You need to define the organizational structure of any other organizations with which you intend to interact and, consequently, on which you want to specify authorization policies.
Define these organizations under Trust Framework, using the Domains section, which is available only on PDP API-enabled servers . Start with a relatively clean and simple domain ontology. You can extend it later if you need more granular levels.
You can import these values from your existing organizational directory, such as Active Directory. Make certain that you do not import redundant and unnecessary entities.