Multi-Org Management Setup
Prerequisites for Multi-Org Deployments
Parent and child organizations must be deployed in the same region
Multi-Org subscription license
Multi-Org permissions
Get Started
Before you begin, verify that you satisfy all Prerequisites for Multi-Org Deployments.
Log in to the Exabeam Security Operations Platform.
The first time you log in to the Exabeam Security Operations Platform, you will see an empty home page with 0 organizations managed.
For each organization you want to manage, Invite an Organization.
After they accept the invite, you can manage the Exabeam Security Operations Platform on their behalf.
Follow the best practice recommendations:
Configure single sign-on (SSO) in the parent organization.
For more information, see Third-party Identity Providers.
Ensure only one identity can access each organization. Specifically, avoid duplicate local, SSO, parent, and child identities.
Ensure least-privileged access for users in the parent organization.
Proactively communicate and coordinate access control and auditing expectations with the organizations you intend to manage.
Parent organizations have access to audit logs for your child organizations and can share those audit logs at your discretion. To export logs, use a third-party tool or a webhook to send the logs directly to the organization's webhook collector.
If you previously had direct access to a child organization, remove your SSO and local identities from the child organization after they provide you access.
Parent and child organizations must have a single identity for each email address. As a result, an identity with authentication credentials for [email protected] may exist in either the parent or child organization, and not both. When transitioning from individually to collectively managed organizations, administrators must remove the duplicate identities from the child subscriptions.