Default organization on login

andrey-puhov · March 9, 2023, 11:20am

Hi. Is it any way for setting default login organization for web and boundary desktop? By default it’s global scope.

xingluw · March 9, 2023, 2:48pm

Hi @andrey-puhov, is is not something Boundary can currently do, but we are considering adding it. Are you looking for a default Org for all users, or a default Org per-client? That information would have to be saved in the browser or desktop client in that case. Another option is saving the last-used Org as the “default”.

andrey-puhov · March 10, 2023, 8:59am

Thanks a lot for the answer. We want to do this for all users when using a desktop client. In the desktop version, I have not yet found how to select default organizations. As I understand it correctly, this is the planned functionality

xingluw · March 10, 2023, 3:32pm

I am curious, how many Orgs do you have set up, and do they each have a different auth method?

andrey-puhov · March 13, 2023, 8:21am

In fact, I have two organizations, Global and MyORG(example). idc auth method is configured in MyORG. Therefore, I want to make it so that when connecting to my server via a desktop client, the user immediately has MyORG set up to log in so that they don’t get confused.

xingluw · March 13, 2023, 6:13pm

Thanks, and I am curious do you have an OIDC auth method configured for both scopes you mentioned? And why did you choose to have the users log in at the Org level instead of the Global level if you only have 1 Org?

macmiranda · March 13, 2023, 8:16pm

If I may share a bit of the experience we had at my current company, I think the naming convention for the scopes is sorta misleading in the sense that it does not make it immediately clear that one should:

use the global scope for any single-organization setup
multiple org scopes are only really useful if you actually intend to delegate the administration of those scopes to other teams.
orgs are nothing more than intermediate-level scopes between the global and projects level.
these scopes can represent anything, like different business units, different teams, or even different cloud accounts, if you like.

It takes a bit of trial and error to have those insights.

xingluw · March 13, 2023, 9:09pm

This is great feedback @macmiranda , thank you. We are currently working to improve our usability and scopes is one common area of confusion.

Orgs can be used in 2 similar ways:

To separate different organizations that have different auth methods
If you don’t have multiple auth methods, to separate projects into more defined groups

Topic		Replies	Views
OIDC configuration and managed group Boundary	4	266	September 28, 2023
Fields of oidc account Boundary boundary	4	617	July 16, 2021
Forbiden when making auth method primary Boundary	5	667	August 18, 2021
Boundary 0.3.0 and Boundary Desktop 1.1.0 Released! Boundary boundary-release	1	591	June 15, 2021
Boundary Desktop Client - 401 Boundary	0	339	December 2, 2021

Default organization on login

Related topics