Smaller organizations might choose to administer keeper as single level, meaning no additional nodes are created by the Keeper Administrator. In this scenario, all provisioned users, roles, and teams are accessed from the default Root Node. The advantage to this configuration is there is no additional navigation required to find objects as they are listed under the default root level and easily accessed by navigating to the appropriate tab (users, roles, teams).
Larger organizations may benefit from organizing locations or departments into multiple nodes. Users can then be provisioned under their respective node and have roles configured to match the specific needs of the business. One of the advantages in defining multiple nodes is to help support the concept of delegated administration. A delegated administrator can be granted some or all of the Administrative permissions but only on their respective node (or sub nodes) to help reduce the administration load on the primary Keeper Administrators.
When the Keeper Bridge is installed for Active Directory synchronization, AD Organizational Units are identified as Nodes. Users and security groups, within specific organizational units in Active Directory, will be placed in the corresponding Node within the Keeper Admin Console.