CloudGuard Dome9 Help

Organizational Units


You can organize your cloud accounts in CloudGuard Dome9 into Organizational Units. Organizational Units are user-defined groupings of accounts. An Organizational Unit could represent, for example, the accounts for a business unit within an enterprise, or a geographical location. You can associate any of your accounts with an Organizational Unit, including accounts from different cloud providers. You can also create Organizational Units within existing Organizational Units, creating a logical hierarchy.

Initially, your account will have a 'root' Organizational Unit that includes all cloud accounts that have been onboarded to Dome9. From there, you can create additional Organizational Units and associate cloud accounts with them (they are moved from root). An account can be associated with only one Organizational Unit at any time, so Organizational Units cannot overlap each other (but one Organizational Unit can be a sub-unit of another).

You can label Organizational Units with any name, but sub-Organizational Units of the same parent cannot have the same name.

You can delete Organizational Units. All cloud accounts associated with it and its sub-Organizational Units will be moved to the 'root' unit, and all sub-Organizational Units will be deleted with it.


  • view your accounts according to logical groupings - e.g, business units, or geographical regions
  • improve your visibility of your account inventory by viewing them grouped logically and hierarchically (with collapsable views).
  • define & apply tailored compliance policies for groupings that are logical for your enterprise
  • apply user access (RBAC) policies to your accounts according to enterprise logical groupings

Use Cases

  • streamline the view of cloud accounts & assets
  • apply a continuous compliance policy to a business unit
  • view assessment results for a business unit


See Also

Continuous Compliance