# Manage Access at Organizational Unit (OU)

### Scope <a href="#scope" id="scope"></a>

This document explains how administrators manage user access at the **Organizational Unit (OU)** level in Oten Admin, including:

* Creating Organizational Units
* Managing members within an OU
* Applying and inheriting security policies (MFA, Password, Session)

***

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

If you are new to Oten Admin, start by understanding the following concepts:

* **Organizational Units (OU)** are used to group users logically (by team, department, or function).
* OUs can be structured hierarchically (parent–child relationship).
* Security and access policies can be inherited from parent OUs.

To begin, navigate to the **Organizational units** section in the Admin dashboard.

***

#### Purpose <a href="#purpose" id="purpose"></a>

The purpose of this document is to help administrators:

* Organize users into structured units
* Manage access and security policies at scale
* Reduce manual configuration at the individual user level

***

#### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before proceeding, make sure that:

* You have **Admin** or **Organization Admin** permissions
* An Organization and at least one root OU already exist
* Users have been created in the system

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

#### 1. Open Organizational Units <a href="#id-1.-open-organizational-units" id="id-1.-open-organizational-units"></a>

* Log in to **Oten Admin**
* From the left navigation menu, select **Organizational units**

***

#### 2. Create an Organizational Unit (Optional) <a href="#id-2.-create-an-organizational-unit-optional" id="id-2.-create-an-organizational-unit-optional"></a>

If the OU does not exist yet:

* Click **Create org unit**
* Enter the following information:
  * **Org unit name**
  * (Optional) Description
* Select a **Parent Org unit**
* Click **Create org unit** to confirm

Newly created OUs inherit policies from their parent by default.

***

#### 3. Open Organizational Unit Details <a href="#id-3.-open-organizational-unit-details" id="id-3.-open-organizational-unit-details"></a>

* From the OU list, click the OU you want to manage (for example, **QC Team**)
* The OU details panel will open

***

#### 4. Manage Members <a href="#id-4.-manage-members" id="id-4.-manage-members"></a>

* Open the **Members** tab
* Review the list of users currently assigned to the OU

***

#### 5. Add a Member to an OU <a href="#id-5.-add-a-member-to-an-ou" id="id-5.-add-a-member-to-an-ou"></a>

* Click **Add member**
* Search for a user by name or email address
* Select the user from the results
* Click **Add member** to confirm

The user will immediately belong to this OU and inherit all applicable policies.

***

#### 6. Review and Manage Policies (Optional) <a href="#id-6.-review-and-manage-policies-optional" id="id-6.-review-and-manage-policies-optional"></a>

* Open the **Policies** tab
* Review the policies applied to the OU, such as:
  * MFA policy
  * Password policy
  * Session policy
* Policies may be inherited from the parent OU or customized at this level
* Click **Edit** on a policy to override inherited settings if required

***

### Result <a href="#result" id="result"></a>

After completing these steps:

* The Organizational Unit is properly configured
* Users are assigned to the correct OU
* Security and access policies are applied automatically
* Access management is centralized, consistent, and easy to audit


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://oten.gitbook.io/identity-support/user-guide/business-account/administrator/team-and-access/manage-access-at-ou-and-workspace-level/manage-access-at-organizational-unit-ou.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.