Fortinet white logo
Fortinet white logo

Administration Guide

Step 2 – Defining or importing an organization

Step 2 – Defining or importing an organization

The ORGANIZATIONS page lists all the organizations defined in the FortiEDR system.

The Default (hoster) organization is predefined in the system. This organization represents the main organization in the system, such as the ABC Hotel chain described before. The Default (hoster) main organization cannot be deleted.

The Default (hoster) organization can be accessed by an Administrator and the Local Administrator that you define for it.

Note

In a single-organization system, the Default (hoster) organization is the only organization. To set up a multi-organization system, see Moving from a single-organization to multi-organization structure in FortiEDR in FortiEDR.

The Organizations window contains the following information:

Field

Definition

Name Specifies the name of the organization.
Workstation Licenses Capacity For the organization, specifies the number of workstation licenses allocated to the organization.
Workstation Licenses in Use Specifies the number of workstation licenses in use (installed).
Servers Licenses Capacity For the organization, specifies the number of servers allocated to the organization.
Servers Licenses in Use Specifies the number of servers in use (installed).
IoT Devices Capacity For the organization, specifies the maximum number of IoT devices that can be detected in the organization.
IoT Devices in Use Specifies the number of IoT devices detected in the organization.
Expiration Date Specifies the expiration date of licenses for the organization.

Click the Edit button in an organization row to edit the properties of that organization.

You can delete an organization as long as it does not have any workstations or servers in use. Click the Delete button in an organization row to delete that organization.

Click the Migrate Organization button in an organization row to migrate that organization. For more details, see Migrating an organization.

To define an organization:
  1. Click the ADMINISTRATION tab and then click ORGANIZATIONS in the left pane. The ORGANIZATIONS page displays.
  2. Click the Add Organization button. The following window displays:

  3. Fill in all fields in this window. All fields are mandatory.

    Field

    Definition

    NameDefine the name of the organization. Supported characters in the organization name: 0123456789:=@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz. Spaces are also allowed. For example, you can specify the organization name of a hotel branch as ABC_Hotel@Los Angeles.

    Serial Number

    Your FortiEDR unique identifier with Fortinet, which can be found at the top of the Administration > Licensing tab.

    Registration Password

    Specifies the registration password for the organization. Each organization can have a different registration password. You set the value for this password.

    Supported special characters in the password: !, #, %, &, ', +, -, ., /, :, <, =, >, ?, @, [, \, ], ^, _, `, {, |, }, ~, and ,

    Note

    You can retrieve or revoke the registration password for an organization under ADMINISTRATION > TOOLS > Component authentication .

    Note

    If third-party software attempts to stop the FortiEDR Collector service, the system prompts for the registration password. This is the same password used when installing the Collector. If an incorrect password is supplied at the prompt, the message Access Denied displays on the Collector device. In this case, the FortiEDR Collector service is not stopped. For more details about the required password to supply in this situation, refer to Component authentication.

    Expiration Date

    Specifies when this license expires. Notifications are sent to you beforehand. Each organization can have its own expiration date.

    Note

    If the Default (hoster) organization expiration date is earlier than that for the organization, then the expiration date for the Default (hoster)organization applies. Whenever there is an expiration date conflict, the earlier date always applies.

    Vulnerability and IoT Management

    Check this checkbox for the organization to have access to these features. This option is only available on setups that have purchased a Discover and Protect license or Discover, Protect and Response license.

    Note

    The various license types in FortiEDR enable access to different FortiEDR features. The Administrator can configure the various organizations in a multi-tenant environment to each have access to different features in the product. For example, Organization A may have access to the Threat Hunting feature and Organization B may not.

    Threat Hunting

    Check this checkbox to provide the organization access to threat hunting. This option is only available on setups that have purchased a Discover, Protect and Response or Protect and Response license.

    • Repository storage add-ons: Specifies the number of repository add ons, out of the total number of add on purchases, to enable this organization to use.

    eXtended Detection

    Check this checkbox to give the organization access to this feature. This option is only available on setups that have purchased an eXtended Detection add on. See more details on license types in Configuring the FortiEDR Central Manager server and console.

    Workstations / Servers / IoT Devices License Capacity

    Specifies the number of license seats for the organization, meaning the number of Collectors that can be installed in this organization. Before allocating licenses to an organization, you may need to verify the number of available licenses that can be distributed. All currently unallocated licenses are available for allocation to an organization. You cannot enter a number that is greater than the number of licenses available for allocation.

    Note

    The License Capacity field in the Licenses window shows the total number of license seats for the entire FortiEDR system, which are divided into Workstations, Servers and IoT Devices.

    The Default (hoster) organization initially receives the total allocation of licenses. The Administrator is responsible for allocating these licenses among organizations. In a single-organization FortiEDR system, licenses do not need to be allocated between organizations, as there is only one organization.

  4. Click the Save button. Note that it may take a minute or so to create the organization.

    After creating the organization, the organization appears as a new row in the Organization dropdown list.

    Note

    If a user attempts to use a feature that is not available with their license, a warning message displays. For example, as shown below.

Moving from a single-organization to multi-organization structure in FortiEDR

In a single-organization system, the Default (hoster) organization is the only organization.

To create a multi-organization (multi-tenant) system, an Administrator simply needs to add one or more organizations to a single-organization system. When there are multiple organizations in the system, you can select the organization of interest in the Organization dropdown menu that appears at the top left of the window, as described below.

Step 2 – Defining or importing an organization

Step 2 – Defining or importing an organization

The ORGANIZATIONS page lists all the organizations defined in the FortiEDR system.

The Default (hoster) organization is predefined in the system. This organization represents the main organization in the system, such as the ABC Hotel chain described before. The Default (hoster) main organization cannot be deleted.

The Default (hoster) organization can be accessed by an Administrator and the Local Administrator that you define for it.

Note

In a single-organization system, the Default (hoster) organization is the only organization. To set up a multi-organization system, see Moving from a single-organization to multi-organization structure in FortiEDR in FortiEDR.

The Organizations window contains the following information:

Field

Definition

Name Specifies the name of the organization.
Workstation Licenses Capacity For the organization, specifies the number of workstation licenses allocated to the organization.
Workstation Licenses in Use Specifies the number of workstation licenses in use (installed).
Servers Licenses Capacity For the organization, specifies the number of servers allocated to the organization.
Servers Licenses in Use Specifies the number of servers in use (installed).
IoT Devices Capacity For the organization, specifies the maximum number of IoT devices that can be detected in the organization.
IoT Devices in Use Specifies the number of IoT devices detected in the organization.
Expiration Date Specifies the expiration date of licenses for the organization.

Click the Edit button in an organization row to edit the properties of that organization.

You can delete an organization as long as it does not have any workstations or servers in use. Click the Delete button in an organization row to delete that organization.

Click the Migrate Organization button in an organization row to migrate that organization. For more details, see Migrating an organization.

To define an organization:
  1. Click the ADMINISTRATION tab and then click ORGANIZATIONS in the left pane. The ORGANIZATIONS page displays.
  2. Click the Add Organization button. The following window displays:

  3. Fill in all fields in this window. All fields are mandatory.

    Field

    Definition

    NameDefine the name of the organization. Supported characters in the organization name: 0123456789:=@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz. Spaces are also allowed. For example, you can specify the organization name of a hotel branch as ABC_Hotel@Los Angeles.

    Serial Number

    Your FortiEDR unique identifier with Fortinet, which can be found at the top of the Administration > Licensing tab.

    Registration Password

    Specifies the registration password for the organization. Each organization can have a different registration password. You set the value for this password.

    Supported special characters in the password: !, #, %, &, ', +, -, ., /, :, <, =, >, ?, @, [, \, ], ^, _, `, {, |, }, ~, and ,

    Note

    You can retrieve or revoke the registration password for an organization under ADMINISTRATION > TOOLS > Component authentication .

    Note

    If third-party software attempts to stop the FortiEDR Collector service, the system prompts for the registration password. This is the same password used when installing the Collector. If an incorrect password is supplied at the prompt, the message Access Denied displays on the Collector device. In this case, the FortiEDR Collector service is not stopped. For more details about the required password to supply in this situation, refer to Component authentication.

    Expiration Date

    Specifies when this license expires. Notifications are sent to you beforehand. Each organization can have its own expiration date.

    Note

    If the Default (hoster) organization expiration date is earlier than that for the organization, then the expiration date for the Default (hoster)organization applies. Whenever there is an expiration date conflict, the earlier date always applies.

    Vulnerability and IoT Management

    Check this checkbox for the organization to have access to these features. This option is only available on setups that have purchased a Discover and Protect license or Discover, Protect and Response license.

    Note

    The various license types in FortiEDR enable access to different FortiEDR features. The Administrator can configure the various organizations in a multi-tenant environment to each have access to different features in the product. For example, Organization A may have access to the Threat Hunting feature and Organization B may not.

    Threat Hunting

    Check this checkbox to provide the organization access to threat hunting. This option is only available on setups that have purchased a Discover, Protect and Response or Protect and Response license.

    • Repository storage add-ons: Specifies the number of repository add ons, out of the total number of add on purchases, to enable this organization to use.

    eXtended Detection

    Check this checkbox to give the organization access to this feature. This option is only available on setups that have purchased an eXtended Detection add on. See more details on license types in Configuring the FortiEDR Central Manager server and console.

    Workstations / Servers / IoT Devices License Capacity

    Specifies the number of license seats for the organization, meaning the number of Collectors that can be installed in this organization. Before allocating licenses to an organization, you may need to verify the number of available licenses that can be distributed. All currently unallocated licenses are available for allocation to an organization. You cannot enter a number that is greater than the number of licenses available for allocation.

    Note

    The License Capacity field in the Licenses window shows the total number of license seats for the entire FortiEDR system, which are divided into Workstations, Servers and IoT Devices.

    The Default (hoster) organization initially receives the total allocation of licenses. The Administrator is responsible for allocating these licenses among organizations. In a single-organization FortiEDR system, licenses do not need to be allocated between organizations, as there is only one organization.

  4. Click the Save button. Note that it may take a minute or so to create the organization.

    After creating the organization, the organization appears as a new row in the Organization dropdown list.

    Note

    If a user attempts to use a feature that is not available with their license, a warning message displays. For example, as shown below.

Moving from a single-organization to multi-organization structure in FortiEDR

In a single-organization system, the Default (hoster) organization is the only organization.

To create a multi-organization (multi-tenant) system, an Administrator simply needs to add one or more organizations to a single-organization system. When there are multiple organizations in the system, you can select the organization of interest in the Organization dropdown menu that appears at the top left of the window, as described below.