When a new Organization is created, it contains a single user group and an administrator user who belongs to that user group. This administrator user sets up authentication for the Organization including setting up an OpenID Connect (OIDC) Identity Provider and mapping users.
To access the data in the Organization and its API resources, the users use the Organization’s hostname that is assigned to the Organization when it is created. For authentication, all the users use the OIDC Identity Provider that the administrator user set up.
Access-control lists (ACLs) that prevent users from viewing and editing all entities in the Organization are currently not available and will be delivered in future releases.
Because GoodData.CN is deployed to Kubernetes, the lifecycle of the Organization is tightly coupled with the Ingress resource that is responsible for mapping incoming requests to the services for the Organization’s hostname. TLS is also configured using Ingress resources.