter a Name for the role into the Add Role dialog, and click Save :

The new role automatically appears as an additional row under roles. The new role has Read permissions by default.

CAUTION: After you have created a new role, you need to provide the role with access to the specific environments where it will be used. Instructions for this are provided on the Environments page.

Editing a Role's Permissions

The Permissions column lists the permissions assigned to each role. See Permissions above for an explanation of each permission.

To edit a role's permissions, in the Permission column, use the disclosure triangle to open a menu where you can select the permissions:

Adding a Member and Renaming, Removing, Activating, and Deactivating a Role

Additional actions are available for each role from the Action column. User the disclosure triangle to open the actions menu:

  • Add Member: Opens an Add Member dialog for adding a member. Enter a Username (an email address) and click Save:

    For more information, see Members below.

  • Edit Role: Opens an Edit Role dialog for renaming the role. Enter a Name and click Save:

  • Remove Role: Deletes the role. When a role is deleted, the role's access is also deleted from all environments.
  • Deactivate Role: Available only when a role's Status is Active, deactivates the role but does not delete it. Instead, the role's Status changes to Inactive.

    NOTE: When a role is deactivated, the role's access is also deleted from those environments.
  • Activate Role: Available only when a role's Status is Inactive, restores the role to an Active Status

    WARNING: When a role is reactivated, if — at the time it was deactivated — the role had previously been granted access to any environments, then that role's environment access is also restored.

Roles are granted access to an environment from the Environments page. For more information, see Managing Role Access to Environments in Environments.

Removing, Activating, and Deactivating a Member

Additional actions are available for each member from the Action column. User the disclosure triangle to open the actions menu:

  • Remove Member : Removes the member from the role. If the member is assigned to only one role, the member will be removed from the role and removed from the organization. If the member is assigned to more than one role, the member will be removed from the selected role, but will remain a member in any other roles they are assigned to.

  • Deactivate Member: Available only when a member's Status is Active, deactivates the member from the role without removing them from the role. Deactivating a member from a role results in the member's Status changing to Inactive, for that role only. Deactivating a member from one role does not deactivate them from any other roles.
  • Activate Member: Available only when a member's Status is Inactive, restores the member to an Active status, for that role only. Activating a member for one role does not reactivate them for any other roles.

Members

Select the Members tab to display a table of existing members. You can expand each member to view the roles associated with each member:

Members of an organization must be assigned to one or more roles. That is, when a new member is added, they must be assigned to a role; it is not possible to have a member without a role. To remove a member from the organization, remove them from all roles. See Managing Roles and Permissions for more information about roles.

Adding a New Member

To add a new member to the organization, click the Add Member button to open the Add Member dialog:

  • Username: Enter an email address to use as the Jitterbit Harmony username.
  • Assign Role: Use the dropdown to assign the user to an existing role. Only active roles are shown. After adding the member, they can be assigned additional roles.

After clicking Save, new Harmony users will receive an email invitation to complete registration, unless the organization is configured to use Jitterbit Harmony single sign-on (SSO). Users who are already members of another Harmony organization will receive an email indicating they have been granted access to the organization. For organizations using SSO, see Adding New Members in Registering and Logging In Using Jitterbit Harmony SSO.

The Invitation Status of new members with Harmony credentials is set to Pending until Jitterbit registration is completed. Members using SSO are already activated users.

Assigning a Member Role

Additional actions are available for each member from the Action column. User the disclosure triangle to open the actions menu:

  • Add Member Role: Opens an Add Member Role dialog for assigning another role. Use the dropdown to select an existing role and click Save:

Removing, Activating, and Deactivating a Member Role

Additional actions are available for each role from the Action column. User the disclosure triangle to open the actions menu:

  • Remove Member Role : Removes the member from the role. If the member is assigned to only one role, the member will be removed from the role and removed from the organization. If the member is assigned to more than one role, the member will be removed from the selected role, but will remain a member in any other roles they are assigned to.

  • Deactivate Member Role: Available only when a member's Status is Active, deactivates the member from the role without removing them from the role. Deactivating a member from a role results in the member's Status changing to Inactive, for that role only. Deactivating a member from one role does not deactivate them from any other roles.
  • Activate Member Role: Available only when a member's Status is Inactive, restores the member to an Active status, for that role only. Activating a member for one role does not reactivate them for any other roles.
On This Page

Last updated:  Nov 02, 2020