Delegated administration

Delegated administration allows B2B customer admins to manage their organization’s customer accounts through a dedicated portal. This reduces the support burden on your brand by allowing B2B customers to handle their own account management.

Organization portal interface showing the "Accounts" tab. A list of customer accounts is displayed in a table with columns for Account, Organization, Status, and Last login. The left navigation panel includes options for switching organizations, searching organizations, accessing the Accounts and Invitations tabs, and viewing the currently logged-in admin's profile. The portal is branded with the "SaaSii" logo.

Organization administration portal

Organization management

Each organization-enabled application includes a dedicated account management portal for organizations. Organization admins can log in to this portal and manage accounts that belong to their assigned organization.

📘

You also have the option to integrate with our APIs if you prefer to do organization management through a homegrown client.

Organization portal

The portal provides a focused interface for organization admins. Within this interface, they can:

  • View and search for customer accounts in their organization.
  • Perform identity and authenticator management tasks.
  • Manage core account details such as names and identifiers.
  • Support customers directly by verifying identifiers or disabling accounts when needed.
  • Manage specific customer bases.

👍

The organization portal includes the same account management capabilities as brand admins have at their disposal in the Admin Console.

📘

Organization admins can find accounts in a single search across all organizations in a hierarchy where identifier uniqueness is supported.

Organization portal interface

Organization admins access a dedicated interface that includes account and invitation management tools, navigation elements, and controls for performing common administrative actions.

Navigation panel (left sidebar)

The navigation panel on the left provides access to key areas of the Organization portal and displays contextual information about the admin and organization.

  • Organization selector (top left): Displays the current organization the admin is managing. If the admin has access to multiple organizations, this selector lets them switch between them. Admins can use the star icon to pin organizations and the adjacent arrow to quickly access favorites.
  • Search in organizations: A keyboard-enabled search field (⌘K) for quickly finding organizations based on name or full route.
  • Accounts: The default tab, displaying a list of all customer accounts in the selected organization.
  • Invitations: A tab where the admin can view and manage sent or pending invitations for new accounts.
  • Language selector: Allows the organization admin to change the display language of the portal.
  • Admin profile preview: Shows the name and primary identifier of the currently logged-in admin. The arrow expands a menu with theme options (light, dark, or system) and a logout option.

Accounts tab

This tab allows admins to view and manage existing customer accounts.

  • Toolbar (above the account table):
    • Title ("Accounts"): Indicates the current view or section.
    • Create account button: Lets the organization admin create a new customer account.
    • Refresh data button: Fetches the latest list of accounts from the identity store.
    • Filter button: Allows narrowing down the results based on status, identifiers (login identifier, account ID, username), memberships (group, role), dates (last login, created, updated, disabled), or attributes (email, given name, family name, birthdate).
    • Items per page dropdown: Controls how many items appear in the list view.
    • Pagination arrows: Navigate between pages of the account list.
  • Account table columns:
    • Account: Lists the customer’s display name and associated identifiers (username, email, phone). Also shows identifier verification status and any social or enterprise accounts connected.
    • Organization: Displays the organization the account belongs to. This is useful if the admin manages multiple orgs.
    • Status: Shows whether the account is Enabled or Disabled.
    • Last login: Indicates the time since the customer last successfully logged in.
    • Actions (︙): Opens the account actions menu, which includes options to edit account details, copy the account ID, change the account password, and clear account sessions.

Invitations tab

This tab provides visibility into customer invitations sent from the selected organization.

  • Toolbar (above the invitation table):
    • Title ("Invitations"): Indicates the current view or section.
    • Invite customer button: Opens the invitation form to send a new customer invite. The arrow next to the button opens up the option to bulk invite customers.
    • Refresh data button: Fetches the latest list of invitations.
    • Filter button: Allows narrowing down the results based on email and status.
    • Items per page dropdown: Controls how many items appear in the list view.
    • Pagination arrows: Navigate between pages of the account list.
  • Invitation table columns:
  • Email address: The email the invitation was sent to.
  • Client: The application client that the invited customer will use to complete registration (typically "Organization Portal").
  • Status: Indicates whether the invitation is still valid ("Done") or expired ("Outdated").
  • Last sent: Shows when the invitation was most recently sent or resent.
  • Actions (︙): Opens the actions menu, which includes options to view, resend, or delete the invitation.

Role-based access management

Organization admin capabilities are defined by organization roles. Each role controls what a delegated admin can do within the portal, such as creating new accounts, verifying identities, or resetting authenticators.

Thanks to cross-organization grants, a single organization admin can hold roles in multiple organizations, even if their own account is only tied to one.

❗️

To be assigned an organization role, an admin account must exist in the same identity store as the customers and organizations they need access to.

Organization portal branding

By default, the branding policy applied to an application is automatically inherited by any organizations created within it. This means that the login and account management experiences in the Organization portal will follow the design settings configured in the associated branding policy.

However, you can override the default branding at the organization level without creating a new branding policy. To do this, go to:

Admin Console > Organizations > Select an organization > General tab > Branding section

Branding specific for an organization

Options to customize an organization's branding

Here, you can adjust elements such as the logo, background color, and header styles specifically for that organization. These settings take precedence over the base branding policy but are limited to predefined customization options.

For more extensive customization, such as modifying layouts, adding custom CSS, or injecting scripts, use the Branding policy editor under Policies > Branding in the left-hand menu on the dashboard and select the policy you want to edit. In the editor, select Organization portal from the Custom CSS or Additional script menus to apply advanced styling changes.

Selecting Organization Portal branding within the branding policy IDE

Selecting Organization Portal branding within the Branding policy editor