Organizational structure and CzechIdM

Imagine a situation where the company is organizationally divided into several departments. Individual department administrators are managing credentials. These situations can be in the Identity Manager CzechIdM easily used for user administration and delegating approaches in managed systems. Users can be sorted into subgroups. Management of selected subgroups can be assigned to any user


The following procedure shows you how to create an organization in CzechIdM.


Creating new organization in CzechIdM

After logging in to the administration section in CzechIdM, click the Users tab menu and choose submenu Make-action, then click New Organization. It will appear to us a form for a new organization. In the Name box, enter a name for the organization under which can we uniquely identify it later (in our case Traders). Now select the parent organization, click on Select in line with the headline Parent Organization.

We want just created organization that had no parent organization. Therefore, click on the top link.

Now we can save the form by clicking the Save link.

It will appear information messages to us, in this case: Merchants Organization was created.

Creating Enterprise Administrator

After logging in to the administration section CzechIdM, click on the menu tab users.

We can see a list of all users and, one organization called Merchants.For Enterprise Administrator of Traders we want to entrust the user john.doe. Click the Edit link in the row and then select the User Roles tab and controlled organization. 

User john.doe serves the role superAdminRole, which entitles him to manage CzechIdM in the admin area. Currently this user can manage any organization without restriction. In order to have rights only to the organization Traders, assign it to its controlled organizations. In table Organization, click on the link Traders.

Thus, we assign the user organization Traders among its controlled organizations.The user will now have the right to manage different organization than this. Click on the Save button.

It will Appear information messages to us, in our case: the user john.doe was saved (without changing the password).

We’ll try to test settings. Login to the administration interface of the user john.doe. We see that in the organization Traders, there is one TestUser1 user. Let’s try to click on the edit link.

It will appear to us the standard form for editing, we have the right to edit this user. Now close the form.

Now try to edit the users outside the organization Traders. We’ll try to edit the user filip, located in the top section – the root of the organizational structure. The user can not be edited. It will displayed message information to us. In our case, “You do not have permission to edit the user filip”.


The aim of this article was to show you how easily it can be to deal with the organizational structure including the CzechIdM permission. If you have any questions, we would be happy to answer them on e-mail address:

Leave a Reply