What is an organisational unit?
An organisational unit (OU) is a container into which you can place users. OUs can be arranged into hierarchies which enables them to be used to model organisational structures (both internal and external) and to better organise and manage users for role assignment (for example, delegated administration), content assignment (targeting), and user selection purposes.
What is a group?
A group is also a container into which you can place users, however unlike an OU, a group is a flat structure with no hierarchy. Users can be in one or more groups and there is no limit to how many users are in each group. Groups are used to manage users for role assignment (for example, delegated administration), content assignment (targeting), and user selection purposes.
What are the system managed (implicit) user groups?
The system supports three groups that are always included with the system:
- Guest users
These groups are automatically included with the system and cannot be removed. Of these three groups, system administrators are only able to manage the membership of the new "Guests" group; membership of both the "Everyone" and "Users" groups are managed by the system. The user groups contain the following users:
- Guest users: Users added to the group by an administrator, or by an automated user rule.
- Guest users = Users added by an administrator
- Users: Every user who is not a member of the "Guests" group.
- Users = Everyone - Guests
- Everyone: Every user regardless of other group memberships and activation state.
- Everyone = Users + Guest users
Important: If you are using the Agylia Apps, and target content at the Everyone group, this content may be visible to App users, via the Search option, prior to users logging into the App. To avoid this happening, you should target content to the Users group, and ensure that the AppUser account (which can view content prior to logging in to the Apps) is a member of the Guest users group.
What types of organisational unit are supported?
There are five OU hierarchies, these are:
- Division. The division is the primary hierarchy used to represent an organisation’s structure. In some companies the division would be a business unit or department.
- Location. A user’s physical, geographic location.
- Position. A user’s job title or role.
- Grade. A user’s level within the organisation often based on pay grade.
- Cost Centre. Used for internal billing and financial tracking (for example, training spend).
Are the organisational unit names fixed?
The Agylia user interface supports configuration so that OU display labels can be changed, for example, Business unit or Department may well be more appropriate than Division in some organisations.
Can a single user be in multiple OU hierarchies?
Yes. A user can be placed in one or more of the above hierarchies.
Can a single user be in multiple OUs in a single OU hierarchy?
No. A single user can only be in a single OU within a given hierarchy. Put another way, a user can only have one OU value for a given OU type.
Do OUs replace groups as we know them today?
No. Groups are simple, flat container constructs for users. OUs are a more powerful, hierarchical construct. While OUs are useful for establishing organisational structures (a person belongs in a given division, has a specific grade, has their base in a particular geographic location), ad hoc groups are also useful. For example, you might need groups to support arbitrary collections of users from across an organisation – perhaps those required for a specific project, those attending a particular training session, or those involved in a pilot or beta training programme for example.
How is an organisational unit hierarchy represented?
OU hierarchies are represented as a property with path based strings. For example:
Within the Administration Portal, graphical pickers that visualise the hierarchies in a form that can be expanded and contracted are used – to make the administration of these values easier.
What can organisational units be used for?
You can use OUs for the following purposes:
- Filtering users. The users displayed on the Users page can be filtered based on their OU membership.
- Content assignment (targeting). For example, assign content to all users in the West coast region or users in the Sales department of our partner organisation.
- Role assignment. Admin roles can be scoped to specific OUs in addition to the group scoping which exists today. When a role is assigned to a particular OU such as /location/united states, then the role scope includes that OU and all child OUs such as /location/united states/washington state and /location/united states/washington state/redmond and /location/united states/California etc.
- Selecting subsets of users for administration purposes. Admins are able to use OU hierarchies (in addition to groups) to select and filter users for administration purposes. For example, admins with the Reporter role can run reports over specified user groups – as defined by their Reporter role scope. With OUs defined, the reporter can also select specific OUs over which to run reports – subject to their Reporter role scoping. Similarly, within the main user administration section, the admin will be able to pick a specific section of an OU hierarchy in order to filter the user list to that selection only.
How do users get placed into organisational units?
Users can be placed into OUs by editing a user's profile in the Agylia Administration portal, or by importing user information using CSV batch import, or an integration such as that used with Single Sign-On (SSO). Generally user imports and integrations are less resource intensive from a management perspective.
Can a user’s position within a given OU hierarchy be changed post import?
Yes. A Global Administrator or User Administrator can use the administration portal to change the user’s OUs – by editing the user’s OU property value such as their Location property.
What are the common admin use cases concerned with organisational units?
- As an admin, you can assign (target) content to users in (and below) a particular OU, for example, target content to all users in the United States, or just those users in Redmond, or just those users in Building 51.
- As an admin, you can assign an admin role and scope it to (and below) a particular OU, for example, to delegate administration to a member of a sub division.
- As an admin, you can quickly view users in (and below) a given OU.
- As an admin, you can run a report over all users in (and below) a particular OU.
- As an admin, you can send notifications to all users in (and below) a particular OU.
NOTE: Unlike groups, which are a flat single dimensional structure, OUs are hierarchical, so any operation against a given OU within a given OU hierarchy automatically includes all child OUs.