Create organizations

You can create organizations in 10Duke SysAdmin.

Step 1: Create an organization

1. In SysAdmin in the left sidebar, go to IDENTITY > Organizations.

2. Select Actions > Create. A dialog opens.

3. In Name, define a name for the organization.

4. In Description (optional), write a short description.

5. In Type (optional), select a type that best matches the organization (company or project) or define a custom type by entering the name in the field.

   This field is only metadata for administrative purposes, it’s not used by the system.

6. Click Save to create the organization.

The organization’s details open below the table.

Step 2: Enforce multi-factor authentication (optional)

Multi-factor authentication can be enforced for the members of your organization, which means that users are prompted to activate the two-factor authentication before they can log in. This affects the new and existing end users and administrator users of the 10Duke SysAdmin and OrgAdmin tools.

To enforce the multi-factor authentication:

1. Go to the Security tab.

2. Enable the Enforce toggle.

If the toggle is disabled, the two-factor authentication is not required for the login.

Step 3: Define external IDs for the organization (optional)

By using external IDs, you can reference organizations using identifiers from external systems, rather than their native 10Duke Enterprise ID. This is useful when integrating with external systems (clients) or identity providers that maintain their own identifiers for organizations.

Each organization in 10Duke Enterprise can have zero or more external IDs, stored as key-value pairs. The key is typically the name of the external system (such as Salesforce or Microsoft Entra ID), and the value is the corresponding external organization identifier.

For example, a Salesforce account ID can be added as an external ID to a 10Duke Enterprise organization. This allows the client to use their Salesforce UUID when calling 10Duke APIs, for example when retrieving organization details, instead of the native 10Duke Enterprise organization ID.

For identity providers, the external ID can be used in response attribute mapping. For example, when users log in through an identity provider, such as Microsoft Entra ID, the tenant ID (tid claim) in the ID token can be matched against an external ID assigned to an organization. This allows 10Duke to automatically associate users with the correct organization, without needing to reference the native 10Duke Enterprise organization ID directly.

To define an external ID:

1. Go to the External IDs tab.

2. If defining an external ID for an OAuth client:

   • In Clients, select the client and enter the external ID. The external ID must be unique within that OAuth client.

   • Click Add.

3. If defining an external ID for an identity provider:

   • In Identity providers, select the identity provider and enter the external ID . The external ID must be unique within that identity provider.

   • Click Add.

You cannot edit external IDs. If changes are needed, delete the old external ID and create a new one.

To delete an external ID, click Delete next to it.

Step 4: Define custom properties for the organization (optional)

By using optional custom properties, you can attach your own metadata to the organization in 10Duke Enterprise, and refer to that metadata in API requests.

Custom properties are typically used with integrations to external systems. For example, with a CRM integration, you could attach the organization ID used in the CRM to the organization in 10Duke Enterprise.

To define a custom property:

1. Go to the Custom properties tab.

2. Enter the key-value pair in the fields and click Add. The key must be unique across the organization’s properties.

You cannot edit custom properties. If changes are needed, delete the old custom property and create a new one.

To delete a custom property, click Delete next to it. To delete all custom properties, click Delete all.

The API client is responsible for defining and managing the property key namespace.

Next steps

1. Create at least one entitlement for the organization.

2. Grant licenses to the organization.

3. Create user groups and users for the organization:

   • 10Duke Enterprise has automatically created a user group of type employees for the new organization, and you can create more user groups if needed. Authorize the user groups to access the organization’s licenses.

   • Invite users to the organization.

   • If the organization will be managing their licenses and users themselves in OrgAdmin, grant organization administrator access to the necessary users. You can use the OrgAdmin role that 10Duke Enterprise has automatically created for your new organization.

4. If the customer company manages their user data in an identity provider and wants to use that for user authentication, connect to the external identity provider from 10Duke Enterprise.

5. If the organization uses device-based licenses, create device client groups for the organization, authorize the groups to access licenses, and invite device clients to the groups.