NOTE: The ability to enroll in an organization is currently in invitation only, limited beta.
Enrolling in an organization allows you to centrally manage your environment's security, compliance, and access control by aggregating information from all your accounts. To use Lacework's organization capability, you must perform a one-time enrollment process using an existing account.
An organization can contain multiple accounts so you can also manage components such as alerts, resource groups, team members, and audit logs at a more granular level inside an organization. A team member may have access to multiple accounts and can easily switch between them.
Organization Enrollment Process
Before you begin the organization enrollment process, determine which existing account to use as your primary account. This primary account's Lacework URL will be used for all accounts in the organization. This URL is also referred to as the organization URL.
Lacework recommends choosing an account where the individual you want to promote to an organization admin already exists as an account admin. Also consider that the organization and any underlying accounts assume the authentication method of the account used for the enrollment process.
Ensure you choose the correct account. The enrollment process enrolls all your company’s accounts in the organization and the process cannot be reversed.
- Log in to the Lacework Console with the chosen account.
- Click the Organization Enrollment link at the bottom of the Account Settings page.
- Select a current account admin to be granted the organization admin role. This admin gains organization-level admin privileges but also retains its previous account-level privileges.
- Read the enrollment process details.
- Select the acknowledgment checkbox to confirm you want to complete the enrollment process with the chosen account and account admin.
This enables the Save button.
- Click Save to complete enrollment.
The organization dashboard displays aggregated events and compliance for all accounts within the organization.
After the enrollment process finishes, the option to start the enrollment process is no longer available for accounts within the new organization.
After Organization Enrollment
Completing organization enrollment introduces two organization-level roles: organization admin and organization user. Only organization admins and users can view organization settings. Only organization admins can edit organization settings. Authentication and usage settings, which were available at the account level before enrollment, are now available only at the organization level. So an account admin that is not granted any organization-level privileges cannot view authentication and usage pages. Determine if you should grant additional team members organization-level roles.
Because you can set authentication only at the organization level, all accounts within the organization assume the authentication method of the primary account. This potential authentication change could affect some account admins' and users' ability to log in to the Lacework Console until the change and necessary remediation steps are communicated within your organization.
The new organization does not contain any custom alert routing or resource groups at the organization level. Determine if you should define organization-level alert routing and resource groups.