marisastrong
commented
2 years ago We ran into a similar issue years ago when trying to manage departments within institutions. While it didn't relate to SSO, managing a child entity within a parent institution was tricky in terms of overriding the parent institution customization with the child customization when the need arose. We ended up not supporting hierarchies due to the complexities it posed. I don't recall whether there is hierarchical support for institutions in the tool currently? So It may be a mute point but something to consider when supporting these types of use cases.
DMPTool member organizations from universities with affiliate groups utilizing subdomains are having problems accessing the DMPTool. For example, Harvard has many affiliate hospitals with harvard.edu emails that are not covered under the Harvard SSO, such as Boston Children's Hospital (childrens.harvard.edu) and the Dana-Farber Cancer Institute ([dfci.harvard.edu). In this case, they would like to access the main Harvard University DMPTool account, which has their collective guidance, but since they aren't under Harvard SSO, the system is not giving them access.
We met with the admin for Children's and determined that a check box to manage their own credentials (overriding SSO) would be the best workaround for this. We'll build and deploy this to stage and then seek user feedback before moving to production.