> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/identity-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/identity-support/user-guide/organization-admin-app/administrator/team-and-access/manage-access-at-ou-and-workspace-level/manage-access-at-organizational-unit-ou.md).

# Manage Access at Organizational Unit (OU)

### Scope <a href="#scope" id="scope"></a>

This document explains how administrators manage user access at the **Organizational Unit (OU)** level in Oten Admin, including:

* Creating Organizational Units
* Managing members within an OU
* Applying and inheriting security policies (MFA, Password, Session)

***

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

If you are new to Oten Admin, start by understanding the following concepts:

* **Organizational Units (OU)** are used to group users logically (by team, department, or function).
* OUs can be structured hierarchically (parent–child relationship).
* Security and access policies can be inherited from parent OUs.

To begin, navigate to the **Organizational units** section in the Admin dashboard.

***

#### Purpose <a href="#purpose" id="purpose"></a>

The purpose of this document is to help administrators:

* Organize users into structured units
* Manage access and security policies at scale
* Reduce manual configuration at the individual user level

***

#### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before proceeding, make sure that:

* You have **Admin** or **Organization Admin** permissions
* An Organization and at least one root OU already exist
* Users have been created in the system

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

#### 1. Open Organizational Units <a href="#id-1.-open-organizational-units" id="id-1.-open-organizational-units"></a>

* Log in to **Oten Admin**
* From the left navigation menu, select **Organizational units**

***

#### 2. Create an Organizational Unit (Optional) <a href="#id-2.-create-an-organizational-unit-optional" id="id-2.-create-an-organizational-unit-optional"></a>

If the OU does not exist yet:

* Click **Create org unit**
* Enter the following information:
  * **Org unit name**
  * (Optional) Description
* Select a **Parent Org unit**
* Click **Create org unit** to confirm

Newly created OUs inherit policies from their parent by default.

***

#### 3. Open Organizational Unit Details <a href="#id-3.-open-organizational-unit-details" id="id-3.-open-organizational-unit-details"></a>

* From the OU list, click the OU you want to manage (for example, **QC Team**)
* The OU details panel will open

***

#### 4. Manage Members <a href="#id-4.-manage-members" id="id-4.-manage-members"></a>

* Open the **Members** tab
* Review the list of users currently assigned to the OU

***

#### 5. Add a Member to an OU <a href="#id-5.-add-a-member-to-an-ou" id="id-5.-add-a-member-to-an-ou"></a>

* Click **Add member**
* Search for a user by name or email address
* Select the user from the results
* Click **Add member** to confirm

The user will immediately belong to this OU and inherit all applicable policies.

***

#### 6. Review and Manage Policies (Optional) <a href="#id-6.-review-and-manage-policies-optional" id="id-6.-review-and-manage-policies-optional"></a>

* Open the **Policies** tab
* Review the policies applied to the OU, such as:
  * MFA policy
  * Password policy
  * Session policy
* Policies may be inherited from the parent OU or customized at this level
* Click **Edit** on a policy to override inherited settings if required

***

### Result <a href="#result" id="result"></a>

After completing these steps:

* The Organizational Unit is properly configured
* Users are assigned to the correct OU
* Security and access policies are applied automatically
* Access management is centralized, consistent, and easy to audit
