Skip to main content

Organizations

Corvina is a multi-tenant SaaS: it allows multiple organizations (or tenants) to share the same instance of the application, as well as its associated resources. Each tenant's data is isolated and remain neither visible to nor accessible by other tenants.

Organizations can be arranged in a hierarchy, with one root organization and one or more child-organizations (sub-organizations).
An organization, sometimes also called a domain, is a collection of users, devices and other resources.
Every node (device, user, etc.) in one organization is completely separated from other organizations and it is not visible by other organizations belonging to other branches of the hierarchy and by children.

Use cases for organizations include:

  • the creation and management of multiple small companies in the same Corvina instance.
  • organize a large enterprise into smaller departments, that shall remain separate and host all of them on a single Corvina instance. Such a hierarchy structure greatly reduces the chance to put a device or a user in the wrong group or granting the user access policies to the wrong device.
  • organize entities in a supplier-customer relationship (like reseller, systems integrators, customers).

Example of enterprise hierarchy
While the design of a hierarchy of organizations is left to the administrator of the Corvina platform, as it can depend on different requirements, the following example presents some guidelines. Suppose there is a large multinational corporation, called acme with branches in different countries. Every country has a main office, which coordinates factories, laboratories, other offices, logistic points, and other facilities, located in various cities within the country.
This structure can be easily reflected into Corvina, in which every facility is created as a node in the hierarchy.
The root organization -the company itself- will be called acme.
Country branch offices are created as direct children of the root organization and named acme_uk, acme_it, acme_de.
Any facility will be named after the name of the city or town in which it is located and made a direct child of the country branch office. So, there will be organizations called acme_uk_london, acme_uk_liverpool, acme_it_milano, and so on.
In case more facilities are present in a location (like e.g., a factory and a logistic point), a separate node at a lower level of the hierarchy can be added: acme_uk_london_factory, acme_uk_london_warehouse.
The use of names to identify the various branches helps in keeping the structure of the corporation clear to Corvina's administrator.

The organization and its hierarchy is found in section IAM > Organizations: a table lists the organization itself and its first level sub-organizations. With keyboard_arrow_down you expand the next lower level and so on.
The columns list information related to the organization's resources:

  • Dealer: when enabled with , the organization has the capability to resell Corvina services.
  • Resources: icon signals that the organization must provide for its own resources with licenses; icon means that the organization receive resources from the parent organization. This property is set when creating the organization (see Create organizations).
  • Organizations: resources already used vs resources available. When hovering the mouse over the pie chart or the value, details of the consumption is displayed (see picture below), decomposing resources among those consumed by the organization itself, those shared with the sub-organization and those licensed (only for dealer organizations). See Resources for details.

  • Users: number of users already defined vs total number of users available.
  • Devices: number of devices already defined vs total number of devices available.
  • VPN months: number of VPN months already consumed vs total number of VPN months available.

In the tab bar, the icon make visualization of resources switch between chart format (pie charts) and numeric format.

Create organizations

Your own organization must be created by your parent organization administrator.
Organizations may have different properties according to their type:

  • simple organization: you are not able to create licenses for resources (VPN months, IoT credits, etc.) in the platform; instead, resources are shared with you by your parent organization that also may set limits on the quantity available for each (max number of sub-organizations, users, device, VPN months). Also, no branding is available.
  • dealer PaaS: you have a second level hostname (like yourcompany.app.corvina.io) and you can customize the UI of the platform in terms of colors, logo, and login image.
  • dedicated PaaS: you get a private instance of Corvina (however, the platform infrastructure is still managed completely by the Corvina team) where you can customize also terms of use and privacy policies.

Click in the tab bar to add a child organization.

In the side panel that opens, enter a label and a name for the new organization; by default they are set the same. Once created, the name cannot be changed since it is used as an internal identification tag. Instead, the label is displayed in the navigation bar and may be changed at a later time. Set the following properties for the organization:

  • Has hostname: if enabled, the hostname field defines a second level hostname for the new organization (i.e hostname=test --> test.app.corvina.io).
  • Allow full privacy: if enabled, the new organization has the option to hide all its data to the parent organization with the exception of consumption information.
  • Lives on own Resource: if not enabled, the parent organization shares its resources with the new one. When it is enabled, resources are assigned with separate licenses.
  • Store Enabled: the new organization have access to the Corvina store and is able to install applications from there.
  • IP Filtering: when enabled, define a range of IPs allowed to access the cloud platform.

Organizations with full privacy

A sub-organization may have the capability to fully hide its data.
To do so, you need to follow the procedure:

  1. the parent organization set the Allow full privacy option for the sub-organization.
    In the example in the picture, Allow full privacy is enabled for sub-organization "mychild".

  1. Login into the sub-organization ("mychild" in the example), go to IAM > Organizations and open the Modify Organization panel with .

  1. Enable the additional property Require full privacy. If you leave this property disabled, the Allow full privacy option has no effect.

When you log back into the parent organization and you go to IAM > Organizations, the sub-organization that required full privacy is now grayed out, only consumption values are displayed. For example the organization tree below "mychild" is not visible. Also, in the organization menu in the top bar "mychild" is not visible, meaning that that sub-organization is not accessible any more.

This property can be reverted by disabling the Require full privacy option.

Organizations that get resources from parent

When Lives on own resources is not enabled (as in the picture above), the fields in the panel define the limits of the resources assigned to the new organization. the number of sub-organizations that can be created, the number of users, the number of connected devices and the number of VPN months.

Organizations with licenses

Instead, when Lives on own resources is enabled (as in the picture below), the panel displays the fields for entering the license number. Once a valid license code is entered, its type and expiration date are also shown.

Modify an Organization

Click to change the properties of the organization as explained in the previous section.

Access sub-organizations

In the navigation bar, expanding the organization field, the drop-down menu lists sub-organizations for which the user has access authorization (see Roles).

Select a sub-organization from the drop-down menu: the platform context switches to the selected sub-organization.

Resources

Resources available for an organization may be consumed directly by the organization itself or by sharing some of them to sub-organizations. So, for example, when an organization creates a sub-organization that shares resources, the organization consumes directly one organization. Also, let's say that it grants the sub-organization to create 5 sub-organizations, to have 15 devices, 15 users and 36 months of VPN. All these resources (5 organizations, 15 devices, 15 users and 36 VPN months) are consumed indirectly by the main organization; they are shared with the newly created child organization.
The child organization may in turn share its own resources for example creating up to five sub-organizations, or less if it grants resources of type organization to one or more of its children.
In any case, any organizations in the hierarchy cannot grant to its children more resources than the owned ones. If the sub-organization is deleted, resources are returned to the parent organization, except for VPN months already utilized.

Resources for organizations that get resources from parent

The tab Resources displays the current resources' balance. In either chart or numeric format (toggled with ), for each resource type is displayed the quantity remaining to the organization and, by hovering the mouse over the chart or the value, the total quantity already used (including shared) over the one available.

NOTE

For organizations of this type, only the parent is able to add resources.

Resources for organizations with licenses

For those organizations that are allowed to get resources via licenses, the section opened by the tab Resources displays the list of valid licenses. For each license the serial number, the expiration date and the details about the resources are shown.
Click in the tab bar to show expired licenses.
A license may be issued with autorenew enabled ( checked): at expiration, its validity is automatically extended for a given amount of time, without the need for the organization to add new licenses.

For these type of organizations resources are added with a license that can be gotten separately.

tip

Contact your sales representative for resources' licenses.

Once you get a license, you redeem it in the platform for releasing the associated resources. To do so, click in the tab bar; in the side panels enter the serial number of the license. If correct, new resources associated to that license are displayed.

Move devices across organizations

It may be convenient to move devices across organizations to better manage devices. It is possible to do so by following these steps:

  1. Go to IAM > Organizations and select the destination organization, or, in other words, which organization you want your device to belong to. In Actions click and press Generate import token. The token is copied into your clipboard.

  1. In the source organization, from where you want to move the device, go to Devices > Manage. In Actions click and press Move device.

  1. In the side panel that opens, paste the token that you have previously generated and confirm. The device belongs now to the organization that you have selected.

NOTE

The token is valid only for 10 minutes.

You can move devices only across organizations that share a common root: for example from parent to child or between children of the same parent organization.

IMPORTANT

IoT data are lost when moving a device.

Consumptions

In the IAM > Organization > Consumptions section actual consumptions for the different resources are displayed over time.

tip

You can change the reference organization from the navigation bar. The Consumptions tab is updated accordingly.

In the breadcrumb bar, with the calendar widget, you select the time interval in which to show consumptions. You can select either among predefined periods of time (in the upper bar of the widget) or selecting the period of interest from the calendar.
You need the confirm your choice with

Also in the breadcrumb, by clicking the appropriate icon, you can hide or show the corresponding chart.

With you download the information as a cvs file.

When you hover the mouse over a bar of the chart, tags are overlaid that show detailed values and date.

For each resource type, click or to toggle between a graphic or a table representation of data.
The table shows the time instants where variations in the value have occurred; the bar chart shows values aggregated over time.

Every chart can be displayed either for the single organization or including also its descendants: in the tab bar click or , respectively.

How to read consumptions

The bar chart depicts the resource effectively consumed by the organization, which may differ from what the resource counter in the navigation bar displays.
Let's consider, as an example, the organization chart in the picture above. The red line represents the limit value for organizations that can be created overall (5), while the bars represents organizations belonging to the organization itself and, in orange, organization down the hierarchy (3 and 1 respectively).
From the resource counter in the navigation bar (see picture below) the organization allocated are 8, 3 for the organization itself and 5 shared with sub-organizations.

In fact, let's switch to the Organizations tab. As hierarchy shows, the main organization has 3 children and 1 grand-child, which corresponds to the bar chart content.
By looking at each sub-organization, the first one cannot create org, the second can create 3 sub-orgs, the third can create 2 sub-orgs, it has one and has given to this latter the possibility to create one sub-org. In summary, there are 4 organizations already created and 4 that potentially can be created by the sub-organizations, that adds up to 8 as displayed in the resource counter.

Forecasts

You can get an estimation of future consumptions for a selected period of time: click Forecast Time in the breadcrumb area. From the drop down menu select the desired time period.

The light blue line forecasts future values of consumption for the resource based on past values.