Organization Settings

Organizations contain user accounts within a single tenant on the Tetra Data Platform (TDP). Your user account's organization (for example, TetraScience) displays at the top left of the TDP user interface under ORGANIZATION. If you belong to more than one organization, you can select the organization name to open a search dialog that allows you to search for and switch to the other organizations that you belong to by entering either their orgslug or name.

To view and manage your membership in one or more organizations, see Account Details.

Organization administrators can configure the following actions at the organization level on the Organization Settings page:

Organization administrators can also Create and manage organizations by using the Manage Organizations page.

πŸ“˜

NOTE

All TDP organizations have the following attributes:

Access Organization Settings

To view your organization's current settings, do the following:

🚧

IMPORTANT

To configure organization settings, you must sign in to the TDP as an Org Admin user.

  1. Sign in to the TDP as a user with an Org Admin role.
  2. In the left navigation menu, choose Administration. Then, choose Organization Settings. The Organization Settings page appears.

Organization Settings page

πŸ“˜

NOTE

The organization's name, compliance settings, and slug display at the top of the page. Login Users and Service Users are listed in separate tabs, which include information about their roles, statuses, and JSON Web Tokens (JWTs).

Rename an Organization

To rename an existing organization, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. On the Settings tab, in the ORGANIZATION NAME section, select the Edit button. A Rename Organization dialog appears.
  3. For ORGANIZATION NAME, enter the organization's new name.
  4. Choose Rename.

Configure Default Search Settings for an Organization

To configure default Search settings for you organization, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. On the Settings tab, in the SEARCH section, select the Edit button. An Edit Search dialog appears.
  3. Select default search settings for your organization. For more information, see Filter Options for Search.
  4. Choose Next. A DEFAULT SEARCH COLUMNS pane appears. This pane lets you rename the columns in your default search results or adjust their width, if desired. You can either use and edit any of the default, recommended search columns provided, or select the Use Custom Columns toggle to create your own search result columns, which also provide the ability to hide specific columns.
  5. Choose Finish.

πŸ“˜

NOTE

When you use recommended columns, the system will automatically generate columns based on the filters you're using. New columns will be automatically added or removed when the filters are changed. You can adjust the order and width of the columns, but you can not add or remove columns. When you use custom columns, you must manually add or remove columns. Columns will remain unchanged when filters are changed. You can specify the text of the column heading as well as modify the columns' order and widths.

Configure Compliance Settings for an Organization

🚧

IMPORTANT

Make sure that you deactivate the Audit Trail for development environments only. If you deactivate the Audit Trail for production environments, you may not be able to satisfy GxP quality guidelines and regulations.

To activate or deactivate Audit Trail settings for an organization, or to require users to enter a reason for changes to your organization's Audit Trail, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. On the Settings tab, in the AUDIT TRAIL section, select the Edit button. An Edit Audit Trail Settings dialog appears.
  3. Configure the following settings:
  4. Choose Save.

For more information, see Compliance Settings.

πŸ“˜

NOTE

The Audit Trail feature is activated for each organization by default. Requiring a Change Reason for Audit Trail changes is an optional setting that requires a GxP license through TetraScience, and isn't activated by default.

Configure Data Access Rules for an Organization

To provide more control over who has access to specific data sets within a TDP organization, organization administrators can define metadata-driven Data Access Rules through Access Groups. By activating Data Access Rules, organization admins can then configure data access permissions for multiple users through Access Groups based on specific file attributes.

Activate Data Access Rules for an Organization

🚧

IMPORTANT

Data access remains open to all TDP users within an organization until an organization administrator configures Access Groups for that organization. After access groups are activated for an organization, all users within that organization must be assigned to an access group; otherwise, they won’t have access to the TDP.

To activate Data Access Rules for an organization, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. On the Settings tab, in the DATA ACCESS RULES section, select the Edit button. The Edit Data Access Rules Settings dialog appears.
  3. Move the Data Access Rules toggle to the right. Then, choose Save.
  4. Configure Access Groups by following the instructions in Create Access Groups.

Create Access Groups

To create an Access Group and configure Data Access Rules for its members, do the following:

Step 1: Create an Access Group and Configure Its Data Access Rules

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. Choose the Access Groups tab. The Access Groups tab appears.
    Access Groups tab
  3. Choose Add Access Group. The Add Access Group dialog appears and displays a Properties section.
    Add Access Group dialog Properties section
  4. For ACCESS GROUP NAME, enter a name for the access group.
  5. For ACCESS GROUP DESCRIPTION, enter a brief description of the access group.
  6. (Optional) To have the new access group activated immediately after it's created, move the ENABLE ACCESS GROUP toggle to the right.
  7. Choose Next. The Data Access Rules section appears.
    Add Access Groups dialog Data Access Rules section
  8. Configure DATA ACCESS RULES for the access group by doing the following:
    • In the AND field, either select the Boolean operator that you want to apply to the data access rule (AND or OR), or choose ALL to grant the access group access to all of the organization's data.

      🚧

      IMPORTANT

      It's recommended that organization administrators first create an Access Group for their own account that includes the ALL access rule. This ensures that org admins aren't locked out of any of their organization's data after Data Access Rules are activated for their organization.

    • In the Select a filter type field, select an attribute filter type for the rule. Two additional fields appear to the right of the filter type.
    • In the is field, select if you want the rule to match the filter value (is), or if you want the rule to exclude group users from viewing files that include the filter value (is not).
    • In the blank field that appears to the right, select a value for the filter.
  9. (Optional) To add more data access rules, select the plus (+) icon. Then, configure the new rule(s) by repeating step 8.
  10. Choose Finish.

Step 2: Add Users to the Access Group

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. Choose the Access Groups tab. The Access Groups tab appears and displays the new access group that you created.
  3. Select the new access group. Then, select the Users tab.
  4. Choose Add Users. A list of all of the login users within the organization appears.
  5. Select the check box next to the login users that you want to add to the access group.
  6. Choose Save.

Edit an Access Group

To edit an Access Group and configure Data Access Rules for its members, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. Choose the Access Groups tab. Then, in the ACCESS GROUPS section, select the access group that you want to edit.
  3. In the ACTIONS section, choose Edit Access Group. The Edit Access Group dialog appears.
  4. Edit the access group's name and description. Then, choose Next.
  5. Edit the access group's data access rules. For instructions, see step 8 in Create Access Groups.
  6. Choose Finish.

πŸ“˜

NOTE

Non-admin users can view the Data Access Rules for the Access Groups they belong to under My Account in the TDP user interface.

Delete an Access Group

To delete an Access Group, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. Choose the Access Groups tab. Then, in the ACCESS GROUPS section, select the access group that you want to delete.
  3. In the ACTIONS section, choose Delete Access Group. A dialog appears that asks you to confirm that you want to delete the access group.
  4. Choose OK.

Manage User Accounts

Organization administrators can manage User accounts through the following actions on the Organiztion Settings page in the Login Users tab:

Login Users tab

Filter User Accounts

To filter the list of user accounts on the Organization Settings page, you can do any of the following:

  • To search for a specific user, enter their username in the USER column search box.
  • To display users by their role type, select the role type that you want to filter by from the USER ROLE column drop-down list.
  • To display either active or inactive users on the list only, chose either Active or Disabled from the USER STATUS column drop-down list.
  • To display users by their personal JSON Web Token (JWT) status, select the token status that you want to filter by from the TOKEN STATUS column drop-down list.
  • To display users by the date that their personal JWT was created, select the date that you want to filter by from the TOKEN CREATED column drop-down list.
  • To display users by the date their personal JWT expired, select the date that you want to filter by from the TOKEN EXPIRY column drop-down list.

Add a New User

To create a new user within an organization, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. On the Login Users tab, choose Add Login User. The Create Login User dialog appears.
  3. Add the first name, last name, email, and password for the new user. Then, assign an organization role to the user.
  4. Choose Create.

πŸ“˜

NOTE

As an Org Admin, you can allow users to be members of multiple organizations with different permissions. You can also customize access to the TDP for sensitive projects and teams specific to your company. When a user first logs in to the TDP, the user defaults to the organization with the highest level of access. If multiple organizations exist with the same level of access, then their access defaults to one of the listed organizations, based on alphabetical order.

Edit a User Role

To edit a login user's organizational role, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. Select the Login Users tab. A list of all of the current organization's login users appears.
  3. Locate the user that you want to edit. Then, on the right of that user's row, select the hamburger menu icon. A menu appears.
  4. Choose Edit User. The Edit Login User dialog appears.
  5. Select an organizational role for the user.
  6. Choose Save.

Deactivate or Delete a User Account

πŸ“˜

NOTE

You can deactivate a user's account to a particular organization. If the same user has access to multiple organizations, then their access to those other organizations isn't deactivated.

To deactivate or delete a login user's account, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.

  2. Select the Login Users tab. A list of all of the current organization's login users appears.

  3. Locate the user that you want to deactivate or delete. Then, on the right of that user's row, select the hamburger menu icon.

  4. To deactivate the user's account, choose Disable User.

    -or-

    To delete the user's account, choose Delete User.

  5. A warning message appears that asks you to confirm the action. To confirm the action, choose OK.

🚧

IMPORTANT

If you delete a user's account, you can't reactivate it. Instead, you must create a new user account for the user to reactivate them.

Activate a Deactivated User Account

To activate a deactivated login user's account, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. Select the Login Users tab. A list of all of the current organization's login users appears.
  3. Locate the user that you want to reactivate. Then, on the right of that user's row, select the hamburger menu icon. A menu appears.
  4. Select Enable User.

Reset User Account Passwords

To request that a login user resets their account password, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. Select the Login Users tab. A list of all of the current organization's login users appears.
  3. Locate the user whose password you want to reset. Then, on the right of that user's row, select the hamburger menu icon. A menu appears.
  4. Choose Reset password. A warning message appears that asks you to confirm that you want to send the user an email to reset their TDP password.
  5. Choose OK.

Log Out an Active User

To force an active user to log out, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. Select the Login Users tab. A list of all of the current organization's login users appears.
  3. Locate the user that you want to force to log out. Then, on the right of that user's row, select the hamburger menu icon. A menu appears.
  4. Choose Log Out User. A dialog appears asking you to confirm that you want to force the selected login user to log out.
  5. Choose OK.

Manage Service Users

Organization administrators can manage Service User accounts (service accounts for applications integrated with the TDP) through the following actions on the Organiztion Settings page:

Service Users tab

Service Users Tab Fields

The following table describes the fields in the Service Users tab.

FieldDescription
+ Add Service UserAdd a service user
Hamburger menuEdit User, Disable user, Generate Token
UserLists the user name (includes a search field)
User RoleFilters the list of users to display on the page: Administrator, Member, or Read Only.

Note: Select All (default) to show all user accounts
User StatusFilters the list of users to display on the page: Active or Disabled. Select All (default) to show all user accounts.
TokenDisplays the token generated for the service user (you can copy the token to your clipboard)
Token StatusFilters the list of users to display on the page: Active, Disabled, Expired or No Token user accounts

Note: Select All (default) to show all user accounts
Token CreatedIndicates when the token was created
Token ExpiryIndicates the expiration date for the token, if there is one (has a date filter)

Add a Service User

To add a new service user, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. Select the Service Users tab. A list of all of the current organization's service users appears.
  3. Choose Add Service User. The Add Service User dialog appears.
  4. For NAME, enter a name for the service user.
  5. For ORGANIZATIONAL ROLE, choose a role for the service user.
  6. For TOKEN EXPIRES, enter the amount of time in days that the service user's access token automatically expires. You can choose any expiration period between 1 and 720 days. An expiration date is required for all access tokens.
  7. Choose Add.

Edit a Service User Role

To edit an existing service user role, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. Select the Service Users tab. A list of all of the current organization's service users appears.
  3. Locate the service user that you want to edit. Then, on the right of that service user's row, select the hamburger menu icon. A menu appears.
  4. Choose Edit User. The Edit Service User dialog appears.
  5. Select an organizational role for the service user.
  6. Choose Edit. Then, edit the service user's role.

Deactivate or Delete a Service User

To deactivate or delete a service user account, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.

  2. Select the Service Users tab. A list of all of the current organization's service users appears.

  3. Locate the service user that you want to deactivate or delete. Then, on the right of that user's row, select the hamburger menu icon. A menu appears.

  4. To deactivate the server user's account, choose Disable User.

    -or-

    To delete the service user's account, choose Delete User.

Activate a Service User

To activate a service user account, do the following:

  1. Open the Organization Settings page as a user with an Org Admin role.
  2. Select the Service Users tab. A list of all of the current organization's service users appears.
  3. Locate the service user that you want to activate. Then, on the right of that service user's row, select the hamburger menu icon. A menu appears.
  4. Select Enable User.

Generate a JWT for a Service User

πŸ“˜

NOTE

You can generate a JWT for a service account, regardless of your TDP user role.

To generate a JSON Web Token (JWT) for a service user account, do the following:

  1. Open the Organization Settings page.
  2. Select the Service Users tab. A list of all of the current organization's service users appears.
  3. Locate the service user that you want to generate a JWT for. Then, on the right of that service user's row, select the hamburger menu icon. A menu appears.
  4. Choose Generate Token. The Generate New Token dialog appears.
  5. In the TOKEN EXPIRES field, enter the number of days that you want the token to be valid for (1 to 720 days).
  6. ChooseGenerate token.
  7. Choose Copy Token to copy the token to your clipboard.
  8. Choose OK.

🚧

IMPORTANT

For security reasons, the OAuth 2.0 authentication method introduced in TDP v4.0.0 doesn’t allow the following:

  • Non-expiring Service User tokens are no longer allowed. All access tokens must have an expiration date.
  • Users can no longer copy access tokens from the TDP user interface after a token is generated. Users can now copy access tokens when they’re first generated only.