Securing organization credentials

An organization credential is a user name and password authentication token that is bound to an organizational identity. Use Organization Credentials to manage all your organization credentials.

Organization credentials are created and managed by a user with Master Account administrator permissions, and can be reused by exchange profiles, receiver endpoints, and destination endpoints. Each set of organization credentials is uniquely named so they are easily differentiated. You can also optionally include a description for each set of credentials.

Organization credentials synchronize organization authentication information between your system and your partners to facilitate greater interoperability in your trusted relationships with partners. The use of these credentials promotes confidence in the organization identities that are presented to your system. Additionally, they reliably authenticate your partners when they pull messages from your organization.

After you create organization credentials for a partner, you must safely share those credentials with the partner. Then, when your partner pulls messages from you, they present those credentials for authentication. Successful authentication requires your partner to prove their identity with the token. This type of authentication mitigates the potential for eavesdropping, replay, and other online attacks.

You can also associate SSH public keys to organization credentials to secure SFTP exchanges. If you choose to associate a public key to a user's credentials, communications are further secured by public-key cryptography, in addition to traditional password authentication. You can view which organization credentials are associated with a particular SSH key on the SSH Keys collection page.