A user asked about preventing unauthorized creation of organizations in their DEX instance. They suggested a configuration option to only let full admins create new orgs. It was noted that creating a new organization requires a license and currently there is no way to block it. The user’s request was added to the backlog to block organization creation to admins only.
Read the entire ‘Restricting Access to Organization Creation in DEX Instance’ thread below:
A question to other DEX customers. We are planning to use DEX for a site based support. We are creating roles to limit the access to a predefined set of end-user-devices. This work fine. But there is no point to prevent creating “own” organizations ore prevent downloading the agent manager including the device registration code. I think this is a important security issue…or is there a unknown workaround ?
First of all: Creating an organization would still require people to purchase a license to be able to use the product.
But not sure if I understand what your question is. Are you asking if it would be possible to disable the "Create org" if a user is logging in from the same email domain?
You could restrict access to app.controlup.com and then allow list app.controlup.com/
If you go to app.controlup.com, the first step is basically an account lookup based on your email domain that will then route you to either select an org or create an org (the screenshot you shared). If you go directly to app.controlup.com/ it skips that whole step
There are (especially larger) customers that have different IT teams, manage different parts of the org (also not uncommon in MSPs) and they need the ability to have multiple orgs under a single domain
After creating a new organization it runs in a test mode, Other users in the same tenant when starting logon can see the new organization. Then the are asking me what happens. For my understanding, creating new organization in a existing tenant should only able from admin context
Hey hey.
From my point of view only Full Admins should be able to create new orgs. Ideal would be a configuration option in the EdgeDX Roles configuration.
I can’t add new channels here in the CU Slack community either. I think that is better that way 😅
My point is that you are not an admin yet at that point.
To compare it with your slack example: you can sign up for your own slack account with the same email as you use in here. So it’s the same as us.
With that said: @member any ideas if this is something we could consider as a possible back end change? Basically the ability to not offer the option of creating new orgs for a particular domain name?
When creating a new organization, the user that creates the organization is the organization owner – No other users can login unless invited or approved by separate SAML configuration.
The new organization will requires a new license.
Currently we don’t have an option to block it
That said, I understand your use case that you do not want anyone that is not admin to be able to create an organization.
I’ll add your request to the backlog to block organizations creation to admins only
Continue reading and comment on the thread ‘Restricting Access to Organization Creation in ControlUp DEX Instance’. Not a member? Join Here!
Categories: All Archives, ControlUp Edge DX