Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiAppSec Cloud User Guide

    Migrate Legacy GSLB Organizations to FortiCloud Organizational Units (OU)

    Migrate Legacy GSLB Organizations to FortiCloud Organizational Units (OU)

    This section addresses the use case for migrating legacy organization assets to FortiCloud. It applies specifically to former FortiGSLB users with multiple legacy organizations that have not yet migrated to FortiCloud.

    Legacy FortiGSLB Organizations are no longer supported. Migrating to FortiCloud enables asset management, role- and resource-based access controls, and hierarchical structures for efficient provisioning and consistent security.

    For information on how FortiCloud Organizational Units (OU) works, please refer to this document outlining its key concepts.

    After the migration, please refer to FortiCloud Organizational Units for additional information on how to use FortiCloud with FortiAppSec Cloud.

    Key features of migration

    Benefits of migrating to FortiCloud OU include:

    • Comprehensive asset management: view, organize, and manage assets with search options in one place, and organize assets into multi-depth hierarchies.

    • Secure user management: delegate role-based and resource-based access controls.

    • Multitenancy Management: use hierarchical structures for flexible, efficient resource provisioning and consistent security management.

    Please note that after migrating to FortiAppSec Cloud:

    • You will no longer be able to choose FortiGSLB legacy organizations.

    • You will only see the resources in OneClick type FortiGSLB legacy organization.

    For further details on FortiCloud OU use cases and benefits, please refer to the FortiCloud Organization Portal Online Help.

    Migration prerequisites

    • FortiCloud account

        If you plan to enable Contract Sharing Mode, please register your service license to the root account, as all member accounts under FortiCloud OUs share the root account's license for calculations. Licenses registered under non-root accounts within an organization will not count toward the service.

        You can view your current license type in the FortiAppSec Cloud web portal under General > Contracts.

    Migration steps

    1. Log in to FortiCloud.

    2. Turn on the Organization feature.

      1. Access the Organizational portal. Go to My Account > My Account (IAM version) > Account Preferences and click Enable Organization Feature.

      2. Go to https://support.fortinet.com/organizations.

      3. Click Create Organization and follow the prompts to create the Organization. For more details on the Organization creation screens, please see Creating an Organization.

    3. Add Organization Structure. There are two ways to do this:

      Option 1: Upload Organization Structure

      1. Submit a ticket to request an Organization Template form with your legacy organization structure.

      2. Download the Organization Template.

      3. Edit the downloaded template, and update the values under OU Path to include the top-level organization's name, followed by a backslash.

        For example, if the top-level organization's name is "root_org," change the OU Path value "company1" to "root_org\company1."

        Similarly, update OU Paths with multiple values, changing "example-company\subgroup1" to "root_ org\example-company\subgroup1."

      4. Save the changes in your Organization Template.

      5. d. Return to FortiCloud. In the navigation menu, hover over your organization name and click the gear icon.

      6. Click Add a SubOU. The Add a SubOU to <org_name> dialog opens.

      8. Select Upload Organization Structure, and upload the updated template from step c. This should auto-populate the OU Structure Preview window.

      9. Click Confirm.

      Option 2: Input Organization Info

      1. In the FortiCloud Organizations navigation menu, hover over your organization name and click the gear icon.

      2. Click Add a SubOU. The Add a SubOU to <org_name> dialog opens.

      3. Enter the OU Name and OU Description, then click Confirm. The unit is added to the organization.

      4. Repeat steps a and b until all organizations are added as desired.

    4. Create member accounts for each desired OU. For more detailed information beyond the steps below, please refer to Creating new Member Accounts.

      Since FortiAppSec Cloud resources are tied to member accounts, it is mandatory to create a member account for each desired Organizational Unit (OU).

      1. In the left navigation bar, click on the desired OU under Dashboard to navigate to the page shown below.

      2. Click New Member Account, fill out the New Member Account fields as required, and click Submit.

      3. Repeat previous steps a and b until all desired OUs have corresponding member accounts.

    5. Export OU structure.

      1. In the left navigation bar, click on the top-level organization.

      2. Click the hierarchy icon to ensure sub-organization units are selected. Then, from the Bulk Actions dropdown list, select CSV File.

      3. Download the organization file and edit it to include a column specifying the legacy FortiGSLB organization associated with each member account. This ensures we can identify which assets to migrate to the corresponding new member accounts.

    6. If you would like to enable Contract Sharing Mode, go to General > Settings and enable Contract Sharing Mode.

    7. Ensure all member accounts log in to the FortiAppSec Cloud portal. This step saves the account information needed for the next phase.

    8. Submit a ticket requesting the FortiAppSec GSLB team to complete your migration to FortiCloud OU. Be sure to attach the OU Structure file downloaded and modified in Step 5.

      For guidance on submitting support tickets, please refer to Submitting support tickets

      Once the ticket is received, the GSLB team will synchronize the new member accounts and root account, binding the legacy FortiGSLB organizations to the corresponding new accounts as specified in the OU structure file.

    If you would like to transfer your One-Click device to your new membership account, please wait to do so until the migration is complete.

    You can check the status of the migration in the Ticket Conversation on FortiCare.

    For more information on FortiCare tickets, see Ticket details.

    Manage users after migration

    To manage IAM users' access to FortiAppSec Cloud GSLB resources under different member accounts, you can either edit an existing IAM user and set their Type to Organization, or create a new Organization type IAM user.

    For details on advanced user management, please refer to Organization User Management.

    For instructions on creating a new IAM user, please refer to FortiCloud IAM Users

    Previous
    Next

    Migrate Legacy GSLB Organizations to FortiCloud Organizational Units (OU)

    Migrate Legacy GSLB Organizations to FortiCloud Organizational Units (OU)

    This section addresses the use case for migrating legacy organization assets to FortiCloud. It applies specifically to former FortiGSLB users with multiple legacy organizations that have not yet migrated to FortiCloud.

    Legacy FortiGSLB Organizations are no longer supported. Migrating to FortiCloud enables asset management, role- and resource-based access controls, and hierarchical structures for efficient provisioning and consistent security.

    For information on how FortiCloud Organizational Units (OU) works, please refer to this document outlining its key concepts.

    After the migration, please refer to FortiCloud Organizational Units for additional information on how to use FortiCloud with FortiAppSec Cloud.

    Key features of migration

    Benefits of migrating to FortiCloud OU include:

    • Comprehensive asset management: view, organize, and manage assets with search options in one place, and organize assets into multi-depth hierarchies.

    • Secure user management: delegate role-based and resource-based access controls.

    • Multitenancy Management: use hierarchical structures for flexible, efficient resource provisioning and consistent security management.

    Please note that after migrating to FortiAppSec Cloud:

    • You will no longer be able to choose FortiGSLB legacy organizations.

    • You will only see the resources in OneClick type FortiGSLB legacy organization.

    For further details on FortiCloud OU use cases and benefits, please refer to the FortiCloud Organization Portal Online Help.

    Migration prerequisites

    • FortiCloud account

        If you plan to enable Contract Sharing Mode, please register your service license to the root account, as all member accounts under FortiCloud OUs share the root account's license for calculations. Licenses registered under non-root accounts within an organization will not count toward the service.

        You can view your current license type in the FortiAppSec Cloud web portal under General > Contracts.

    Migration steps

    1. Log in to FortiCloud.

    2. Turn on the Organization feature.

      1. Access the Organizational portal. Go to My Account > My Account (IAM version) > Account Preferences and click Enable Organization Feature.

      2. Go to https://support.fortinet.com/organizations.

      3. Click Create Organization and follow the prompts to create the Organization. For more details on the Organization creation screens, please see Creating an Organization.

    3. Add Organization Structure. There are two ways to do this:

      Option 1: Upload Organization Structure

      1. Submit a ticket to request an Organization Template form with your legacy organization structure.

      2. Download the Organization Template.

      3. Edit the downloaded template, and update the values under OU Path to include the top-level organization's name, followed by a backslash.

        For example, if the top-level organization's name is "root_org," change the OU Path value "company1" to "root_org\company1."

        Similarly, update OU Paths with multiple values, changing "example-company\subgroup1" to "root_ org\example-company\subgroup1."

      4. Save the changes in your Organization Template.

      5. d. Return to FortiCloud. In the navigation menu, hover over your organization name and click the gear icon.

      6. Click Add a SubOU. The Add a SubOU to <org_name> dialog opens.

      8. Select Upload Organization Structure, and upload the updated template from step c. This should auto-populate the OU Structure Preview window.

      9. Click Confirm.

      Option 2: Input Organization Info

      1. In the FortiCloud Organizations navigation menu, hover over your organization name and click the gear icon.

      2. Click Add a SubOU. The Add a SubOU to <org_name> dialog opens.

      3. Enter the OU Name and OU Description, then click Confirm. The unit is added to the organization.

      4. Repeat steps a and b until all organizations are added as desired.

    4. Create member accounts for each desired OU. For more detailed information beyond the steps below, please refer to Creating new Member Accounts.

      Since FortiAppSec Cloud resources are tied to member accounts, it is mandatory to create a member account for each desired Organizational Unit (OU).

      1. In the left navigation bar, click on the desired OU under Dashboard to navigate to the page shown below.

      2. Click New Member Account, fill out the New Member Account fields as required, and click Submit.

      3. Repeat previous steps a and b until all desired OUs have corresponding member accounts.

    5. Export OU structure.

      1. In the left navigation bar, click on the top-level organization.

      2. Click the hierarchy icon to ensure sub-organization units are selected. Then, from the Bulk Actions dropdown list, select CSV File.

      3. Download the organization file and edit it to include a column specifying the legacy FortiGSLB organization associated with each member account. This ensures we can identify which assets to migrate to the corresponding new member accounts.

    6. If you would like to enable Contract Sharing Mode, go to General > Settings and enable Contract Sharing Mode.

    7. Ensure all member accounts log in to the FortiAppSec Cloud portal. This step saves the account information needed for the next phase.

    8. Submit a ticket requesting the FortiAppSec GSLB team to complete your migration to FortiCloud OU. Be sure to attach the OU Structure file downloaded and modified in Step 5.

      For guidance on submitting support tickets, please refer to Submitting support tickets

      Once the ticket is received, the GSLB team will synchronize the new member accounts and root account, binding the legacy FortiGSLB organizations to the corresponding new accounts as specified in the OU structure file.

    If you would like to transfer your One-Click device to your new membership account, please wait to do so until the migration is complete.

    You can check the status of the migration in the Ticket Conversation on FortiCare.

    For more information on FortiCare tickets, see Ticket details.

    Manage users after migration

    To manage IAM users' access to FortiAppSec Cloud GSLB resources under different member accounts, you can either edit an existing IAM user and set their Type to Organization, or create a new Organization type IAM user.

    For details on advanced user management, please refer to Organization User Management.

    For instructions on creating a new IAM user, please refer to FortiCloud IAM Users

    Previous
    Next