Configure organization attributes

Edit online

Organization attributes allow you to store additional metadata about each organization in your IBM® Verify tenant.

Before you begin

  • You must have administrative permission to complete this task.
  • Log in to the IBM Verify administration console.

About this task

Note:

Configuring organization attributes is not required to create or onboard organizations, but you can enable them to extend their IFA and invitation workflows with richer context.

These attributes are defined globally at the tenant level, while their values are configured by individual organization administrators.

Tenant administrators can use these attributes to customize access policies, flow designer tasks, and conditional logic that adapt the authentication experience based on an organization’s attributes.

Procedure

  1. Determine which attributes your organization needs.
    Use the metadata for:
    • Rounting users to the correct IdP.
    • Determining user flows.
    • Enforcing access policies.
    • Tagging organizations for reporting or life cycle management.
    • Passing information to applications during authentication.
  2. Create the custom organization attributes.
    The attributes must be created in the Verify directory before they can be referenced by flows or applications.
    1. Navigate to the Attributes page.
    2. Select Create attribute.
    3. On the Type and availability page, select Organization.
    4. Enter the attribute name.
    5. Enter the select data type.
    6. Select the validation type.
    7. Add the attribute.
  3. Assign attribute values to each organization.

    Each organization can set values for all defined attributes based on its own requirements.

    Ways to assign attributes:
    During the organization invitation workflow
    Attribute values can be populated automatically as part of onboarding.
    During organization creation or update operations
    Attributes can be added or modified when an organization is created or updated.
    Programmatically via APIs
    In automated environments, attribute values can be managed using the Verify identity APIs. Refer to the API documentation for implementation details.
    Examples of organization attribute values
    Each organization defines values for the same set of attributes.
    • Org A

      region = "North America"

      tier = "Enterprise"

      supportLevel = "Standard"

    • Org B

      region = "EMEA"

      tier = "Enterprise"

      supportLevel = "Premium"

    • Org C

      region = "APAC"

      tier = "SMB"

      supportLevel = "Standard"

    Examples of organization‑level MFA configuration

    Attributes can represent security‑related organization settings:

    • Org A

      orgMFASettings = "strict"

    • Org B

      orgMFASettings = "strict"

    • Org C

      orgMFASettings = "optional"

    These values can then be referenced by authentication policies or workflows to apply organization‑specific behavior.

  4. Optional: Use organization attributes in flows and policies.
    When attributes are defined and assigned, you can reference them anywhere Verify supports conditional logic. For example, you can:
    • Adjust IFA routing based on an organization’s characteristics.
    • Vary onboarding steps in your invitation flow.
    • Use organization data in adaptive access policies.
    • Include organization details in application claims.

    This helps you tailor authentication, onboarding, and access decisions to each organization.

  5. Validate and then test.
    Before inviting users confirm that:
    • Each organization has correct attribute values.
    • Flows correctly reference these attributes in routing or decision steps.
    • Any application claim mappings that rely on organization attributes behave as expected.
      Note: Flow designer's Trace view helps verify that attributes are being read and evaluated correctly during test runs.