Organizational Units

Overview

You can organize your environments in CloudGuard into Organizational Units. Organizational Units are user-defined groupings of accounts. An Organizational Unit could depict, for example, the accounts for a business unit in an enterprise, or a geographical location. You can associate your accounts with an Organizational Unit, with accounts from different cloud providers. In addition, you can create Organizational Units in existing Organizational Units, creating a logical hierarchy.

Initially, your account has a root entity that includes all environments that have been onboarded to CloudGuard. This root entity is not an Organizational Unit, and it serves only as a starting point for creating your own Organizational Units. From there, you can create more Organizational Units and associate environments with them (they are moved from the root). An account can correspond with only one Organizational Unit at a time, but one Organizational Unit can be a sub-unit of a different one. Onboarded AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. Organizations appear under the root entity as its children.

You can label Organizational Units with a name, but sub-Organizational Units of the same parent cannot have the same name.

You can delete Organizational Units. All environments related to it and its sub-Organizational Units are moved to the 'root' unit, and all sub-Organizational Units are deleted with it.

Benefits

Use Cases

Actions

  1. Navigate to the Organizational Units page in the Assets menu. This shows your Organizational Units. For each, the number of environments corresponding to it is shown, broken down based on the cloud providers. In addition, Sub-Organizational Units are shown. You can use the Filters pane, on the left, to filter the list.

  2. Click right or down arrows to expand or close the hierarchy of OUs.

  1. Navigate to the Organizational Units page.

  2. Click CREATE OU.

  3. Enter a name for the OU and select its location in the hierarchy of OUs, then click Create.

  4. As an alternative, create a new OU as a sub-OU for an existing OU. Select the existing OU and click Create sub OU.

  5. Enter a name for the OU and click Add.

You can change the location of an Organizational Unit in the hierarchy of OUs.

  1. Put the mouse on the OU to be moved and click Move.

  2. Select the new OU below which the OU is moved and click Move.

When you have created Organizational Units, you can associate environments with them. You can associate accounts with an OU, with accounts from different cloud providers. An environment can correspond to only one OU (or to the root).

  1. Navigate to the Environments page in the Assets menu. This shows your environments onboarded to CloudGuard (from all providers).

  2. Select one or more environments.

  3. Click Associate To OU.

  4. Select the Organizational Unit and click Associate.

    The Organizational Unit for the environments is updated.

You can remove (disassociate) environments from an OU. You can do this by associating the environments with a different OU or with a root. Follow the steps in the procedure above.

When you delete an OU, the accounts related to it are moved to the root.

In addition, all sub-OUs for the Organizational Unit are deleted. You cannot delete the root.

  1. Navigate to the Organizational Units page.

  2. Put the cursor on the OU to be deleted and click Delete.