What is a multi-organization environment in FortiEDR?
Beginning with 3.0, the FortiEDR system can be set up as a single-organization or multi-organization environment. When set up as a single-organization system, the FortiEDR system and all its operations and infrastructure serve a single tenant, called an organization in the FortiEDR system, and work as described in all the previous chapters of this guide.
Prior to 3.0, the FortiEDR system only supported a single tenant (organization). |
In a multi-organization FortiEDR system, someone with Administrator rights can perform operations and handle data for all organizations in the system. For example, think of a multi-organization environment like a hotel chain, which has a parent company along with hotels in various cities. In this scenario, the ABC Hotel corporate entity represents the main organization, and each ABC Hotel branch location represents a separate, discrete organization. For example, ABC Hotel Los Angeles, ABC Hotel New York, ABC Hotel Boston and so on.
FortiEDR uses organizations to distinguish between tenants in a multi-tenant environment. Each organization uses the same FortiEDR user interface and shares the same FortiEDR database.
Multi-organization and user roles
FortiEDR uses a series of predefined roles to control access to organizational data, as follows:
- Administrator: Highest-level super user that can perform all operations in the FortiEDR Central Manager console for all organizations. This role can access all organizations in the system, and also includes the same privileges as the Local Administrator and User roles.
In a FortiEDR multi-organization system, the system comes with one predefined Administrator user. More than one Administrator role is permitted.
There must always be at least one Administrator in the system.Prior to 3.0, the FortiEDR system only supported a single tenant (organization).
- Local Administrator: Super user that can perform all operations in the FortiEDR Central Manager console for a single organization. This role can only access its own organization’s data, and also includes the same privileges as the User role. More than one Local Administrator role is permitted per organization.
- User: This user is allowed to view all information and to perform actions for its own organization, such as to mark security events as handled, change policies and define exceptions. This user is similar to the Local Administrator. However, this user cannot access the ADMINISTRATION tab, which is described in Administration.