Enrolling in an organization allows you to centrally manage your environment's security, compliance, and access control by aggregating information from all your accounts. To use Lacework's organization capability, you must perform a one-time enrollment process using an existing account.
An organization can contain multiple accounts so you can also manage components such as alerts, resource groups, team members, and audit logs at a more granular level inside an organization. A team member may have access to multiple accounts and can easily switch between them.
Organization Enrollment Process
IMPORTANT: The enrollment process is irreversible. Proceed only if you want to enroll all your company’s accounts in the organization. An organization can contain a maximum of 100 accounts.
Before you begin the organization enrollment process, determine which existing account to use for enrollment. This account's Lacework URL will be used for all accounts in the organization. This URL is also referred to as the organization URL.
Lacework recommends choosing an account where the individual you want to promote to an organization admin already exists as an account admin. Also consider that the organization and any underlying accounts assume the authentication method of the account used for the enrollment process.
Ensure you choose the correct account. The enrollment process enrolls all your company’s accounts in the organization and the process cannot be reversed.
- Log in to the Lacework Console with the chosen account.
- Open Account Settings and click Organization View at the bottom of the page.
- Verify the details about the account and click Get Started Now.
- Verify that you want to enroll all listed accounts in the organization and click Continue.
- Read the enrollment process details.
- Select a current account admin to be promoted. This admin is granted the organization admin role. This admin gains organization-level admin privileges but also retains its previous account-level privileges.
- Select the acknowledgment checkbox to confirm you want to complete the enrollment process with the chosen account and account admin.
This enables the Complete Step button.
- Click Complete Step to complete enrollment.
The organization dashboard displays aggregated events and compliance for all accounts within the organization.
After the enrollment process finishes, the option to start the enrollment process is no longer available for accounts within the new organization.
After Organization Enrollment
Completing organization enrollment introduces two organization-level roles: organization admin and organization user. Only organization admins and users can view organization settings. Only organization admins can edit organization settings. Authentication and usage settings, which were available at the account level before enrollment, are now available only at the organization level. So an account admin that is not granted any organization-level privileges cannot view authentication and usage pages. Determine if you should grant additional team members organization-level roles.
Because you can set authentication only at the organization level, all accounts within the organization assume the authentication method of the account chosen for initial enrollment. This potential authentication change could affect some account admins' and users' ability to log in to the Lacework Console until the change and necessary remediation steps are communicated within your organization.
The new organization does not contain any custom alert routing or resource groups at the organization level. Determine if you should define organization-level alert routing and resource groups.