Overview of creating and managing Organizations

When creating an Organization and adding Organizational Units (OUs) and Member Accounts, there is a general process that you can follow.

To create and manage an Organization:

1. Set up the Organization.

2. Invite accounts to join the Organization.

3. Manage users.

4. Access the Organization.

More information on creating and managing Organizations can be found in the Asset Management and Identity & Access Management guides.

Set up the Organization

The first step for creating an Organization requires the Root Account user to create the Organization and define the Organization hierarchy with OUs.

The process for setting up the Organization and OUs is as follows:

1. Log in to the FortiCloud account that will act as the Organization Root Account.

2. Add a FortiCloud Premium License from https://support.fortinet.com. See Registering assets in the Asset Management guide and Prerequisites.

3. Access the Organizational portal:

   • Go to My Account > My Account (IAM version) > Account Preferences and click Enable Organization Feature. See Enabling Organizations in the Identity & Access Management guide.

   • Go to https://support.fortinet.com/organizations/.

4. Click Create Organization and follow the prompts to create the Organization. See Creating an organization.

5. Go to the Organization portal and use the gear icon to create the OUs and Organization hierarchy. See Adding and deleting OUs.

See Organizations and Organizational Units (OU) for more information about creating Organizations and hierarchy.

The Root Account user performs all of the steps in Step One.

Invite accounts to join the Organization

Once the Organization and OUs have been created, you can invite Member Accounts to join the Organization OUs using invitation tokens.

Member Accounts can also be created directly in the Organization Portal using the New Member Account button. See Creating new Member Accounts.

The process for inviting accounts is as follows:

1. The Root Account user generates the invitation token for each OU from the Invitation Token page. See Creating invitation tokens.

2. The Root Account user invites accounts to join the Organization OUs by sharing the assigned invitation token and Organization portal link (https://support.fortinet.com/organizations/) with Member Account users.

3. Member Account users go to https://support.fortinet.com/organizations/.

4. Member Account users select Join Organization and use the provided invitation token to request access.

5. The Root Account user approves Member Account requests from the Invitation Token page. See Invitation Approval.

See Invitations for more information about invitation tokens.

Member Accounts can create the account password by using the Forgot Password? feature when logging into the portal.

Manage users

Once Member Accounts are added to the OUs, you can create an Organization administrative IAM user that can create and manage IAM users for the Organization OUs.

The process for creating an Organization administrative IAM user is as follows:

1. Go to the IAM portal.

2. Create a new permission profile for the Organization administrative IAM user:

   1. Go to Permission Profiles and create a new profile.

   2. Set the type to Organization.

   3. Add the Organization portal, IAM portal, Asset Management portal, and any other necessary portals.

   4. Set the Organization portal, IAM portal, and Asset Management portal access to Admin.

   See Permission profiles within Organizations in the Identity & Access Management guide for more information.

3. Create the Organization administrative IAM user:

   1. Go to Users and create a new IAM user.

   2. Set the type to Organization.

   3. Set the Permission Scope to the Organization.

   4. Select the permission profile created in the previous step.

   5. Generate the password.

   See Creating users, user groups, and roles within Organizations in the Identity & Access Management guide for more information.

The Root Account user performs all of the steps in Step Three.

Access the Organization

Once you have created the Organization administrative IAM user, you can begin accessing the Organization, OUs, assets, and so on.

The process to accessing the Organization is as follows:

1. Log into FortiCloud as the new Organization administrative IAM user:

   1. Go to https://support.fortinet.com.

   2. Log in using the new administrative IAM user credentials.

   3. Select the top level Organization when prompted.

   See Logging into an OU account in the Identity & Access Management guide for more information.

2. Create permission profiles and IAM users for each of the OUs. See Permission profiles within Organizations and Creating users, user groups, and roles withing Organizations in the Identity & Access Management guide for more information.

   If an IAM user has administrative access to the Organization portal and a permission scope set to an OU, this IAM user can create new IAM users below them in the hierarchy. See Permission scope with organizations.

3. Access OUs or OU Member Accounts using the context switch dropdown menu:

   • Go to the Asset Management portal to switch to OU Member Accounts or OUs, view the OU consolidated view, or transfer assets across OU Member Accounts. See the Asset Management guide for more information.

   • Go to the IAM portal to manage OU Member Account users or switch to OU Member Accounts. See the Identity & Access Management guide for more information.

   See OU context switch and Permission scope with Organizations in the Identity & Access Management guide for more information.

The Organization administrative IAM user performs all of the steps in Step Four. The Root Account user cannot access other OU accounts directly.