About Multi-Org Management
For managed security service providers (MSSPs) and hierarchical enterprises that need to manage security operations for other organizations with multiple licenses, Exabeam provides multiple organization (Multi-Org) management for the New-Scale Security Operations Platform. This allows parent organizations to manage and monitor their child organizations efficiently, providing streamlined operations and greater control across multiple environments.
Feature Support
Multi-Org management provides a central portal from which you can manage functionality for other organizations including:
Identity and access management
Navigation between managed organizations
Audit event visibility
Licenses
To access Multi-Org management features, you must have a multi-license multi-org (MLMO) subscription. For more information, contact your Exabeam account representative.
Access Management
Identity Behavior for Multi-Org
Permissions in a Multi-Org setup are determined by the organization you log into and the permissions associated with your login identity. These permissions can vary between parent and child organizations, even if the login identity (for example email address) is the same.
When a user logs into the parent organization, the permissions assigned to that user in the parent organization are applied. As the user navigates to child organizations, their permissions remain consistent with those granted in the parent organization. For example, if a user’s permissions in the parent organization exceed those granted to the same login identity in a child organization, the user will retain the additional permissions from the parent organization while accessing the child organization. Conversely, if the user’s permissions in the parent organization are more restrictive than those in the child organization, the user’s access will reflect the more restrictive parent permissions while navigating the child organization.
In contrast, when a user logs directly into a child organization, only the permissions assigned to that user within the child organization are applied. In this case, the user cannot navigate to the parent organization or access other child organizations.
Tip
To prevent confusion and ensure seamless access control, it is strongly recommended to use a single login identity across all subscriptions, encompassing both parent and child organizations. Maintaining consistent identities helps avoid scenarios where different permissions tied to multiple identities create uncertainty or operational challenges.
Roles for Multi-Org Access
To manage Multi-Org features, you must be assigned a role with the appropriate Multi-Org permissions.
To view and manage a Multi-Org deployment, you must be assigned one of the following roles:
Administrator default role
Custom role with View and manage Multi-Org permissions
For read-only access, you must be assigned one of the following roles:
Default role:
Administrator
Security Engineer
Tier 3 Analyst
Tier 2 Analyst
Tier 1 Analyst
Compliance Manager
Developer
Custom role with View Multi-Org permissions
The following table displays details about the permissions required to manage organizations.
Application | Platform | Permission | Permission Description | Access |
|---|---|---|---|---|
Manage Organizations | New-Scale | Manage Organizations | View Multi-Org | Read |
Manage Organizations | New-Scale | Manage Organizations | View and manage Multi-Org |
|
For more information, see User Permissions.
Regions
Multi-Org is available for all supported regions. However, data residency and processing requirements require all child and parent subscriptions within the same region.