Step 2 – Defining or Importing an Organization
The ORGANIZATIONS page lists all the organizations defined in the FortiEDR system.
The Default (hoster) organization is predefined in the system. This organization represents the main organization in the system, such as the ABC Hotel chain described before. The Default (hoster) main organization cannot be deleted.
The Default (hoster) organization can be accessed by an Administrator and the Local Administrator that you define for it.
Note – In a single-organization system, the Default (hoster) organization is the only organization. To set up a multi-organization system, see Moving from a Single-organization to Multi-organization Structure in FortiEDR.
The Organizations window contains the following information:
Field |
Definition |
---|---|
Name | Specifies the name of the organization. |
Workstation Licenses Capacity | For the organization, specifies the number of workstation licenses allocated to the organization. |
Worksstation Licenses in Use | Specifies the number of workstation licenses in use (installed). |
Servers Licenses Capacity | For the organization, specifies the number of servers allocated to the organization. |
Servers Licenses in Use | Specifies the number of servers in use (installed). |
IoT Devices Capacity | For the organization, specifies the maximum number of IoT devices that can be detected in the organization. |
IoT Devices in Use | Specifies the number of IoT devices detected in the organization. |
Expiration Date | Specifies the expiration date of licenses for the organization. |
Click the button in an organization row to edit the properties of that organization.
You can delete an organization as long as it does not have any workstations or servers in use. Click the Delete button in an organization row to delete that organization.
Click the Migrate Organization button in an organization row to migrate that organization. For more details, see Migrating an Organization.
To define an organization:
- Click the ADMINISTRATION tab and then click ORGANIZATIONS in the left pane. The ORGANIZATIONS page displays.
- Click the button. The following window displays:
All fields in this window are mandatory.
- Fill in all fields in this window, as follows:
Field
Definition
Name A free-text field that specifies the name of the organization. For example, a hotel branch location like ABC Hotel Los Angeles. Registration Password Specifies the registration password for the organization. Each organization can have a different registration password. You set the value for this password.
Supported special characters in the password: !, #, %, &, ', +, -, ., /, :, <, =, >, ?, @, [, \, ], ^, _, `, {, |, }, ~, and ,
You can display the registration password for an organization by selecting ADMINISTRATION > TOOLS > COMPONENT AUTHENTICATION > DISPLAY.
Note – If third-party software attempts to stop the FortiEDR Collector service, the system prompts for the registration password. This is the same password used when installing the Collector. If an incorrect password is supplied at the prompt, the message Access Denied displays on the Collector device. In this case, the FortiEDR Collector service is not stopped. For more details about the required password to supply in this situation, refer to Component Authentication.
Expiration Date Specifies when this license expires. Notifications are sent to you beforehand. Each organization can have its own expiration date.
Note – If the Default (hoster) organization expiration date is earlier than that for the organization, then the expiration date for the Default (hoster)organization applies. Whenever there is an expiration date conflict, the earlier date always applies.
Vulnerability, IoT Management, and Device Control Check this checkbox for the organization to have access to these features. This option is only available on setups that have purchased a Discover and Protect license or Discover, Protect and Response license.
Note – The various license types in FortiEDR enable access to different FortiEDR features. The Administrator can configure the various organizations in a multi-tenant environment to each have access to different features in the product. For example, Organization A may have access to the Threat Hunting feature and Organization B may not.
Threat Hunting Check this checkbox to provide the organization access to threat hunting. This option is only available on setups with a Discover, Protect and Response or Protect and Response license.
- Repository storage add-ons: Specifies the number of repository add ons, out of the total number of add on purchases, to enable this organization to use.
eXtended Detection
Check this checkbox to give the organization access to this feature. This option is only available on setups that have purchased an eXtended Detection add on. See more details on license types in Configuring the FortiEDR Central Manager Server and Console.
Workstations / Servers / IoT Devices License Capacity Specifies the number of license seats for the organization, meaning the number of Collectors that can be installed in this organization. Before allocating licenses to an organization, you may need to verify the number of available licenses that can be distributed. All currently unallocated licenses are available for allocation to an organization. You cannot enter a number that is greater than the number of licenses available for allocation.
Note – The License Capacity field in the Licenses window shows the total number of license seats for the entire FortiEDR system, which are divided into Workstations, Servers and IoT Devices.
The Default (hoster) organization initially receives the total allocation of licenses. The Administrator is responsible for allocating these licenses among organizations. In a single-organization FortiEDR system, licenses do not need to be allocated between organizations, as there is only one organization.
- Click the Save button. Note that it may take a minute or so to create the organization.
After creating the organization, the organization appears as a new row in the Organization dropdown list.
Note – If a user attempts to use a feature that is not available with their license, a warning message displays. For example, as shown below.
Moving from a Single-organization to Multi-organization Structure in FortiEDR
In a single-organization system, the Default (hoster) organization is the only organization.
To create a multi-organization (multi-tenant) system, an Administrator simply needs to add one or more organizations to a single-organization system. When there are multiple organizations in the system, you can select the organization of interest in the Organization dropdown menu that appears at the top left of the window, as described below.