Skip to main content

New-Scale Security Operations PlatformMulti-Org Guide

Multi-Org Management Setup

Prerequisites for Multi-Org Deployments

  • Parent and child organizations must be deployed in the same region

  • Multi-Org subscription license

  • Multi-Org permissions

Get Started

  1. Before you begin, verify that you satisfy all Prerequisites for Multi-Org Deployments.

  2. Log in to the New-Scale Security Operations Platform.

    The first time you log in to the New-Scale Security Operations Platform, you are prompted to accept the Exabeam end-user license agreement (EULA).

    After you log in, you will see an empty home page with 0 organizations managed.

    mssp-get-started-0-orgs.png

  3. For each organization you want to manage, Invite an Organization.

    After they accept the invite, you can manage the New-Scale Security Operations Platform on their behalf.

  4. Follow the best practice recommendations:

    • Configure single sign-on (SSO) in the parent organization.

      For more information, see Third-party Identity Providers.

    • Ensure only one identity can access each organization. Specifically, avoid duplicate local, SSO, parent, and child identities.

    • Ensure least-privileged access for users in the parent organization.

    • Proactively communicate and coordinate access control and auditing expectations with the organizations you intend to manage.

    • Parent organizations have access to audit logs for your child organizations and can share those audit logs at your discretion. To export logs, use a third-party tool or a webhook to send the logs directly to the organization's webhook collector.

  5. If you previously had direct access to a child organization, remove your SSO and local identities from the child organization after they provide you access.

    Parent and child organizations must have a single identity for each email address. As a result, an identity with authentication credentials for [email protected] may exist in either the parent or child organization, and not both. When transitioning from individually to collectively managed organizations, administrators must remove the duplicate identities from the child subscriptions.

  6. If you want to assign a child organization a descriptive, user-friendly name in your Multi-Org console, you can assign a banner name that will be used to identity the subscription in your console. To assign a descriptive name:

    • Click the options icon (icon-options.png) in the top, right corner of a child organization tile in your console.

    • Select the Setting option. A Settings dialog box opens.

    • In the Banner Name field, enter a new descriptive name that contains between 5 and 30 alphanumeric characters. It must start with an alphabetic character and it can include white spaces, hyphens , and underscores, but not other special characters.

      banner-name.png

    • Click Update. The new banner name is saved and is displayed wherever that child organization is identified in your Multi-Org console.

    Note

    You can only assign a descriptive banner name to a child organization if you have a Multi-Org tile with Administrator permissions.