Configure settings for your organization or sub-organizations on the Organization page. To access the Organization page, in Administrator, select Organization.
The following image shows the Organization Settings page:
You can configure the following settings:
•General properties such as organization name, description, number of employees, and address information.
•Authentication information and connection properties storage.
•Connection credentials and where they are stored.
•Fingerprint authentication enforcement.
•Data Integration service properties such as the time zone and default addresses for email notifications.
•CLAIRE™ recommendation preferences. If enabled, CLAIRE provides design time recommendations based on collected metadata.
•Enterprise Data Catalog integration properties such as the URL of the Enterprise Data Catalog Service, runtime environment that reads data from Enterprise Data Catalog, and Enterprise Data Catalog user name and password.
Organization general properties
You can configure general properties for your organization and sub-organizations. General properties include information such as the organization name, ID, description, address, and number of employees. History information for the organization is also displayed in the general properties.
The general properties include the following information:
Overview information
The following table describes the overview properties:
Property
Description
Name
Name of the organization.
If you change the organization name, the new name appears on the Organization menu after you log out and log back in.
ID
ID assigned to your organization when it was created. You cannot change an organization ID.
Parent Organization ID
When you view a sub-organization, this property displays the ID assigned to the parent organization. You cannot change an organization ID.
Organization Status
When you view a sub-organization, this property indicates whether the sub-organization is enabled or disabled.
Environment Type
Environment type for the organization, either Production, QA, Development, or Sandbox.
Informatica Intelligent Cloud Services sets the environment type in the following ways based on how you create the organization:
- When you create your organization by starting your free trial, the environment type is Production.
- When you create an additional production organization, the environment type is Production.
- When you create a sandbox organization, the environment type is Sandbox.
There is no difference in functionality among the environment types.
Description
Optional description of the organization.
Number of Employees
Number of employees in the organization.
Deny parent organization access to this sub-organization
When this option is checked, users in the parent organization cannot switch from the parent organization to the sub-organization. Users in the parent organization with the appropriate privileges can make only the following changes to the sub-organization:
- Enable and disable the sub-organization
- Update the sub-organization licenses
- Edit the sub-organization properties such as the organization description and CLAIRE recommendation preferences
This option is displayed on the Organization page for sub-organizations. This option can be changed when an administrator in the sub-organization logs in to the sub-organization. This option is read-only when a parent organization administrator views the organization properties for the sub-organization.
This option is unchecked by default.
Address information
Use the address properties to specify the street address, zip code, state, and country of the organization.
History information
The organization history information displays the date and time that the organization was created, the user who created the organization, the date and time that the organization was last updated, and the user who last updated the organization. Informatica Intelligent Cloud Services updates the history information when you make changes to the organization.
Authentication properties
You can configure authentication properties for your organization and sub-organizations. Authentication properties control password restrictions and IP address filtering.
Password restrictions are enforced when users create or change their passwords. If you change the password expiration date from "never" to a number of days, then users with passwords that are older than the number of days will be required to change their passwords the next time that they log in to Informatica Intelligent Cloud Services.
The following table describes the authentication properties:
Property
Description
Minimum Password Length
Minimum password length required for a valid password. Must be a number between 4 and 12 characters.
Minimum Character Mix
Minimum number of character types required for a valid password.
Passwords can contain a mix of the following character sets:
- Lowercase alphabetic characters
- Uppercase alphabetic characters
- Numeric characters
- Special characters
For example, if you set Minimum Character Mix to 1, then passwords must contain at least one of the character sets. If you set Minimum Character Mix to 2, then passwords must contain at least two of the character sets.
Password Reuse
Controls whether users can reuse passwords.
Password Expires
Determines how often users must reset their passwords.
Session Idle Timeout
Amount of time before a user's session times out due to inactivity. Informatica Intelligent Cloud Services displays a warning message to the user 60 seconds before the user is logged out.
Default is 30 minutes.
Use Trusted IP Ranges
Enables IP address filtering.
IP address filtering uses trusted IP address ranges in addition to account passwords to prevent unauthorized users from accessing your organization. When you enable IP address filtering, a user with a valid login must also have an IP address within the range of trusted IP addresses, or the user cannot log in to your organization.
When you enable this option, you must also enter one or more trusted IP address ranges.
Allowed Trusted IP Ranges
The trusted ranges of IP addresses from which users can log in to access the organization. Informatica Intelligent Cloud Services supports IP address formats in IP version 4 (IPv4) and version 6 (IPv6).
Fields for the trusted IP address range appear when you enable IP address filtering. To enter additional address ranges, click +.
Note: If you enter an invalid IP address range, users cannot access your organization. Contact your network administrator for valid IP address ranges.
Connection properties storage
You can configure where to store the connection properties for your organization and sub-organizations. To specify where to store the connection properties, configure the Connection Credentials on the Organization page.
You can store connection properties in either of the following locations:
Informatica Cloud
When you store connection properties on the cloud, the connection properties are stored in the Informatica Intelligent Cloud Services repository and are always available. The connections are encrypted by the Informatica Intelligent Cloud Services key management service.
Informatica Intelligent Cloud Services backs up connection properties regularly as part of standard backup procedures.
Local Secure Agent
You might store connection properties with a local Secure Agent if you need the connection properties to reside within your firewall. When you enable this option, the properties for all connections that are listed on the Connections page are stored with the local agent.
Note: In organizations subject to FedRAMP, you can't store connection properties with a local Secure Agent.
If you choose this option, you can store connection properties with one Secure Agent. Connection properties are stored in the following directory:
When you store properties with a local Secure Agent, the Secure Agent must be running so that tasks can run and users can work with connections. Back up connection properties regularly to prevent loss of data. A best practice is to back up connection properties after you change the location or the encryption key for connection properties.
The connections are encrypted by the Informatica Intelligent Cloud Services key management service. Informatica Intelligent Cloud Services uses CBC (Cipher Block Chaining) mode 256 AES encryption to store the connections.
If you use an external secrets manager like AWS Secrets Manager or Azure Key Vault to store sensitive connection credentials, you need to set the connection credential storage to Informatica Cloud. When you do this, sensitive credentials are retrieved from the secrets manager and other connection properties are stored in the Informatica Intelligent Cloud Services repository. You can't use a secrets manager if you store connection credentials on a local Secure Agent. For more information about secrets manager configuration, see Secrets manager configuration.
You can change where you want to store connection properties. When you do this, Informatica Intelligent Cloud Services moves the connection properties to the appropriate location. For example, your license expires, so you configure the organization to store connections on the cloud. Informatica Intelligent Cloud Services moves the connection properties from the local Secure Agent to Informatica Intelligent Cloud Services.
Fingerprint authentication properties
You can enforce a fingerprint authentication every time the Secure Agent starts. An authentication failure can trigger an email alert but allow normal operations, or it can disallow agent startup.
To set the authentication mode, configure the options in Fingerprint Authentication on the Organization page.
You can configure these levels of authentication enforcement:
No enforcement, no notifications
Disable fingerprint enforcement and don't specify an email address.
No authentication check is performed when the Secure Agent starts up. This is the default.
Report violations only
Disable fingerprint enforcement and specify an email address. The email format is checked, but the validity of the email address isn't verified. Be sure to allow emails from the address "admin@informaticacloud.com".
An authentication check is performed during Secure Agent start up. Any fingerprint mismatch triggers a notification to the email recipient, but the agent starts up normally.
Enforce authentication match
Set fingerprint enforcement to On and specify an email address. The email format is checked, but the validity of the email address isn't verified. Be sure to allow emails from the address "admin@informaticacloud.com".
Any fingerprint mismatch triggers a notification to the email recipient and the Secure Agent log in is prevented from starting up.
Note: An email address is required if enforcement is turned on.
A fingerprint is created the first time a Secure Agent starts up, using device attributes from the agent's host machine. The data is anonymized and hashed to produce a unique fingerprint. When switching from no enforcement to any other level of enforcement, the Secure Agent generates a fingerprint the first time it starts up.
If you reinstall the Secure Agent on the same machine, the fingerprint doesn't change.
The following table summarizes what happens when fingerprint enforcement prevents the Secure Agent from starting up:
Action
Message
Error is logged to agentcore.log
"Internal error. Agent <Secure Agent ID> fingerprint is not matching with the previous stored value for request <Request ID>."
Email notification is sent (if an email address was specified)
"There was a fingerprint mismatch while logging in agent with name <Secure Agent name> for Organization <Organization ID>. The agent was last active on <Date in UTC>."
Data Integration service properties
Data Integration service properties are used by Data Integration. Configure these properties to set the time zone and default email addresses for job notifications.
You can set the following Data Integration service properties:
Jobs properties
The following table describes the jobs properties:
Property
Description
Schedule Offset
A small amount of time that is added to schedule start times to help prevent server overload at standard schedule start times. An organization has a single schedule offset that is applied to all schedules. The schedule offset does not affect the start time of manually started tasks or taskflows. You cannot change the schedule offset.
Even though it is not displayed in the schedule details, the schedule offset for your organization is added to the time range configured for all schedules. This ensures that scheduled tasks run as often as expected. For example, you configure a schedule to run every hour from 8:00 a.m. to 12:00 p.m., and the schedule offset for your organization is 15 seconds. Your schedule runs at 8:00:15, 9:00:15, 10:00:15, 11:00:15, and 12:00:15.
Time Zone
Time zone used to display job execution time stamps in email notifications.
Default email notifications properties
Configure the default email notifications properties to set the default email addresses to use for job failure, warning, and success messages. Enter one or more valid email addresses. Separate email addresses with a comma (,) or semicolon (;).
You can also set email notification properties at the task level. When you set email notifications in a task or taskflow, Informatica Intelligent Cloud Services sends email to the addresses in the task or taskflow instead of the addresses configured for the organization.
CLAIRE recommendation preferences
Enable CLAIRE recommendations to allow in-product recommendations for mapping design based on analysis of metadata from your organization's assets and assets from other Informatica Intelligent Cloud Services organizations. The metadata collected and processed by the CLAIRE engine is anonymous.
The default setting for CLAIRE recommendations is "Enabled." When you disable CLAIRE recommendations, recommendations are disabled for all users within your organization. You can enable or disable recommendations for your organization at any time.
Enable and disable CLAIRE recommendations for sub-organizations from within the sub-organization.
When you enable CLAIRE recommendations, Data Integration users can disable recommendations for individual mappings in the mapping designer.
If your organization uses Advanced Integration, enabling CLAIRE recommendations enables the following features:
•CLAIRE-powered configurations, CLAIRE insights, and CLAIRE recommendations for advanced clusters
•CLAIRE-powered runtime strategies and CLAIRE Tuning for mapping tasks that are based on mappings in advanced mode
•CLAIRE recommendations for jobs that run mappings in advanced mode
Enterprise Data Catalog integration properties
If your organization uses Data Accelerator for Azure or data catalog discovery in Data Integration, you can configure Enterprise Data Catalog integration properties for your organization and sub-organizations. Configure Enterprise Data Catalog integration properties so that users can use catalog assets in mappings, synchronization tasks, file ingestion tasks, and Azure data sync tasks.
The Enterprise Data Catalog integration properties that you configure for the organization apply to the data catalog searches that all users in the organization perform. If your organization includes sub-organizations, you can configure different Enterprise Data Catalog integration properties for the parent organization and for each sub-organization.
The following table describes the Enterprise Data Catalog integration properties:
Property
Description
Catalog URL
URL of the Enterprise Data Catalog Service. Use the following format:
http://<fully qualified host name>:<port>
Do not append /ldmcatalog at the end of the URL.
Runtime environment
Name of the Secure Agent group that is used to read data from Enterprise Data Catalog.
The agents in the group that you select must be able to communicate with Enterprise Data Catalog. Therefore, the Enterprise Data Catalog host must be in the same network as the agent machines or it must have the appropriate ports open for communication.
User name
Enterprise Data Catalog user account that the Secure Agent uses to access Enterprise Data Catalog.
This user account must have privileges to view and search for objects in Enterprise Data Catalog and to perform functions using the Enterprise Data Catalog REST API.
Password
Password for the Enterprise Data Catalog user account.
Show the data catalog
Shows and hides the Data Catalog page in Data Integration.
