Organizational Units
Overview
You can organize your environments in CloudGuard into Organizational Units. Organizational Units are user-defined groupings of accounts. An Organizational Unit could depict, for example, the accounts for a business unit in an enterprise, or a geographical location. You can associate your accounts with an Organizational Unit, with accounts from different cloud providers. In addition, you can create Organizational Units in existing Organizational Units, creating a logical hierarchy.
Initially, your account has a 'root' Organizational Unit that includes all environments that have been onboarded to CloudGuard. From there, you can create more Organizational Units and associate environments with them (they are moved from root). An account can correspond with only one Organizational Unit at a time, but one Organizational Unit can be a sub-unit of a different one.
You can label Organizational Units with a name, but sub-Organizational Units of the same parent cannot have the same name.
You can delete Organizational Units. All environments related to it and its sub-Organizational Units are moved to the 'root' unit, and all sub-Organizational Units are deleted with it.
Benefits
-
See your accounts based on logical groupings, for example, business units or geographical regions.
-
Better visibility of your account inventory by seeing them grouped logically and hierarchically (with collapsible views).
-
Define & apply tailored compliance policies for groupings that are logical for your enterprise.
-
Apply user access (RBAC
Role-Based Access Control - Manages authorization decisions, allowing admins to dynamically configure access policies through the Kubernetes API.) policies to your accounts based on enterprise logical groupings.
Use Cases
-
Streamline the view of environments and assets - see Viewing OUs
-
Apply a Continuous Posture policy to a business unit - Continuous Posture
Actions
Viewing OUs
-
Navigate to the Organizational Units page in the Assets menu. This shows your Organizational Units. For each, the number of environments corresponding to it is shown, broken down based on the cloud providers. In addition, Sub-Organizational Units are shown. You can use the Filters pane, on the left, to filter the list.
-
Click
or 
to expand or close the hierarchy of OUs.
Creating an OU
-
Navigate to the Organizational Units page.
-
Click CREATE OU.
-
Enter a name for the OU and select its location in the hierarchy of OUs, then click Create.
-
As an alternative, create a new OU as a sub-OU for an existing OU. Select the existing OU and click Create sub OU.
-
Enter a name for the OU and click Add.
Moving OUs
You can change the location of an Organizational Unit in the hierarchy of OUs.
-
Put the mouse on the OU to be moved and click Move.
-
Select the new OU below which the OU is moved and click Move.
Associating Environments with an OU
When you have created Organizational Units, you can associate environments with them. You can associate accounts with an OU, with accounts from different cloud providers. An environment can correspond to only one OU (or to the root).
-
Navigate to the Environments page in the Assets menu. This shows your environments onboarded to CloudGuard (from all providers).
-
Select one or more environments.
-
Click Associate To OU.
-
Select the Organizational Unit and click Associate.
The Organizational Unit for the environments is updated.
Removing (disassociating) Environments from an OU
You can remove (disassociate) environments from an OU. You can do this by associating the environments with a different OU or with a root. Follow the steps in the procedure above.
Deleting OUs
When you delete an OU, the accounts related to it are moved to the root.
In addition, all sub-OUs for the Organizational Unit are deleted. You cannot delete the root.
-
Navigate to the Organizational Units page.
-
Put the cursor on the OU to be deleted and click Delete.
