Organizational Units


You can organize your environments in CloudGuard into Organizational Units. Organizational Units are user-defined groupings of accounts. An Organizational Unit could represent, for example, the accounts for a business unit within an enterprise, or a geographical location. You can associate any of your accounts with an Organizational Unit, including accounts from different cloud providers. You can also create Organizational Units within existing Organizational Units, creating a logical hierarchy.

Initially, your account will have a 'root' Organizational Unit that includes all environments that have been onboarded to CloudGuard. From there, you can create additional Organizational Units and associate environments with them (they are moved from root). An account can be associated with only one Organizational Unit at any time, so Organizational Units cannot overlap each other (but one Organizational Unit can be a sub-unit of another).

You can label Organizational Units with any name, but sub-Organizational Units of the same parent cannot have the same name.

You can delete Organizational Units. All environments associated with it and its sub-Organizational Units will be moved to the 'root' unit, and all sub-Organizational Units will be deleted with it.


  • view your accounts according to logical groupings - e.g, business units, or geographical regions

  • improve your visibility of your account inventory by viewing them grouped logically and hierarchically (with collapsable views).

  • define & apply tailored compliance policies for groupings that are logical for your enterprise

  • apply user access (RBAC) policies to your accounts according to enterprise logical groupings

Use Cases

  • streamline the view of environments & assets

  • apply a continuous compliance policy to a business unit

  • view assessment results for a business unit